Title: [186433] releases/WebKitGTK/webkit-2.8
- Revision
- 186433
- Author
- [email protected]
- Date
- 2015-07-07 03:22:13 -0700 (Tue, 07 Jul 2015)
Log Message
Merge r185955 - Do not send touch events to the slider's thumb when it does not have a renderer.
https://bugs.webkit.org/show_bug.cgi?id=146307
rdar://problem/21539399
Reviewed by Simon Fraser.
Bail out early if either the touch target or the renderer() is null.
Source/WebCore:
Test: fast/events/touch/input-range-with-thumb-display-none-crash.html
* html/shadow/SliderThumbElement.cpp:
(WebCore::findTouchWithIdentifier):
(WebCore::SliderThumbElement::handleTouchStart):
(WebCore::SliderThumbElement::handleTouchMove):
(WebCore::SliderThumbElement::handleTouchEndAndCancel):
LayoutTests:
* fast/events/touch/input-range-with-thumb-display-none-crash-expected.txt: Added.
* fast/events/touch/input-range-with-thumb-display-none-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: releases/WebKitGTK/webkit-2.8/LayoutTests/ChangeLog (186432 => 186433)
--- releases/WebKitGTK/webkit-2.8/LayoutTests/ChangeLog 2015-07-07 10:20:30 UTC (rev 186432)
+++ releases/WebKitGTK/webkit-2.8/LayoutTests/ChangeLog 2015-07-07 10:22:13 UTC (rev 186433)
@@ -1,3 +1,16 @@
+2015-06-25 Zalan Bujtas <[email protected]>
+
+ Do not send touch events to the slider's thumb when it does not have a renderer.
+ https://bugs.webkit.org/show_bug.cgi?id=146307
+ rdar://problem/21539399
+
+ Reviewed by Simon Fraser.
+
+ Bail out early if either the touch target or the renderer() is null.
+
+ * fast/events/touch/input-range-with-thumb-display-none-crash-expected.txt: Added.
+ * fast/events/touch/input-range-with-thumb-display-none-crash.html: Added.
+
2015-06-22 Zalan Bujtas <[email protected]>
REGRESSION(r169105) Dangling renderer pointer in SelectionSubtreeRoot::SelectionSubtreeData.
Added: releases/WebKitGTK/webkit-2.8/LayoutTests/platform/ios-simulator/ios/touch/input-range-with-thumb-display-none-crash-expected.txt (0 => 186433)
--- releases/WebKitGTK/webkit-2.8/LayoutTests/platform/ios-simulator/ios/touch/input-range-with-thumb-display-none-crash-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.8/LayoutTests/platform/ios-simulator/ios/touch/input-range-with-thumb-display-none-crash-expected.txt 2015-07-07 10:22:13 UTC (rev 186433)
@@ -0,0 +1 @@
+Pass if no crash.
Added: releases/WebKitGTK/webkit-2.8/LayoutTests/platform/ios-simulator/ios/touch/input-range-with-thumb-display-none-crash.html (0 => 186433)
--- releases/WebKitGTK/webkit-2.8/LayoutTests/platform/ios-simulator/ios/touch/input-range-with-thumb-display-none-crash.html (rev 0)
+++ releases/WebKitGTK/webkit-2.8/LayoutTests/platform/ios-simulator/ios/touch/input-range-with-thumb-display-none-crash.html 2015-07-07 10:22:13 UTC (rev 186433)
@@ -0,0 +1,35 @@
+<!DOCTYPE html>
+<html>
+<head>
+<title>This tests that touch events are handled correctly when the range's thumb is display:none</title>
+<script>
+ if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+<style>
+ input[type=range] {
+ -webkit-appearance: none;
+ }
+
+ input[type=range]::-webkit-slider-runnable-track {
+ height: 5px;
+ background: red;
+ }
+
+ input[type="range"]::-webkit-slider-thumb {
+ -webkit-appearance: none;
+ display: none;
+ }
+</style>
+</head>
+<body>
+ Pass if no crash.
+ <input type="range" id="range" min="0" max="300" step="5" value="0">
+</body>
+<script>
+ var event = document.createEvent('TouchEvent');
+ event.initUIEvent('touchstart', true, true);
+ event.view = window;
+ document.getElementById("range").dispatchEvent(event);
+</script>
+</html>
Modified: releases/WebKitGTK/webkit-2.8/Source/WebCore/ChangeLog (186432 => 186433)
--- releases/WebKitGTK/webkit-2.8/Source/WebCore/ChangeLog 2015-07-07 10:20:30 UTC (rev 186432)
+++ releases/WebKitGTK/webkit-2.8/Source/WebCore/ChangeLog 2015-07-07 10:22:13 UTC (rev 186433)
@@ -1,3 +1,21 @@
+2015-06-25 Zalan Bujtas <[email protected]>
+
+ Do not send touch events to the slider's thumb when it does not have a renderer.
+ https://bugs.webkit.org/show_bug.cgi?id=146307
+ rdar://problem/21539399
+
+ Reviewed by Simon Fraser.
+
+ Bail out early if either the touch target or the renderer() is null.
+
+ Test: fast/events/touch/input-range-with-thumb-display-none-crash.html
+
+ * html/shadow/SliderThumbElement.cpp:
+ (WebCore::findTouchWithIdentifier):
+ (WebCore::SliderThumbElement::handleTouchStart):
+ (WebCore::SliderThumbElement::handleTouchMove):
+ (WebCore::SliderThumbElement::handleTouchEndAndCancel):
+
2015-06-25 Carlos Garcia Campos <[email protected]>
[GTK] Empty gtk-font-name setting causes WebProcess crash rendering pages
Modified: releases/WebKitGTK/webkit-2.8/Source/WebCore/html/shadow/SliderThumbElement.cpp (186432 => 186433)
--- releases/WebKitGTK/webkit-2.8/Source/WebCore/html/shadow/SliderThumbElement.cpp 2015-07-07 10:20:30 UTC (rev 186432)
+++ releases/WebKitGTK/webkit-2.8/Source/WebCore/html/shadow/SliderThumbElement.cpp 2015-07-07 10:22:13 UTC (rev 186433)
@@ -418,11 +418,11 @@
m_exclusiveTouchIdentifier = NoIdentifier;
}
-static Touch* findTouchWithIdentifier(TouchList* list, unsigned identifier)
+static Touch* findTouchWithIdentifier(TouchList& list, unsigned identifier)
{
- unsigned length = list->length();
+ unsigned length = list.length();
for (unsigned i = 0; i < length; ++i) {
- Touch* touch = list->item(i);
+ Touch* touch = list.item(i);
if (touch->identifier() == identifier)
return touch;
}
@@ -432,12 +432,17 @@
void SliderThumbElement::handleTouchStart(TouchEvent* touchEvent)
{
TouchList* targetTouches = touchEvent->targetTouches();
+ if (!targetTouches)
+ return;
+
if (targetTouches->length() != 1)
return;
- // Ignore the touch if it is not really inside the thumb.
Touch* touch = targetTouches->item(0);
+ if (!renderer())
+ return;
IntRect boundingBox = renderer()->absoluteBoundingBoxRect();
+ // Ignore the touch if it is not really inside the thumb.
if (!boundingBox.contains(touch->pageX(), touch->pageY()))
return;
@@ -453,7 +458,11 @@
if (identifier == NoIdentifier)
return;
- Touch* touch = findTouchWithIdentifier(touchEvent->targetTouches(), identifier);
+ TouchList* targetTouches = touchEvent->targetTouches();
+ if (!targetTouches)
+ return;
+
+ Touch* touch = findTouchWithIdentifier(*targetTouches, identifier);
if (!touch)
return;
@@ -468,9 +477,12 @@
if (identifier == NoIdentifier)
return;
+ TouchList* targetTouches = touchEvent->targetTouches();
+ if (!targetTouches)
+ return;
// If our exclusive touch still exists, it was not the touch
// that ended, so we should not stop dragging.
- Touch* exclusiveTouch = findTouchWithIdentifier(touchEvent->targetTouches(), identifier);
+ Touch* exclusiveTouch = findTouchWithIdentifier(*targetTouches, identifier);
if (exclusiveTouch)
return;
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
