[SCM] WebKit Debian packaging branch, debian/unstable, updated. debian/1.1.15-1-40151-g37bb677
mjs
mjs at 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Sat Sep 26 07:48:37 UTC 2009
The following commit has been merged in the debian/unstable branch:
commit b2cb11527ca71b33903d0fe23e5184e0050c68b0
Author: mjs <mjs at 268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Jul 25 09:11:17 2003 +0000
Reviewed by Dave.
- fixed 3332460 - nil-deref in khtml::RenderWidget::eventFilter with onchange handler
* khtml/rendering/render_replaced.cpp:
(RenderWidget::eventFilter): We want to ref element() across this call, but it could get
unset, so store it in a local variable.
* kwq/KWQLineEdit.h:
* kwq/KWQLineEdit.mm:
(QLineEdit::~QLineEdit): invalidate our KWQTextField.
* kwq/KWQTextField.h:
* kwq/KWQTextField.mm:
(-[KWQTextField invalidate]): Set widget to NULL.
(-[KWQTextField action:]): Do nothing if widget is NULL.
(-[KWQTextField controlTextDidBeginEditing:]): Likewise.
(-[KWQTextField controlTextDidEndEditing:]): Likewise.
(-[KWQTextField controlTextDidChange:]): Likewise.
(-[KWQTextField control:textShouldBeginEditing:]): Likewise.
(-[KWQTextField control:textShouldEndEditing:]): Likewise.
(-[KWQTextField control:didFailToFormatString:errorDescription:]): Likewise.
(-[KWQTextField control:didFailToValidatePartialString:errorDescription:]): Likewise.
(-[KWQTextField control:isValidObject:]): Likewise.
(-[KWQTextField control:textView:doCommandBySelector:]): Likewise.
(-[KWQTextField stringValue]): Likewise.
(-[KWQTextField setStringValue:]): Likewise.
(-[KWQTextField setFont:]): Likewise.
(-[KWQTextField nextKeyView]): Likewise.
(-[KWQTextField previousKeyView]): Likewise.
(-[KWQTextField nextValidKeyView]): Likewise.
(-[KWQTextField previousValidKeyView]): Likewise.
(-[KWQTextField fieldEditorDidMouseDown:]): Likewise.
(-[KWQTextField textView:shouldHandleEvent:]): Likewise.
(-[KWQTextField textView:didHandleEvent:]): Likewise.
(-[KWQTextField setHasFocus:]): Likewise.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@4708 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog-2003-10-25 b/WebCore/ChangeLog-2003-10-25
index 0669ca7..5102868 100644
--- a/WebCore/ChangeLog-2003-10-25
+++ b/WebCore/ChangeLog-2003-10-25
@@ -1,3 +1,40 @@
+2003-07-25 Maciej Stachowiak <mjs at apple.com>
+
+ Reviewed by Dave.
+
+ - fixed 3332460 - nil-deref in khtml::RenderWidget::eventFilter with onchange handler
+
+ * khtml/rendering/render_replaced.cpp:
+ (RenderWidget::eventFilter): We want to ref element() across this call, but it could get
+ unset, so store it in a local variable.
+ * kwq/KWQLineEdit.h:
+ * kwq/KWQLineEdit.mm:
+ (QLineEdit::~QLineEdit): invalidate our KWQTextField.
+ * kwq/KWQTextField.h:
+ * kwq/KWQTextField.mm:
+ (-[KWQTextField invalidate]): Set widget to NULL.
+ (-[KWQTextField action:]): Do nothing if widget is NULL.
+ (-[KWQTextField controlTextDidBeginEditing:]): Likewise.
+ (-[KWQTextField controlTextDidEndEditing:]): Likewise.
+ (-[KWQTextField controlTextDidChange:]): Likewise.
+ (-[KWQTextField control:textShouldBeginEditing:]): Likewise.
+ (-[KWQTextField control:textShouldEndEditing:]): Likewise.
+ (-[KWQTextField control:didFailToFormatString:errorDescription:]): Likewise.
+ (-[KWQTextField control:didFailToValidatePartialString:errorDescription:]): Likewise.
+ (-[KWQTextField control:isValidObject:]): Likewise.
+ (-[KWQTextField control:textView:doCommandBySelector:]): Likewise.
+ (-[KWQTextField stringValue]): Likewise.
+ (-[KWQTextField setStringValue:]): Likewise.
+ (-[KWQTextField setFont:]): Likewise.
+ (-[KWQTextField nextKeyView]): Likewise.
+ (-[KWQTextField previousKeyView]): Likewise.
+ (-[KWQTextField nextValidKeyView]): Likewise.
+ (-[KWQTextField previousValidKeyView]): Likewise.
+ (-[KWQTextField fieldEditorDidMouseDown:]): Likewise.
+ (-[KWQTextField textView:shouldHandleEvent:]): Likewise.
+ (-[KWQTextField textView:didHandleEvent:]): Likewise.
+ (-[KWQTextField setHasFocus:]): Likewise.
+
2003-07-24 John Sullivan <sullivan at apple.com>
- fixed 3332622 -- Safari Abbreviates Attribute Names in EMBED tags
diff --git a/WebCore/ChangeLog-2005-08-23 b/WebCore/ChangeLog-2005-08-23
index 0669ca7..5102868 100644
--- a/WebCore/ChangeLog-2005-08-23
+++ b/WebCore/ChangeLog-2005-08-23
@@ -1,3 +1,40 @@
+2003-07-25 Maciej Stachowiak <mjs at apple.com>
+
+ Reviewed by Dave.
+
+ - fixed 3332460 - nil-deref in khtml::RenderWidget::eventFilter with onchange handler
+
+ * khtml/rendering/render_replaced.cpp:
+ (RenderWidget::eventFilter): We want to ref element() across this call, but it could get
+ unset, so store it in a local variable.
+ * kwq/KWQLineEdit.h:
+ * kwq/KWQLineEdit.mm:
+ (QLineEdit::~QLineEdit): invalidate our KWQTextField.
+ * kwq/KWQTextField.h:
+ * kwq/KWQTextField.mm:
+ (-[KWQTextField invalidate]): Set widget to NULL.
+ (-[KWQTextField action:]): Do nothing if widget is NULL.
+ (-[KWQTextField controlTextDidBeginEditing:]): Likewise.
+ (-[KWQTextField controlTextDidEndEditing:]): Likewise.
+ (-[KWQTextField controlTextDidChange:]): Likewise.
+ (-[KWQTextField control:textShouldBeginEditing:]): Likewise.
+ (-[KWQTextField control:textShouldEndEditing:]): Likewise.
+ (-[KWQTextField control:didFailToFormatString:errorDescription:]): Likewise.
+ (-[KWQTextField control:didFailToValidatePartialString:errorDescription:]): Likewise.
+ (-[KWQTextField control:isValidObject:]): Likewise.
+ (-[KWQTextField control:textView:doCommandBySelector:]): Likewise.
+ (-[KWQTextField stringValue]): Likewise.
+ (-[KWQTextField setStringValue:]): Likewise.
+ (-[KWQTextField setFont:]): Likewise.
+ (-[KWQTextField nextKeyView]): Likewise.
+ (-[KWQTextField previousKeyView]): Likewise.
+ (-[KWQTextField nextValidKeyView]): Likewise.
+ (-[KWQTextField previousValidKeyView]): Likewise.
+ (-[KWQTextField fieldEditorDidMouseDown:]): Likewise.
+ (-[KWQTextField textView:shouldHandleEvent:]): Likewise.
+ (-[KWQTextField textView:didHandleEvent:]): Likewise.
+ (-[KWQTextField setHasFocus:]): Likewise.
+
2003-07-24 John Sullivan <sullivan at apple.com>
- fixed 3332622 -- Safari Abbreviates Attribute Names in EMBED tags
diff --git a/WebCore/khtml/rendering/render_replaced.cpp b/WebCore/khtml/rendering/render_replaced.cpp
index 37d53e1..f6b477e 100644
--- a/WebCore/khtml/rendering/render_replaced.cpp
+++ b/WebCore/khtml/rendering/render_replaced.cpp
@@ -314,7 +314,8 @@ bool RenderWidget::eventFilter(QObject* /*o*/, QEvent* e)
if ( !element() ) return true;
RenderArena *arena = ref();
- element()->ref();
+ DOM::NodeImpl *elem = element();
+ elem->ref();
bool filtered = false;
@@ -328,9 +329,9 @@ bool RenderWidget::eventFilter(QObject* /*o*/, QEvent* e)
if ( QFocusEvent::reason() != QFocusEvent::Popup )
{
//kdDebug(6000) << "RenderWidget::eventFilter captures FocusOut" << endl;
- element()->dispatchHTMLEvent(EventImpl::BLUR_EVENT,false,false);
-// if ( element()->isEditable() ) {
-// KHTMLPartBrowserExtension *ext = static_cast<KHTMLPartBrowserExtension *>( element()->view->part()->browserExtension() );
+ elem->dispatchHTMLEvent(EventImpl::BLUR_EVENT,false,false);
+// if ( elem->isEditable() ) {
+// KHTMLPartBrowserExtension *ext = static_cast<KHTMLPartBrowserExtension *>( elem->view->part()->browserExtension() );
// if ( ext ) ext->editableWidgetBlurred( m_widget );
// }
handleFocusOut();
@@ -338,9 +339,9 @@ bool RenderWidget::eventFilter(QObject* /*o*/, QEvent* e)
break;
case QEvent::FocusIn:
//kdDebug(6000) << "RenderWidget::eventFilter captures FocusIn" << endl;
- element()->getDocument()->setFocusNode(element());
+ elem->getDocument()->setFocusNode(elem);
// if ( isEditable() ) {
-// KHTMLPartBrowserExtension *ext = static_cast<KHTMLPartBrowserExtension *>( element()->view->part()->browserExtension() );
+// KHTMLPartBrowserExtension *ext = static_cast<KHTMLPartBrowserExtension *>( elem->view->part()->browserExtension() );
// if ( ext ) ext->editableWidgetFocused( m_widget );
// }
break;
@@ -356,20 +357,20 @@ bool RenderWidget::eventFilter(QObject* /*o*/, QEvent* e)
// m_state = _e->state();
// QMouseEvent e2(e->type(),QPoint(absX,absY)+_e->pos(),_e->button(),_e->state());
-// element()->dispatchMouseEvent(&e2,EventImpl::MOUSEUP_EVENT,m_clickCount);
+// elem->dispatchMouseEvent(&e2,EventImpl::MOUSEUP_EVENT,m_clickCount);
// if((m_mousePos - e2.pos()).manhattanLength() <= QApplication::startDragDistance()) {
// // DOM2 Events section 1.6.2 says that a click is if the mouse was pressed
// // and released in the "same screen location"
// // As people usually can't click on the same pixel, we're a bit tolerant here
-// element()->dispatchMouseEvent(&e2,EventImpl::CLICK_EVENT,m_clickCount);
+// elem->dispatchMouseEvent(&e2,EventImpl::CLICK_EVENT,m_clickCount);
// }
// if(!isRenderButton()) {
// // ### DOMActivate is also dispatched for thigs like selects & textareas -
// // not sure if this is correct
-// element()->dispatchUIEvent(EventImpl::DOMACTIVATE_EVENT,m_isDoubleClick ? 2 : 1);
-// element()->dispatchMouseEvent(&e2, m_isDoubleClick ? EventImpl::KHTML_DBLCLICK_EVENT : EventImpl::KHTML_CLICK_EVENT, m_clickCount);
+// elem->dispatchUIEvent(EventImpl::DOMACTIVATE_EVENT,m_isDoubleClick ? 2 : 1);
+// elem->dispatchMouseEvent(&e2, m_isDoubleClick ? EventImpl::KHTML_DBLCLICK_EVENT : EventImpl::KHTML_CLICK_EVENT, m_clickCount);
// m_isDoubleClick = false;
// }
// else
@@ -389,21 +390,21 @@ bool RenderWidget::eventFilter(QObject* /*o*/, QEvent* e)
// absolutePosition(absX,absY);
// QMouseEvent* _e = static_cast<QMouseEvent*>(e);
// QMouseEvent e2(e->type(),QPoint(absX,absY)+_e->pos(),_e->button(),_e->state());
-// element()->dispatchMouseEvent(&e2);
+// elem->dispatchMouseEvent(&e2);
// // ### change cursor like in KHTMLView?
// }
break;
case QEvent::KeyPress:
case QEvent::KeyRelease:
{
- if (!element()->dispatchKeyEvent(static_cast<QKeyEvent*>(e)))
+ if (!elem->dispatchKeyEvent(static_cast<QKeyEvent*>(e)))
filtered = true;
break;
}
default: break;
};
- element()->deref();
+ elem->deref();
// stop processing if the widget gets deleted, but continue in all other cases
if (hasOneRef())
diff --git a/WebCore/kwq/KWQLineEdit.h b/WebCore/kwq/KWQLineEdit.h
index b45eed9..1c40547 100644
--- a/WebCore/kwq/KWQLineEdit.h
+++ b/WebCore/kwq/KWQLineEdit.h
@@ -34,7 +34,7 @@ public:
enum EchoMode { Normal, Password };
QLineEdit();
-
+ ~QLineEdit();
void setAlignment(AlignmentFlags);
void setCursorPosition(int);
diff --git a/WebCore/kwq/KWQLineEdit.mm b/WebCore/kwq/KWQLineEdit.mm
index f722a5c..5ad58fb 100644
--- a/WebCore/kwq/KWQLineEdit.mm
+++ b/WebCore/kwq/KWQLineEdit.mm
@@ -43,6 +43,11 @@ QLineEdit::QLineEdit()
[view release];
}
+QLineEdit::~QLineEdit()
+{
+ [(KWQTextField *)getView() invalidate];
+}
+
void QLineEdit::setEchoMode(EchoMode mode)
{
KWQTextField *textField = (KWQTextField *)getView();
diff --git a/WebCore/kwq/KWQTextField.h b/WebCore/kwq/KWQTextField.h
index 27a63de..dc96d74 100644
--- a/WebCore/kwq/KWQTextField.h
+++ b/WebCore/kwq/KWQTextField.h
@@ -42,13 +42,13 @@ class QLineEdit;
BOOL inDrawingMachinery;
}
-- initWithQLineEdit:(QLineEdit *)widget;
-
-- (void)setPasswordMode:(BOOL)flag;
-- (BOOL)passwordMode;
-- (void)setMaximumLength:(int)len;
-- (int)maximumLength;
-- (void)setEdited:(BOOL)edited;
-- (BOOL)edited;
+-(id)initWithQLineEdit:(QLineEdit *)widget;
+-(void)invalidate;
+-(void)setPasswordMode:(BOOL)flag;
+-(BOOL)passwordMode;
+-(void)setMaximumLength:(int)len;
+-(int)maximumLength;
+-(void)setEdited:(BOOL)edited;
+-(BOOL)edited;
@end
diff --git a/WebCore/kwq/KWQTextField.mm b/WebCore/kwq/KWQTextField.mm
index 4550ef3..a19c99a 100644
--- a/WebCore/kwq/KWQTextField.mm
+++ b/WebCore/kwq/KWQTextField.mm
@@ -87,7 +87,7 @@
[field setAction:@selector(action:)];
}
-- initWithFrame:(NSRect)frame
+-(id)initWithFrame:(NSRect)frame
{
[super initWithFrame:frame];
formatter = [[KWQTextFieldFormatter alloc] init];
@@ -96,14 +96,23 @@
return self;
}
-- initWithQLineEdit:(QLineEdit *)w
+-(id)initWithQLineEdit:(QLineEdit *)w
{
widget = w;
return [self init];
}
+-(void)invalidate
+{
+ widget = NULL;
+}
+
- (void)action:sender
{
+ if (!widget) {
+ return;
+ }
+
widget->returnPressed();
}
@@ -221,22 +230,34 @@
edited = ed;
}
-- (void)controlTextDidBeginEditing:(NSNotification *)notification
+-(void)controlTextDidBeginEditing:(NSNotification *)notification
{
+ if (!widget) {
+ return;
+ }
+
WebCoreBridge *bridge = KWQKHTMLPart::bridgeForWidget(widget);
[bridge controlTextDidBeginEditing:notification];
}
-- (void)controlTextDidEndEditing:(NSNotification *)notification
+-(void)controlTextDidEndEditing:(NSNotification *)notification
{
[self setHasFocus:NO];
+ if (!widget) {
+ return;
+ }
+
WebCoreBridge *bridge = KWQKHTMLPart::bridgeForWidget(widget);
[bridge controlTextDidEndEditing:notification];
}
-- (void)controlTextDidChange:(NSNotification *)notification
+-(void)controlTextDidChange:(NSNotification *)notification
{
+ if (!widget) {
+ return;
+ }
+
WebCoreBridge *bridge = KWQKHTMLPart::bridgeForWidget(widget);
[bridge controlTextDidChange:notification];
@@ -244,43 +265,67 @@
widget->textChanged();
}
-- (BOOL)control:(NSControl *)control textShouldBeginEditing:(NSText *)fieldEditor
+-(BOOL)control:(NSControl *)control textShouldBeginEditing:(NSText *)fieldEditor
{
+ if (!widget) {
+ return NO;
+ }
+
WebCoreBridge *bridge = KWQKHTMLPart::bridgeForWidget(widget);
return [bridge control:control textShouldBeginEditing:fieldEditor];
}
-- (BOOL)control:(NSControl *)control textShouldEndEditing:(NSText *)fieldEditor
+-(BOOL)control:(NSControl *)control textShouldEndEditing:(NSText *)fieldEditor
{
+ if (!widget) {
+ return NO;
+ }
+
WebCoreBridge *bridge = KWQKHTMLPart::bridgeForWidget(widget);
return [bridge control:control textShouldEndEditing:fieldEditor];
}
-- (BOOL)control:(NSControl *)control didFailToFormatString:(NSString *)string errorDescription:(NSString *)error
+-(BOOL)control:(NSControl *)control didFailToFormatString:(NSString *)string errorDescription:(NSString *)error
{
+ if (!widget) {
+ return NO;
+ }
+
WebCoreBridge *bridge = KWQKHTMLPart::bridgeForWidget(widget);
return [bridge control:control didFailToFormatString:string errorDescription:error];
}
-- (void)control:(NSControl *)control didFailToValidatePartialString:(NSString *)string errorDescription:(NSString *)error
+-(void)control:(NSControl *)control didFailToValidatePartialString:(NSString *)string errorDescription:(NSString *)error
{
+ if (!widget) {
+ return;
+ }
+
WebCoreBridge *bridge = KWQKHTMLPart::bridgeForWidget(widget);
[bridge control:control didFailToValidatePartialString:string errorDescription:error];
}
-- (BOOL)control:(NSControl *)control isValidObject:(id)obj
+-(BOOL)control:(NSControl *)control isValidObject:(id)obj
{
+ if (!widget) {
+ return NO;
+ }
+
WebCoreBridge *bridge = KWQKHTMLPart::bridgeForWidget(widget);
return [bridge control:control isValidObject:obj];
}
-- (BOOL)control:(NSControl *)control textView:(NSTextView *)textView doCommandBySelector:(SEL)commandSelector
+-(BOOL)control:(NSControl *)control textView:(NSTextView *)textView doCommandBySelector:(SEL)commandSelector
{
+ if (!widget) {
+ return NO;
+ }
+
WebCoreBridge *bridge = KWQKHTMLPart::bridgeForWidget(widget);
return [bridge control:control textView:textView doCommandBySelector:commandSelector];
}
-- (NSString *)stringValue
+-(NSString *)stringValue
{
if ([secureField superview]) {
return [secureField stringValue];
@@ -288,8 +333,12 @@
return [super stringValue];
}
-- (void)setStringValue:(NSString *)string
+-(void)setStringValue:(NSString *)string
{
+ if (!widget) {
+ return;
+ }
+
int maxLength = [formatter maximumLength];
if ((int)[string length] > maxLength) {
string = [string substringToIndex:maxLength];
@@ -299,27 +348,35 @@
widget->textChanged();
}
-- (void)setFont:(NSFont *)font
+-(void)setFont:(NSFont *)font
{
[secureField setFont:font];
[super setFont:font];
}
-- (NSView *)nextKeyView
+-(NSView *)nextKeyView
{
+ if (!widget) {
+ return [super nextKeyView];
+ }
+
return inNextValidKeyView
? KWQKHTMLPart::nextKeyViewForWidget(widget, KWQSelectingNext)
: [super nextKeyView];
}
-- (NSView *)previousKeyView
+-(NSView *)previousKeyView
{
- return inNextValidKeyView
+ if (!widget) {
+ return [super previousKeyView];
+ }
+
+ return inNextValidKeyView
? KWQKHTMLPart::nextKeyViewForWidget(widget, KWQSelectingPrevious)
: [super previousKeyView];
}
-- (NSView *)nextValidKeyView
+-(NSView *)nextValidKeyView
{
inNextValidKeyView = YES;
NSView *view = [super nextValidKeyView];
@@ -327,7 +384,7 @@
return view;
}
-- (NSView *)previousValidKeyView
+-(NSView *)previousValidKeyView
{
inNextValidKeyView = YES;
NSView *view = [super previousValidKeyView];
@@ -358,6 +415,9 @@
// FIXME: We can remove this once we require AppKit-705 or newer.
- (void)fieldEditorDidMouseDown:(NSEvent *)event
{
+ if (!widget) {
+ return;
+ }
widget->sendConsumedMouseUp();
widget->clicked();
}
@@ -407,6 +467,10 @@
- (BOOL)textView:(NSTextView *)view shouldHandleEvent:(NSEvent *)event
{
+ if (!widget) {
+ return YES;
+ }
+
if ([event type] == NSKeyDown) {
WebCoreBridge *bridge = KWQKHTMLPart::bridgeForWidget(widget);
[bridge interceptKeyEvent:event toView:view];
@@ -418,6 +482,9 @@
- (void)textView:(NSTextView *)view didHandleEvent:(NSEvent *)event
{
+ if (!widget) {
+ return;
+ }
if ([event type] == NSLeftMouseUp) {
widget->sendConsumedMouseUp();
widget->clicked();
@@ -460,6 +527,10 @@
- (void)setHasFocus:(BOOL)nowHasFocus
{
+ if (!widget) {
+ return;
+ }
+
if (nowHasFocus == hasFocus) {
return;
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list