Bug 27101

Summary:

Possible crashes when mouse clicks not dispatched because range input destroyed while thumb is being dragged (e.g. scrub to end of movie)

Product:

WebKit

Reporter:

Eric Carlson <eric.carlson>

Component:

WebCore Misc.

Assignee:

Eric Carlson <eric.carlson>

Status:

RESOLVED FIXED

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
Proposed patch	adele: review+

Eric Carlson

Reported 2009-07-08 16:05:00 PDT

The videos on http://iphone.akamai.com/ delete the video element when it posts an 'ended' event. If you scrub to the end and the event is fired and the element is deleted while the mouse is down in the controller thumb, mouse clicks stop working on elements in the page and occasionally we crash in vent handling code in the media control elements, with a deleted m_mediaElement. The problem is that the slider thumb "captures" all mouse events from mouseDown to mouseUp so it continue to get mouse events even when the mouse is moved outside of the thumb. This is done by putting EventHandler into a mode where it sends all mouse events to the thumb regardless of the actual mouse position. The mode is set on mouseDown and cleared on mouseUp but if the controller is deleted while in the this mode, the mouseUp is never sent and EventHandler continues to try to send events to the non-existent node.

Attachments
Proposed patch (20.87 KB, patch) 2009-07-08 16:13 PDT, Eric Carlson	adele: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Eric Carlson

Comment 1 2009-07-08 16:13:53 PDT

Created attachment 32485 [details] Proposed patch

Adele Peterson

Comment 2 2009-07-08 21:11:47 PDT

Comment on attachment 32485 [details] Proposed patch looks good!

Eric Carlson

Comment 3 2009-07-09 10:07:01 PDT

http://trac.webkit.org/changeset/45662

Note You need to log in before you can comment on or make changes to this bug.