Bug 29929

Summary: Need to check NULL frame in EventHandler::updateDragAndDrop.
Product: WebKit Reporter: Jian Li <jianli>
Component: WebCore JavaScriptAssignee: Jian Li <jianli>
Status: RESOLVED FIXED    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Proposed Patch darin: review+, jianli: commit-queue-

Jian Li
Reported 2009-09-30 10:02:44 PDT
We need to check NULL frame in EventHandler::updateDragAndDrop. Otherwise, if we drag something to an iframe with invalid source, it might crash.
Attachments
Proposed Patch (4.71 KB, patch)
2009-09-30 10:09 PDT, Jian Li
darin: review+
jianli: commit-queue-
Jian Li
Comment 1 2009-09-30 10:09:18 PDT
Created attachment 40379 [details] Proposed Patch
Darin Adler
Comment 2 2009-09-30 10:10:51 PDT
Comment on attachment 40379 [details] Proposed Patch > - if (newTarget->hasTagName(frameTag) || newTarget->hasTagName(iframeTag)) > - accept = static_cast<HTMLFrameElementBase*>(newTarget)->contentFrame()->eventHandler()->updateDragAndDrop(event, clipboard); > + Frame* frame = (newTarget->hasTagName(frameTag) || newTarget->hasTagName(iframeTag)) > + ? static_cast<HTMLFrameElementBase*>(newTarget)->contentFrame() : 0; We don't line up ? characters like this. In fact, I'm not sure why it's indented the way it is. Just indent four characters as you would anywhere else. r=me
Jian Li
Comment 3 2009-09-30 10:16:41 PDT
(In reply to comment #2) > (From update of attachment 40379 [details]) > > - if (newTarget->hasTagName(frameTag) || newTarget->hasTagName(iframeTag)) > > - accept = static_cast<HTMLFrameElementBase*>(newTarget)->contentFrame()->eventHandler()->updateDragAndDrop(event, clipboard); > > + Frame* frame = (newTarget->hasTagName(frameTag) || newTarget->hasTagName(iframeTag)) > > + ? static_cast<HTMLFrameElementBase*>(newTarget)->contentFrame() : 0; > > We don't line up ? characters like this. In fact, I'm not sure why it's > indented the way it is. Just indent four characters as you would anywhere else. > > r=me I just copied the same code structure from the nearby code. I will fix both occurrences when I land the change. Thanks.
Jian Li
Comment 4 2009-09-30 10:56:20 PDT
Note You need to log in before you can comment on or make changes to this bug.