Accept and bailout NULL widgets in ChromiumBridge
Created attachment 50102 [details] Patch
This a fix for http://code.google.com/p/chromium/issues/detail?id=36945
Comment on attachment 50102 [details] Patch > diff --git a/WebKit/chromium/ChangeLog b/WebKit/chromium/ChangeLog > index 93a474b..f2de64e 100644 > --- a/WebKit/chromium/ChangeLog > +++ b/WebKit/chromium/ChangeLog > @@ -1,3 +1,22 @@ > +2010-03-05 Anton Muhin <antonm@chromium.org> > + > + Reviewed by NOBODY (OOPS!). > + > + Accept and bailout NULL widgets in ChromiumBridge > + https://bugs.webkit.org/show_bug.cgi?id=35796 > + > + * src/ChromiumBridge.cpp: > + (WebCore::toChromeClientImpl): > + > +2010-03-05 anton muhin <antonm@google.com> > + > + Reviewed by NOBODY (OOPS!). > + > + Need a short description and bug URL (OOPS!) > + > + * src/ChromiumBridge.cpp: > + (WebCore::toChromeClientImpl): ^^^ duplicate changelog entries? also, please create a layout test for this.
Created attachment 50304 [details] Patch
(In reply to comment #3) > (From update of attachment 50102 [details]) > > diff --git a/WebKit/chromium/ChangeLog b/WebKit/chromium/ChangeLog > > index 93a474b..f2de64e 100644 > > --- a/WebKit/chromium/ChangeLog > > +++ b/WebKit/chromium/ChangeLog > > @@ -1,3 +1,22 @@ > > +2010-03-05 Anton Muhin <antonm@chromium.org> > > + > > + Reviewed by NOBODY (OOPS!). > > + > > + Accept and bailout NULL widgets in ChromiumBridge > > + https://bugs.webkit.org/show_bug.cgi?id=35796 > > + > > + * src/ChromiumBridge.cpp: > > + (WebCore::toChromeClientImpl): > > + > > +2010-03-05 anton muhin <antonm@google.com> > > + > > + Reviewed by NOBODY (OOPS!). > > + > > + Need a short description and bug URL (OOPS!) > > + > > + * src/ChromiumBridge.cpp: > > + (WebCore::toChromeClientImpl): > > ^^^ duplicate changelog entries? > > also, please create a layout test for this. Darin, sorry for duplicate entry---removed. And layout test added. May you have another look?
Created attachment 50307 [details] Patch
Comment on attachment 50307 [details] Patch > +++ b/LayoutTests/fast/frames/iframe-access-screen-of-deleted.html > @@ -0,0 +1,36 @@ > +<html> > +<head> > + <script> > + function accessAttributes(s) { > + var value = 0; > + value = s.height; > + value = s.width; > + value = s.colorDepth; > + value = s.pixelDepth; > + value = s.availLeft; > + value = s.availTop; > + value = s.availHeight; > + value = s.availWidth; > + } > + > + function runTests() { > + if (window.layoutTestController) > + layoutTestController.dumpAsText(); > + > + var f = document.getElementById('theframe'); > + var s = f.contentWindow.screen; > + accessAttributes(s); > + > + // Now remove and check that we don't crash. > + f.parentNode.removeChild(f); > + accessAttributes(s); > + } > + </script> > +</head> > +<iframe id="theframe" src="resources/red.html"></iframe> > +<body onload="runTests()"> > +<div> > +This tests that accessing screen attributes doesn't crash even if containing form is removed from the parent. nit: "form" -> "frame"
Created attachment 50312 [details] Patch
(In reply to comment #7) > (From update of attachment 50307 [details]) > > +++ b/LayoutTests/fast/frames/iframe-access-screen-of-deleted.html > > @@ -0,0 +1,36 @@ > > +<html> > > +<head> > > + <script> > > + function accessAttributes(s) { > > + var value = 0; > > + value = s.height; > > + value = s.width; > > + value = s.colorDepth; > > + value = s.pixelDepth; > > + value = s.availLeft; > > + value = s.availTop; > > + value = s.availHeight; > > + value = s.availWidth; > > + } > > + > > + function runTests() { > > + if (window.layoutTestController) > > + layoutTestController.dumpAsText(); > > + > > + var f = document.getElementById('theframe'); > > + var s = f.contentWindow.screen; > > + accessAttributes(s); > > + > > + // Now remove and check that we don't crash. > > + f.parentNode.removeChild(f); > > + accessAttributes(s); > > + } > > + </script> > > +</head> > > +<iframe id="theframe" src="resources/red.html"></iframe> > > +<body onload="runTests()"> > > +<div> > > +This tests that accessing screen attributes doesn't crash even if containing form is removed from the parent. > > nit: "form" -> "frame" Fixed. Thanks a lot, Darin. Could you r+ the last patch as well?
Landed by Darin: http://trac.webkit.org/changeset/55748