2011-06-27 Joe Wild <joseph.wild@nokia.com>

Reviewed by Simon Fraser. Crash on www.crave.cnet.com in FrameView::windowClipRect() https://bugs.webkit.org/show_bug.cgi?id=56393 Tests that a plugin of a swf file in a hidden iframe will not crash. This test required more than 1 content file and a timeout or else it would not repeat the error condition. This test will only crash on platforms (like Symbian) that don't allow nonvirtual functions to have a null this pointer. * plugins/hidden-iframe-with-swf-plugin-expected.txt: Added. * plugins/hidden-iframe-with-swf-plugin.html: Added. * plugins/resources/iframe-content-with-swf-plugin.html: Added. 2011-06-27 Joe Wild <joseph.wild@nokia.com> Reviewed by Simon Fraser. Crash on www.crave.cnet.com in FrameView::windowClipRect() https://bugs.webkit.org/show_bug.cgi?id=56393 Check for a null renderer to fix a crash. This situation can arise when external content/plugins is referenced from html elements with style="display:none". Test: plugins/hidden-iframe-with-swf-plugin.html * page/FrameView.cpp: (WebCore::FrameView::windowClipRect): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@89876 268f45cc-cd09-0410-ab3c-d52691b4dbfc Signed-off-by: Alexis Menard <alexis.menard@nokia.com>
author: Alexis Menard <alexis.menard@nokia.com> 2011-06-27 23:26:18 +0000
committer: Sergio Ahumada <sergio.ahumada@nokia.com> 2011-06-28 18:59:12 +0200
commit: b45158d6e8b7c1a17f4c4465f1b6d7c852c94665 (patch)
tree: a8c8ed6dac5a19a196e1cf675d6317d14313bd48
parent: c6fabf65a06f76ca38e0d9fdc49ab61067d1a56f (diff)
2 files changed, 19 insertions, 2 deletions
diff --git a/src/3rdparty/webkit/Source/WebCore/ChangeLog b/src/3rdparty/webkit/Source/WebCore/ChangeLog
index c54ef03a0d..86a1d8cce1 100644
--- a/src/3rdparty/webkit/Source/WebCore/ChangeLog
+++ b/src/3rdparty/webkit/Source/WebCore/ChangeLog
@@ -1,3 +1,19 @@
+2011-06-27  Joe Wild  <joseph.wild@nokia.com>
+
+        Reviewed by Simon Fraser.
+
+        Crash on www.crave.cnet.com in FrameView::windowClipRect()
+        https://bugs.webkit.org/show_bug.cgi?id=56393
+
+        Check for a null renderer to fix a crash. This situation can
+        arise when external content/plugins is referenced from html
+        elements with style="display:none".
+
+        Test: plugins/hidden-iframe-with-swf-plugin.html
+
+        * page/FrameView.cpp:
+        (WebCore::FrameView::windowClipRect):
+
 2011-06-15  Jer Noble  <jer.noble@apple.com>
 
         Reviewed by Timothy Hatcher.
diff --git a/src/3rdparty/webkit/Source/WebCore/page/FrameView.cpp b/src/3rdparty/webkit/Source/WebCore/page/FrameView.cpp
index 894c196c85..b7ff00acd9 100644
--- a/src/3rdparty/webkit/Source/WebCore/page/FrameView.cpp
+++ b/src/3rdparty/webkit/Source/WebCore/page/FrameView.cpp
@@ -2075,8 +2075,9 @@ IntRect FrameView::windowClipRect(bool clipToContents) const
 
     // Take our owner element and get the clip rect from the enclosing layer.
     Element* elt = m_frame->ownerElement();
-    RenderLayer* layer = elt->renderer()->enclosingLayer();
-    // FIXME: layer should never be null, but sometimes seems to be anyway.
+    // The renderer can sometimes be null when style="display:none" interacts
+    // with external content and plugins.
+    RenderLayer* layer = elt->renderer() ? elt->renderer()->enclosingLayer() : 0;
     if (!layer)
         return clipRect;
     FrameView* parentView = elt->document()->view();
author	Alexis Menard <alexis.menard@nokia.com>	2011-06-27 23:26:18 +0000
committer	Sergio Ahumada <sergio.ahumada@nokia.com>	2011-06-28 18:59:12 +0200
commit	b45158d6e8b7c1a17f4c4465f1b6d7c852c94665 (patch)
tree	a8c8ed6dac5a19a196e1cf675d6317d14313bd48
parent	c6fabf65a06f76ca38e0d9fdc49ab61067d1a56f (diff)