summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/3rdparty/webkit/Source/WebCore/ChangeLog16
-rw-r--r--src/3rdparty/webkit/Source/WebCore/page/FrameView.cpp5
2 files changed, 19 insertions, 2 deletions
diff --git a/src/3rdparty/webkit/Source/WebCore/ChangeLog b/src/3rdparty/webkit/Source/WebCore/ChangeLog
index c54ef03..86a1d8c 100644
--- a/src/3rdparty/webkit/Source/WebCore/ChangeLog
+++ b/src/3rdparty/webkit/Source/WebCore/ChangeLog
@@ -1,3 +1,19 @@
+2011-06-27 Joe Wild <joseph.wild@nokia.com>
+
+ Reviewed by Simon Fraser.
+
+ Crash on www.crave.cnet.com in FrameView::windowClipRect()
+ https://bugs.webkit.org/show_bug.cgi?id=56393
+
+ Check for a null renderer to fix a crash. This situation can
+ arise when external content/plugins is referenced from html
+ elements with style="display:none".
+
+ Test: plugins/hidden-iframe-with-swf-plugin.html
+
+ * page/FrameView.cpp:
+ (WebCore::FrameView::windowClipRect):
+
2011-06-15 Jer Noble <jer.noble@apple.com>
Reviewed by Timothy Hatcher.
diff --git a/src/3rdparty/webkit/Source/WebCore/page/FrameView.cpp b/src/3rdparty/webkit/Source/WebCore/page/FrameView.cpp
index 894c196..b7ff00a 100644
--- a/src/3rdparty/webkit/Source/WebCore/page/FrameView.cpp
+++ b/src/3rdparty/webkit/Source/WebCore/page/FrameView.cpp
@@ -2075,8 +2075,9 @@ IntRect FrameView::windowClipRect(bool clipToContents) const
// Take our owner element and get the clip rect from the enclosing layer.
Element* elt = m_frame->ownerElement();
- RenderLayer* layer = elt->renderer()->enclosingLayer();
- // FIXME: layer should never be null, but sometimes seems to be anyway.
+ // The renderer can sometimes be null when style="display:none" interacts
+ // with external content and plugins.
+ RenderLayer* layer = elt->renderer() ? elt->renderer()->enclosingLayer() : 0;
if (!layer)
return clipRect;
FrameView* parentView = elt->document()->view();
generated by cgit v0.12 at 2024-11-28 02:19:11 (GMT)