<https://webkit.org/b/119930> input[type=range]: Fix a crash by changing input type...
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 20 Aug 2013 00:02:56 +0000 (00:02 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 20 Aug 2013 00:02:56 +0000 (00:02 +0000)
commit7c96a9fd5c2c59ca5e7fbfea7c62a9c30c01e286
tree4de0510a2d9e00a1c6f15b7f09432705ffe7e5b4
parent3694af27e74645847ed1e9e59870b98e0014e595
<https://webkit.org/b/119930> input[type=range]: Fix a crash by changing input type in 'input' event handler

Reviewed by Kent Tamura.

Source/WebCore:

Merge https://chromium.googlesource.com/chromium/blink/+/99afc9b55ce176b4f5fe053070e19dbebc1891a5

In SliderThumbElement::setPositionFromPoint, renderer() can be NULL after HTMLInputElement::setValueFromRenderer,
which dispatches 'input' event. Also, make a local vairable 'input' a RefPtr just in case.

Also add null-poinetr checks for the host element as SliderThumbElement only weakly holds onto the host element.

Test: fast/forms/range/range-type-change-oninput.html

* html/shadow/SliderThumbElement.cpp:
(WebCore::SliderThumbElement::isDisabledFormControl):
(WebCore::SliderThumbElement::matchesReadOnlyPseudoClass):
(WebCore::SliderThumbElement::matchesReadWritePseudoClass):
(WebCore::SliderThumbElement::setPositionFromPoint):
(WebCore::SliderThumbElement::hostInput):

LayoutTests:

Add a regresion test from https://chromium.googlesource.com/chromium/blink/+/99afc9b55ce176b4f5fe053070e19dbebc1891a5

* fast/forms/range/range-type-change-oninput-expected.txt: Added.
* fast/forms/range/range-type-change-oninput.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@154308 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/forms/range/range-type-change-oninput-expected.txt [new file with mode: 0644]
LayoutTests/fast/forms/range/range-type-change-oninput.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/html/shadow/SliderThumbElement.cpp