https://bugs.webkit.org/show_bug.cgi?id=115296
Reviewed by Darin Adler.
Source/WebCore:
Add a missing null pointer check. We should better encapsulate the states in DragState in the long term
but this is good enough for now.
Test: fast/events/mousedown-inside-dragstart-should-not-cause-crash.html
* page/EventHandler.cpp:
(WebCore::EventHandler::handleDrag):
LayoutTests:
Added a regression test. While the bug report involves opening inspector and setting a breakpoint,
a simpler reduction that uses eventSender significantly reduces the complexity.
* fast/events/mousedown-inside-dragstart-should-not-cause-crash-expected.txt: Added.
* fast/events/mousedown-inside-dragstart-should-not-cause-crash.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@149254
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2013-04-27 Ryosuke Niwa <rniwa@webkit.org>
+
+ Pressing mouse button inside a dragstart event causes a crash
+ https://bugs.webkit.org/show_bug.cgi?id=115296
+
+ Reviewed by Darin Adler.
+
+ Added a regression test. While the bug report involves opening inspector and setting a breakpoint,
+ a simpler reduction that uses eventSender significantly reduces the complexity.
+
+ * fast/events/mousedown-inside-dragstart-should-not-cause-crash-expected.txt: Added.
+ * fast/events/mousedown-inside-dragstart-should-not-cause-crash.html: Added.
+
2013-04-25 Geoffrey Garen <ggaren@apple.com>
Cleaned up pre/post inc/dec in bytecode
--- /dev/null
+This tests pressing a mouse button down inside a dragstart event.
+This happens when a user sets a breakpoint of a dragstart event handler in Inspector, and clicks somewhere on the page while the script is paused at the breakpoint. WebKit should not crash.
+
+PASS - mouse up and down inside a dragstart did not crash WebKit
--- /dev/null
+<!DOCTYPE html>
+<html>
+<body>
+<p id="description">
+This tests pressing a mouse button down inside a dragstart event.<br>
+This happens when a user sets a breakpoint of a dragstart event handler in Inspector,
+and clicks somewhere on the page while the script is paused at the breakpoint. WebKit should not crash.
+</p>
+<div id="container"><span id="target" draggable="true" ondragstart="onDragStart()">drag me</span></div>
+<script>
+
+if (!window.testRunner || !window.eventSender)
+ document.body.innerHTML = 'This test requires eventSender';
+else {
+ testRunner.dumpAsText();
+
+ var target = document.getElementById('target');
+ var called = false;
+
+ function onDragStart() {
+ called = true;
+ eventSender.mouseUp();
+ eventSender.mouseDown();
+ }
+
+ eventSender.mouseMoveTo(target.offsetLeft + target.offsetWidth / 2, target.offsetTop + target.offsetHeight / 2);
+ eventSender.mouseDown();
+ eventSender.leapForward(100);
+ eventSender.mouseMoveTo(500, 500);
+ eventSender.mouseUp();
+
+ document.getElementById('container').textContent = called ? 'PASS - mouse up and down inside a dragstart did not crash WebKit'
+ : 'FAIL - dragstart was never fired.';
+}
+
+</script>
+</body>
+</html>
+2013-04-27 Ryosuke Niwa <rniwa@webkit.org>
+
+ Pressing mouse button inside a dragstart event causes a crash
+ https://bugs.webkit.org/show_bug.cgi?id=115296
+
+ Reviewed by Darin Adler.
+
+ Add a missing null pointer check. We should better encapsulate the states in DragState in the long term
+ but this is good enough for now.
+
+ Test: fast/events/mousedown-inside-dragstart-should-not-cause-crash.html
+
+ * page/EventHandler.cpp:
+ (WebCore::EventHandler::handleDrag):
+
2013-04-27 Gyuyoung Kim <gyuyoung.kim@samsung.com>
Unreviewed build fix when disabling video and video-track.
m_mouseDownMayStartDrag = false;
return true;
}
- if (dragState().shouldDispatchEvents()) {
+ if (dragState().m_dragSrc && dragState().shouldDispatchEvents()) {
// Drag was canned at the last minute - we owe m_dragSrc a DRAGEND event
dispatchDragSrcEvent(eventNames().dragendEvent, event.event());
m_mouseDownMayStartDrag = false;