[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677

darin darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:44:38 UTC 2009 

The following commit has been merged in the debian/unstable branch:
commit b093badde73863ac9b614d6f811fe84cf0cf8be0
Author: darin <darin at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Mon Jun 9 22:39:01 2003 +0000

            Reviewed by John.
    
            - first step in fixing 3275675 -- REGRESSION: crash when replacing <div> which contains iframe (at www.kbs.co.kr)
    
            * khtml/rendering/render_object.h: Made m_node protected, so RenderWidget can zero it out.
            * khtml/rendering/render_replaced.cpp: (RenderWidget::detach): Set m_node to 0 here.
            RenderWidget does this strange thing of staying around after the DOM node is gone, but we need
            to get rid of the dangling pointer to the DOM node.
    
            * khtml/rendering/render_frames.cpp:
            (RenderFrame::slotViewCleared): Do nothing if element() is 0, since we are on our way out anyway.
            (RenderPartObject::slotViewCleared): Ditto.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@4506 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/WebCore/ChangeLog-2003-10-25 b/WebCore/ChangeLog-2003-10-25
index f6879d5..608ed85 100644
--- a/WebCore/ChangeLog-2003-10-25
+++ b/WebCore/ChangeLog-2003-10-25
@@ -1,3 +1,18 @@
+2003-06-09  Darin Adler  <darin at apple.com>
+
+        Reviewed by John.
+
+        - first step in fixing 3275675 -- REGRESSION: crash when replacing <div> which contains iframe (at www.kbs.co.kr)
+
+        * khtml/rendering/render_object.h: Made m_node protected, so RenderWidget can zero it out.
+        * khtml/rendering/render_replaced.cpp: (RenderWidget::detach): Set m_node to 0 here.
+        RenderWidget does this strange thing of staying around after the DOM node is gone, but we need
+        to get rid of the dangling pointer to the DOM node.
+
+        * khtml/rendering/render_frames.cpp:
+        (RenderFrame::slotViewCleared): Do nothing if element() is 0, since we are on our way out anyway.
+        (RenderPartObject::slotViewCleared): Ditto.
+
 2003-06-09  John Sullivan  <sullivan at apple.com>
 
 	- fixed 3284312 -- repro nil-deref in 
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index f6879d5..608ed85 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,18 @@
+2003-06-09  Darin Adler  <darin at apple.com>
+
+        Reviewed by John.
+
+        - first step in fixing 3275675 -- REGRESSION: crash when replacing <div> which contains iframe (at www.kbs.co.kr)
+
+        * khtml/rendering/render_object.h: Made m_node protected, so RenderWidget can zero it out.
+        * khtml/rendering/render_replaced.cpp: (RenderWidget::detach): Set m_node to 0 here.
+        RenderWidget does this strange thing of staying around after the DOM node is gone, but we need
+        to get rid of the dangling pointer to the DOM node.
+
+        * khtml/rendering/render_frames.cpp:
+        (RenderFrame::slotViewCleared): Do nothing if element() is 0, since we are on our way out anyway.
+        (RenderPartObject::slotViewCleared): Ditto.
+
 2003-06-09  John Sullivan  <sullivan at apple.com>
 
 	- fixed 3284312 -- repro nil-deref in 
diff --git a/WebCore/khtml/rendering/render_frames.cpp b/WebCore/khtml/rendering/render_frames.cpp
index 9e0fdc8..2180a1d 100644
--- a/WebCore/khtml/rendering/render_frames.cpp
+++ b/WebCore/khtml/rendering/render_frames.cpp
@@ -633,7 +633,7 @@ RenderFrame::RenderFrame( DOM::HTMLFrameElementImpl *frame )
 
 void RenderFrame::slotViewCleared()
 {
-    if(m_widget->inherits("QScrollView")) {
+    if(element() && m_widget->inherits("QScrollView")) {
 #ifdef DEBUG_LAYOUT
         kdDebug(6031) << "frame is a scrollview!" << endl;
 #endif
@@ -964,7 +964,7 @@ void RenderPartObject::layout( )
 
 void RenderPartObject::slotViewCleared()
 {
-  if(m_widget->inherits("QScrollView") ) {
+  if(element() && m_widget->inherits("QScrollView") ) {
 #ifdef DEBUG_LAYOUT
       kdDebug(6031) << "iframe is a scrollview!" << endl;
 #endif
diff --git a/WebCore/khtml/rendering/render_object.h b/WebCore/khtml/rendering/render_object.h
index 815f333..0097f0c 100644
--- a/WebCore/khtml/rendering/render_object.h
+++ b/WebCore/khtml/rendering/render_object.h
@@ -626,7 +626,9 @@ protected:
 
 private:
     RenderStyle* m_style;
+protected:
     DOM::NodeImpl* m_node;
+private:
     RenderObject *m_parent;
     RenderObject *m_previous;
     RenderObject *m_next;
diff --git a/WebCore/khtml/rendering/render_replaced.cpp b/WebCore/khtml/rendering/render_replaced.cpp
index 9126917..37cec5f 100644
--- a/WebCore/khtml/rendering/render_replaced.cpp
+++ b/WebCore/khtml/rendering/render_replaced.cpp
@@ -142,6 +142,8 @@ void RenderWidget::detach(RenderArena* renderArena)
         m_widget->setMouseTracking( false );
     }
     
+    m_node = 0;
+    
     deref(renderArena);
 }
 

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list