Fix crash due to search field disappearing when showing results menu
authorwenson_hsieh@apple.com <wenson_hsieh@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 25 Aug 2015 18:00:02 +0000 (18:00 +0000)
committerwenson_hsieh@apple.com <wenson_hsieh@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 25 Aug 2015 18:00:02 +0000 (18:00 +0000)
https://bugs.webkit.org/show_bug.cgi?id=148410
<rdar://problem/22399850>

Reviewed by Brent Fulgham.

When clicking on the results button of a search field that hides upon being focused, WebKit will crash because we
attempt to toggle the results menu using the search field's renderer which is null. This is addressed by adding a null
check to make sure the search field has not been hidden before toggling the menu.

Test: fast/forms/search/search-results-hidden-crash.html

* html/shadow/TextControlInnerElements.cpp:
(WebCore::SearchFieldResultsButtonElement::defaultEventHandler): Add a null check for the search field's renderer.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@188918 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/TestExpectations
LayoutTests/fast/forms/search/search-results-hidden-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/forms/search/search-results-hidden-crash.html [new file with mode: 0644]
LayoutTests/platform/mac/TestExpectations
Source/WebCore/ChangeLog
Source/WebCore/html/shadow/TextControlInnerElements.cpp

index 571688f..67f201b 100644 (file)
@@ -18,6 +18,7 @@ fast/forms/attributed-strings.html [ Skip ]
 fast/scrolling/latching [ Skip ]
 
 fast/forms/search/search-padding-cancel-results-buttons.html [ Skip ]
+fast/forms/search/search-results-hidden-crash.html [ Skip ]
 
 #//////////////////////////////////////////////////////////////////////////////////////////
 # End platform-specific tests.
diff --git a/LayoutTests/fast/forms/search/search-results-hidden-crash-expected.txt b/LayoutTests/fast/forms/search/search-results-hidden-crash-expected.txt
new file mode 100644 (file)
index 0000000..b5bb0f6
--- /dev/null
@@ -0,0 +1 @@
+We did not crash!
diff --git a/LayoutTests/fast/forms/search/search-results-hidden-crash.html b/LayoutTests/fast/forms/search/search-results-hidden-crash.html
new file mode 100644 (file)
index 0000000..11edb3f
--- /dev/null
@@ -0,0 +1,32 @@
+<html>
+
+<head>
+    <script>
+    function hideSearchField() {
+        var search = document.getElementsByTagName("input")[0];
+        search.style.display = "none";
+    }
+
+    function setup() {
+        if (window.testRunner) {
+            testRunner.dumpAsText();
+            window.eventSender.mouseMoveTo(10, 10);
+            window.eventSender.mouseDown();
+            window.eventSender.mouseUp();
+        }
+    }
+    </script>
+
+    <style>
+    body, input {
+        margin: 0;
+    }
+    </style>
+</head>
+
+<body onload="setup()">
+    <input onfocus="hideSearchField()" type="search" results="5"></input>
+    <p>We did not crash!</p>
+</body>
+
+</html>
index 9269e0f..920479b 100644 (file)
@@ -11,6 +11,7 @@ editing/mac [ Pass ]
 fast/scrolling/latching [ Pass ]
 
 fast/forms/search/search-padding-cancel-results-buttons.html [ Pass ]
+fast/forms/search/search-results-hidden-crash.html [ Pass ]
 
 #//////////////////////////////////////////////////////////////////////////////////////////
 # End platform-specific directories.
index 97b03a8..804a152 100644 (file)
@@ -1,3 +1,20 @@
+2015-08-25  Wenson Hsieh  <wenson_hsieh@apple.com>
+
+        Fix crash due to search field disappearing when showing results menu
+        https://bugs.webkit.org/show_bug.cgi?id=148410
+        <rdar://problem/22399850>
+
+        Reviewed by Brent Fulgham.
+
+        When clicking on the results button of a search field that hides upon being focused, WebKit will crash because we
+        attempt to toggle the results menu using the search field's renderer which is null. This is addressed by adding a null
+        check to make sure the search field has not been hidden before toggling the menu.
+
+        Test: fast/forms/search/search-results-hidden-crash.html
+
+        * html/shadow/TextControlInnerElements.cpp:
+        (WebCore::SearchFieldResultsButtonElement::defaultEventHandler): Add a null check for the search field's renderer.
+
 2015-08-25  Chris Dumez  <cdumez@apple.com>
 
         compareDocumentPosition() should report PRECEDING or FOLLOWING information even if nodes are disconnected
index 6e0d426..9916b8e 100644 (file)
@@ -147,11 +147,13 @@ void SearchFieldResultsButtonElement::defaultEventHandler(Event* event)
         input->focus();
         input->select();
 #if !PLATFORM(IOS)
-        RenderSearchField& renderer = downcast<RenderSearchField>(*input->renderer());
-        if (renderer.popupIsVisible())
-            renderer.hidePopup();
-        else if (input->maxResults() > 0)
-            renderer.showPopup();
+        if (RenderObject* renderer = input->renderer()) {
+            RenderSearchField& searchFieldRenderer = downcast<RenderSearchField>(*renderer);
+            if (searchFieldRenderer.popupIsVisible())
+                searchFieldRenderer.hidePopup();
+            else if (input->maxResults() > 0)
+                searchFieldRenderer.showPopup();
+        }
 #endif
         event->setDefaultHandled();
     }