Fix http://bugzilla.opendarwin.org/show_bug.cgi?id=8272
Use of window.open & window.close can cause crash
* platform/PlatformMouseEvent.h:
(WebCore::PlatformMouseEvent::PlatformMouseEvent):
* platform/mac/PlatformMouseEventMac.mm:
(WebCore::PlatformMouseEvent::PlatformMouseEvent):
The default constructor now creates a "zero" event, and a new one was added to create the "current" one.
* bridge/mac/FrameMac.mm:
(WebCore::FrameMac::handleMouseMoveEvent):
* rendering/RenderFormElement.cpp:
(WebCore::RenderFormElement::clicked):
Updated for the above changes.
* platform/gdk/MouseEventGdk.cpp:
* platform/gdk/TemporaryLinkStubs.cpp:
(PlatformMouseEvent::PlatformMouseEvent):
* platform/win/MouseEventWin.cpp:
* platform/win/TemporaryLinkStubs.cpp:
(PlatformMouseEvent::PlatformMouseEvent):
Trying not to break other platforms.
* manual-tests/invalid-mouse-event.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@15544
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2006-07-19 Alexey Proskuryakov <ap@nypop.com>
+
+ Reviewed by Darin.
+
+ Fix http://bugzilla.opendarwin.org/show_bug.cgi?id=8272
+ Use of window.open & window.close can cause crash
+
+ * platform/PlatformMouseEvent.h:
+ (WebCore::PlatformMouseEvent::PlatformMouseEvent):
+ * platform/mac/PlatformMouseEventMac.mm:
+ (WebCore::PlatformMouseEvent::PlatformMouseEvent):
+ The default constructor now creates a "zero" event, and a new one was added to create the "current" one.
+
+ * bridge/mac/FrameMac.mm:
+ (WebCore::FrameMac::handleMouseMoveEvent):
+ * rendering/RenderFormElement.cpp:
+ (WebCore::RenderFormElement::clicked):
+ Updated for the above changes.
+
+ * platform/gdk/MouseEventGdk.cpp:
+ * platform/gdk/TemporaryLinkStubs.cpp:
+ (PlatformMouseEvent::PlatformMouseEvent):
+ * platform/win/MouseEventWin.cpp:
+ * platform/win/TemporaryLinkStubs.cpp:
+ (PlatformMouseEvent::PlatformMouseEvent):
+ Trying not to break other platforms.
+
+ * manual-tests/invalid-mouse-event.html: Added.
+
2006-07-20 Maciej Stachowiak <mjs@apple.com>
Reviewed by Anders.
BOOL startedDrag = [_bridge startDraggingImage:dragImage at:dragLoc operation:srcOp event:_currentEvent sourceIsDHTML:_dragSrcIsDHTML DHTMLWroteData:wcWrotePasteboard];
if (!startedDrag && _dragSrcMayBeDHTML) {
// WebKit canned the drag at the last minute - we owe _dragSrc a DRAGEND event
- PlatformMouseEvent event;
+ PlatformMouseEvent event(PlatformMouseEvent::currentEvent);
dispatchDragSrcEvent(dragendEvent, event);
_mouseDownMayStartDrag = false;
}
--- /dev/null
+<p>Test for <a href="http://bugzilla.opendarwin.org/show_bug.cgi?id=8272">bug 8272</a>:
+Use of window.open & window.close can cause crash.</p>
+<ol>
+ <li>(Get a dual processor Mac.)</li>
+ <li>Disable popup blocking in Safari.</li>
+ <li>Click the Start button.</li>
+ <li>As the test runs, move the mouse around.</li>
+ <li>If Safari doesn't crash in a while, interrupt the test by pressing Cmd+W.</li>
+</ol>
+
+<button onclick="window.open('invalid-mouse-event.html?2', '', '');">Start</button>
+
+<script>
+
+if (location.search) {
+ if (location.search == "?1") {
+ window.opener.location = window.opener.location;
+ window.close();
+ } else {
+ window.open('invalid-mouse-event.html?1', '', '');
+ }
+}
+</script>
class PlatformMouseEvent {
public:
- PlatformMouseEvent(); // "current event"
+ static const struct CurrentEventTag {} currentEvent;
+
+ PlatformMouseEvent()
+ : m_button(LeftButton)
+ , m_clickCount(0)
+ , m_shiftKey(false)
+ , m_ctrlKey(false)
+ , m_altKey(false)
+ , m_metaKey(false)
+ {
+ }
+
+ PlatformMouseEvent(const CurrentEventTag&);
+
PlatformMouseEvent(const IntPoint& pos, const IntPoint& globalPos, MouseButton button,
int clickCount, bool shift, bool ctrl, bool alt, bool meta)
: m_position(pos), m_globalPosition(globalPos), m_button(button)
namespace WebCore {
+const PlatformMouseEvent::CurrentEventTag PlatformMouseEvent::currentEvent = {};
+
// FIXME: Would be even better to figure out which modifier is Alt instead of always using GDK_MOD1_MASK.
PlatformMouseEvent::PlatformMouseEvent(GdkEvent* event)
Cursor::Cursor(Image*) { notImplemented(); }
-PlatformMouseEvent::PlatformMouseEvent() { notImplemented(); }
+PlatformMouseEvent::PlatformMouseEvent(const CurrentEventTag&) { notImplemented(); }
String WebCore::searchableIndexIntroduction() { notImplemented(); return String(); }
int WebCore::findNextSentenceFromIndex(UChar const*, int, int, bool) { notImplemented(); return 0; }
namespace WebCore {
+const PlatformMouseEvent::CurrentEventTag PlatformMouseEvent::currentEvent = {};
+
static MouseButton mouseButtonForEvent(NSEvent *event)
{
switch ([event type]) {
{
}
-PlatformMouseEvent::PlatformMouseEvent()
+PlatformMouseEvent::PlatformMouseEvent(const CurrentEventTag&)
: m_button(LeftButton), m_clickCount(0), m_shiftKey(false), m_ctrlKey(false), m_altKey(false), m_metaKey(false)
{
NSEvent* event = [NSApp currentEvent];
namespace WebCore {
+const PlatformMouseEvent::CurrentEventTag PlatformMouseEvent::currentEvent = {};
+
#define HIGH_BIT_MASK_SHORT 0x8000
static IntPoint positionForEvent(HWND hWnd, LPARAM lParam)
Cursor::Cursor(Image*) { notImplemented(); }
-PlatformMouseEvent::PlatformMouseEvent() { notImplemented(); }
+PlatformMouseEvent::PlatformMouseEvent(const CurrentEventTag&) { notImplemented(); }
String WebCore::searchableIndexIntroduction() { notImplemented(); return String(); }
int WebCore::findNextSentenceFromIndex(UChar const*,int,int,bool) { notImplemented(); return 0; }
void RenderFormElement::clicked(Widget*)
{
RenderArena* arena = ref();
- PlatformMouseEvent event; // gets "current event"
+ PlatformMouseEvent event(PlatformMouseEvent::currentEvent);
if (node())
static_cast<EventTargetNode*>(node())->dispatchMouseEvent(event, clickEvent, event.clickCount());
deref(arena);
git://git.webkit.org / WebKit-https.git / commitdiff