From b45158d6e8b7c1a17f4c4465f1b6d7c852c94665 Mon Sep 17 00:00:00 2001 From: Alexis Menard Date: Mon, 27 Jun 2011 23:26:18 +0000 Subject: 2011-06-27 Joe Wild Reviewed by Simon Fraser. Crash on www.crave.cnet.com in FrameView::windowClipRect() https://bugs.webkit.org/show_bug.cgi?id=56393 Tests that a plugin of a swf file in a hidden iframe will not crash. This test required more than 1 content file and a timeout or else it would not repeat the error condition. This test will only crash on platforms (like Symbian) that don't allow nonvirtual functions to have a null this pointer. * plugins/hidden-iframe-with-swf-plugin-expected.txt: Added. * plugins/hidden-iframe-with-swf-plugin.html: Added. * plugins/resources/iframe-content-with-swf-plugin.html: Added. 2011-06-27 Joe Wild Reviewed by Simon Fraser. Crash on www.crave.cnet.com in FrameView::windowClipRect() https://bugs.webkit.org/show_bug.cgi?id=56393 Check for a null renderer to fix a crash. This situation can arise when external content/plugins is referenced from html elements with style="display:none". Test: plugins/hidden-iframe-with-swf-plugin.html * page/FrameView.cpp: (WebCore::FrameView::windowClipRect): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@89876 268f45cc-cd09-0410-ab3c-d52691b4dbfc Signed-off-by: Alexis Menard --- src/3rdparty/webkit/Source/WebCore/ChangeLog | 16 ++++++++++++++++ src/3rdparty/webkit/Source/WebCore/page/FrameView.cpp | 5 +++-- 2 files changed, 19 insertions(+), 2 deletions(-) diff --git a/src/3rdparty/webkit/Source/WebCore/ChangeLog b/src/3rdparty/webkit/Source/WebCore/ChangeLog index c54ef03..86a1d8c 100644 --- a/src/3rdparty/webkit/Source/WebCore/ChangeLog +++ b/src/3rdparty/webkit/Source/WebCore/ChangeLog @@ -1,3 +1,19 @@ +2011-06-27 Joe Wild + + Reviewed by Simon Fraser. + + Crash on www.crave.cnet.com in FrameView::windowClipRect() + https://bugs.webkit.org/show_bug.cgi?id=56393 + + Check for a null renderer to fix a crash. This situation can + arise when external content/plugins is referenced from html + elements with style="display:none". + + Test: plugins/hidden-iframe-with-swf-plugin.html + + * page/FrameView.cpp: + (WebCore::FrameView::windowClipRect): + 2011-06-15 Jer Noble Reviewed by Timothy Hatcher. diff --git a/src/3rdparty/webkit/Source/WebCore/page/FrameView.cpp b/src/3rdparty/webkit/Source/WebCore/page/FrameView.cpp index 894c196..b7ff00a 100644 --- a/src/3rdparty/webkit/Source/WebCore/page/FrameView.cpp +++ b/src/3rdparty/webkit/Source/WebCore/page/FrameView.cpp @@ -2075,8 +2075,9 @@ IntRect FrameView::windowClipRect(bool clipToContents) const // Take our owner element and get the clip rect from the enclosing layer. Element* elt = m_frame->ownerElement(); - RenderLayer* layer = elt->renderer()->enclosingLayer(); - // FIXME: layer should never be null, but sometimes seems to be anyway. + // The renderer can sometimes be null when style="display:none" interacts + // with external content and plugins. + RenderLayer* layer = elt->renderer() ? elt->renderer()->enclosingLayer() : 0; if (!layer) return clipRect; FrameView* parentView = elt->document()->view(); -- cgit v0.12