RESOLVED FIXED 119930
input[type=range]: Fix a crash by changing input type in 'input' event handler 
https://bugs.webkit.org/show_bug.cgi?id=119930
Summary input[type=range]: Fix a crash by changing input type in 'input' event handler
Ryosuke Niwa
Reported Saturday, August 17, 2013 4:28:20 AM UTC
Merge https://chromium.googlesource.com/chromium/blink/+/99afc9b55ce176b4f5fe053070e19dbebc1891a5 In SliderThumbElement::setPositionFromPoint, renderer() can be NULL after HTMLInputElement::setValueFromRenderer, which dispatches 'input' event. Also, make a local vairable 'input' a RefPtr just in case. http://crbug.com/248402 I reproduced the crash in ToT WebKit.
Attachments
Fixes the bug (6.08 KB, patch)
2013-08-19 14:05 PDT, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 Saturday, August 17, 2013 4:28:47 AM UTC
<rdar://problem/14763983>
Ryosuke Niwa
Comment 2 Saturday, August 17, 2013 4:32:19 AM UTC
Merging the patch isn't enough to fix crash/hang in WebKit. We'll need to investigate it further.
Ryosuke Niwa
Comment 3 Monday, August 19, 2013 10:05:44 PM UTC
Created attachment 209119 [details] Fixes the bug
Kent Tamura
Comment 4 Tuesday, August 20, 2013 12:35:10 AM UTC
Comment on attachment 209119 [details] Fixes the bug ok
Ryosuke Niwa
Comment 5 Tuesday, August 20, 2013 12:43:40 AM UTC
Comment on attachment 209119 [details] Fixes the bug Thanks for the review!
WebKit Commit Bot
Comment 6 Tuesday, August 20, 2013 1:01:56 AM UTC
Comment on attachment 209119 [details] Fixes the bug Clearing flags on attachment: 209119 Committed r154308: <http://trac.webkit.org/changeset/154308>
WebKit Commit Bot
Comment 7 Tuesday, August 20, 2013 1:01:58 AM UTC
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.