From 31cb263089e5cf8b1f90ab4d01a61ad4e39acacd Mon Sep 17 00:00:00 2001
From: "darin@chromium.org"
 <darin@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu, 26 Feb 2009 19:32:49 +0000
Subject: [PATCH] 2009-02-16  Anantanarayanan Iyengar  <ananta@chromium.org>

        Reviewed by Darin Fisher.

        https://bugs.webkit.org/show_bug.cgi?id=23973
        ScrollView::scrollContents can be invoked during view shutdown.  In
        this scenario the FrameView::hostWindow method can return NULL, which
        indicates that the frame/page is being destroyed. This causes a crash
        when we try to dereference a NULL hostWindow pointer.  Fix is to add a
        NULL check for this.

        * platform/ScrollView.cpp:
        (WebCore::ScrollView::scrollContents):



git-svn-id: https://svn.webkit.org/repository/webkit/trunk@41260 268f45cc-cd09-0410-ab3c-d52691b4dbfc
---
 WebCore/ChangeLog               | 14 ++++++++++++++
 WebCore/platform/ScrollView.cpp |  3 +++
 2 files changed, 17 insertions(+)

diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index f3c7c42a2fc2..e2fdce3aac79 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,17 @@
+2009-02-16  Anantanarayanan Iyengar  <ananta@chromium.org>
+
+        Reviewed by Darin Fisher.
+
+        https://bugs.webkit.org/show_bug.cgi?id=23973
+        ScrollView::scrollContents can be invoked during view shutdown.  In
+        this scenario the FrameView::hostWindow method can return NULL, which
+        indicates that the frame/page is being destroyed. This causes a crash
+        when we try to dereference a NULL hostWindow pointer.  Fix is to add a
+        NULL check for this.  
+
+        * platform/ScrollView.cpp:
+        (WebCore::ScrollView::scrollContents):
+
 2009-02-26  Rahul Kuchhal  <kuchhal@chromium.org>
 
         Reviewed by Dave Hyatt.
diff --git a/WebCore/platform/ScrollView.cpp b/WebCore/platform/ScrollView.cpp
index 98c3b486c6e9..f5d246536b94 100644
--- a/WebCore/platform/ScrollView.cpp
+++ b/WebCore/platform/ScrollView.cpp
@@ -436,6 +436,9 @@ const int panIconSizeLength = 20;
 
 void ScrollView::scrollContents(const IntSize& scrollDelta)
 {
+    if (!hostWindow())
+        return;
+
     // Since scrolling is double buffered, we will be blitting the scroll view's intersection
     // with the clip rect every time to keep it smooth.
     IntRect clipRect = windowClipRect();
-- 
2.36.0