diff options
| author | Alexis Menard <alexis.menard@nokia.com> | 2011-06-27 23:26:18 (GMT) |
|---|---|---|
| committer | Sergio Ahumada <sergio.ahumada@nokia.com> | 2011-06-28 16:59:12 (GMT) |
| commit | b45158d6e8b7c1a17f4c4465f1b6d7c852c94665 (patch) | |
| tree | a8c8ed6dac5a19a196e1cf675d6317d14313bd48 | |
| parent | c6fabf65a06f76ca38e0d9fdc49ab61067d1a56f (diff) | |
| download | Qt-b45158d6e8b7c1a17f4c4465f1b6d7c852c94665.zip Qt-b45158d6e8b7c1a17f4c4465f1b6d7c852c94665.tar.gz Qt-b45158d6e8b7c1a17f4c4465f1b6d7c852c94665.tar.bz2 | |
2011-06-27 Joe Wild <joseph.wild@nokia.com>
Reviewed by Simon Fraser.
Crash on www.crave.cnet.com in FrameView::windowClipRect()
https://bugs.webkit.org/show_bug.cgi?id=56393
Tests that a plugin of a swf file in a hidden iframe will not
crash. This test required more than 1 content file and a
timeout or else it would not repeat the error condition.
This test will only crash on platforms (like Symbian) that
don't allow nonvirtual functions to have a null this pointer.
* plugins/hidden-iframe-with-swf-plugin-expected.txt: Added.
* plugins/hidden-iframe-with-swf-plugin.html: Added.
* plugins/resources/iframe-content-with-swf-plugin.html: Added.
2011-06-27 Joe Wild <joseph.wild@nokia.com>
Reviewed by Simon Fraser.
Crash on www.crave.cnet.com in FrameView::windowClipRect()
https://bugs.webkit.org/show_bug.cgi?id=56393
Check for a null renderer to fix a crash. This situation can
arise when external content/plugins is referenced from html
elements with style="display:none".
Test: plugins/hidden-iframe-with-swf-plugin.html
* page/FrameView.cpp:
(WebCore::FrameView::windowClipRect):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@89876 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Signed-off-by: Alexis Menard <alexis.menard@nokia.com>
| -rw-r--r-- | src/3rdparty/webkit/Source/WebCore/ChangeLog | 16 | ||||
| -rw-r--r-- | src/3rdparty/webkit/Source/WebCore/page/FrameView.cpp | 5 |
2 files changed, 19 insertions, 2 deletions
diff --git a/src/3rdparty/webkit/Source/WebCore/ChangeLog b/src/3rdparty/webkit/Source/WebCore/ChangeLog index c54ef03..86a1d8c 100644 --- a/src/3rdparty/webkit/Source/WebCore/ChangeLog +++ b/src/3rdparty/webkit/Source/WebCore/ChangeLog @@ -1,3 +1,19 @@ +2011-06-27 Joe Wild <joseph.wild@nokia.com> + + Reviewed by Simon Fraser. + + Crash on www.crave.cnet.com in FrameView::windowClipRect() + https://bugs.webkit.org/show_bug.cgi?id=56393 + + Check for a null renderer to fix a crash. This situation can + arise when external content/plugins is referenced from html + elements with style="display:none". + + Test: plugins/hidden-iframe-with-swf-plugin.html + + * page/FrameView.cpp: + (WebCore::FrameView::windowClipRect): + 2011-06-15 Jer Noble <jer.noble@apple.com> Reviewed by Timothy Hatcher. diff --git a/src/3rdparty/webkit/Source/WebCore/page/FrameView.cpp b/src/3rdparty/webkit/Source/WebCore/page/FrameView.cpp index 894c196..b7ff00a 100644 --- a/src/3rdparty/webkit/Source/WebCore/page/FrameView.cpp +++ b/src/3rdparty/webkit/Source/WebCore/page/FrameView.cpp @@ -2075,8 +2075,9 @@ IntRect FrameView::windowClipRect(bool clipToContents) const // Take our owner element and get the clip rect from the enclosing layer. Element* elt = m_frame->ownerElement(); - RenderLayer* layer = elt->renderer()->enclosingLayer(); - // FIXME: layer should never be null, but sometimes seems to be anyway. + // The renderer can sometimes be null when style="display:none" interacts + // with external content and plugins. + RenderLayer* layer = elt->renderer() ? elt->renderer()->enclosingLayer() : 0; if (!layer) return clipRect; FrameView* parentView = elt->document()->view(); |