Bug 119930

Summary: input[type=range]: Fix a crash by changing input type in 'input' event handler
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: FormsAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, commit-queue, darin, tkent, webkit-bug-importer
Priority: P2 Keywords: BlinkMergeCandidate, InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Fixes the bug none

Ryosuke Niwa
Reported 2013-08-16 20:28:20 PDT
Merge https://chromium.googlesource.com/chromium/blink/+/99afc9b55ce176b4f5fe053070e19dbebc1891a5 In SliderThumbElement::setPositionFromPoint, renderer() can be NULL after HTMLInputElement::setValueFromRenderer, which dispatches 'input' event. Also, make a local vairable 'input' a RefPtr just in case. http://crbug.com/248402 I reproduced the crash in ToT WebKit.
Attachments
Fixes the bug (6.08 KB, patch)
2013-08-19 14:05 PDT, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2013-08-16 20:28:47 PDT
<rdar://problem/14763983>
Ryosuke Niwa
Comment 2 2013-08-16 20:32:19 PDT
Merging the patch isn't enough to fix crash/hang in WebKit. We'll need to investigate it further.
Ryosuke Niwa
Comment 3 2013-08-19 14:05:44 PDT
Created attachment 209119 [details] Fixes the bug
Kent Tamura
Comment 4 2013-08-19 16:35:10 PDT
Comment on attachment 209119 [details] Fixes the bug ok
Ryosuke Niwa
Comment 5 2013-08-19 16:43:40 PDT
Comment on attachment 209119 [details] Fixes the bug Thanks for the review!
WebKit Commit Bot
Comment 6 2013-08-19 17:01:56 PDT
Comment on attachment 209119 [details] Fixes the bug Clearing flags on attachment: 209119 Committed r154308: <http://trac.webkit.org/changeset/154308>
WebKit Commit Bot
Comment 7 2013-08-19 17:01:58 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.