50730 – Spatial Navigation: Crash when handling iframe of size 0.

Bug 50730 - Spatial Navigation: Crash when handling iframe of size 0.

Summary: Spatial Navigation: Crash when handling iframe of size 0.

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Accessibility (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC OS X 10.5

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:	46905
	Show dependency tree / graph

Reported:	2010-12-08 19:32 PST by Yael
Modified:	2010-12-13 12:25 PST (History)
CC List:	3 users (show)

See Also:

Attachments
Patch. (4.89 KB, patch) 2010-12-08 19:39 PST, Yael	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Yael 2010-12-08 19:32:19 PST

While adding more new tests I noticed that if we have a frame of size 0, we would get into infinite loop and eventually crash.
The reason is that when the algorithm sees a starting rect of size 0, it assumes that there is no focused node, thus restarts itself.

Comment 1 Yael 2010-12-08 19:39:33 PST

Created attachment 76005 [details]
Patch.

Comment 2 Antonio Gomes 2010-12-09 07:33:44 PST

Comment on attachment 76005 [details]
Patch.

View in context: https://bugs.webkit.org/attachment.cgi?id=76005&action=review

> WebCore/page/FocusController.cpp:422
>      // Ignore iframes that don't have a src attribute

Please also update comment.

Comment 3 WebKit Commit Bot 2010-12-09 08:26:13 PST

Comment on attachment 76005 [details]
Patch.

Rejecting patch 76005 from commit-queue.

Failed to run "['./WebKitTools/Scripts/webkit-patch', '--status-host=queues.webkit.org', '--bot-id=eseidel-cq-sl', 'build', '--no-clean', '--no-update', '--build-style=both']" exit_code: 1
ERROR: Working directory has local commits, pass --force-clean to continue.

Full output: http://queues.webkit.org/results/6948010

Comment 4 WebKit Commit Bot 2010-12-09 11:37:00 PST

Comment on attachment 76005 [details]
Patch.

Clearing flags on attachment: 76005

Committed r73634: <http://trac.webkit.org/changeset/73634>

Comment 5 WebKit Commit Bot 2010-12-09 11:37:06 PST

All reviewed patches have been landed.  Closing bug.

Comment 6 Ademar Reis 2010-12-13 11:14:30 PST

I can't just cherry-pick it to qtwebkit-2.1 because of changes from bug 47142.

I'll fix the conflict as below. Yael/Antonio, could you please confirm it's OK?

-    if (candidate.node->isFrameOwnerElement() && !static_cast<HTMLFrameOwnerElement*>(candidate.node)->contentFrame())
+    if (candidate.node->isFrameOwnerElement() && (!static_cast<HTMLFrameOwnerElement*>(candidate.node)->contentFrame() || candidate.rect.isEmpty()))

Comment 7 Yael 2010-12-13 12:01:14 PST

(In reply to comment #6)
> I can't just cherry-pick it to qtwebkit-2.1 because of changes from bug 47142.
> 
> I'll fix the conflict as below. Yael/Antonio, could you please confirm it's OK?
> 
> -    if (candidate.node->isFrameOwnerElement() && !static_cast<HTMLFrameOwnerElement*>(candidate.node)->contentFrame())
> +    if (candidate.node->isFrameOwnerElement() && (!static_cast<HTMLFrameOwnerElement*>(candidate.node)->contentFrame() || candidate.rect.isEmpty()))

Looks good to me. thanks!

Comment 8 Ademar Reis 2010-12-13 12:24:53 PST

Revision r73634 cherry-picked into qtwebkit-2.1 with commit 7bebc59 <http://gitorious.org/webkit/qtwebkit/commit/7bebc59>