diff options
| author | Steve Block <steveblock@google.com> | 2010-08-06 18:55:10 -0700 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2010-08-06 18:55:10 -0700 |
| commit | 7162fe0e3c5886b6c35f42c5cd9d9e83aa3785cf (patch) | |
| tree | c7b99085f6d17263d43bf649d2f63d7e23f37187 | |
| parent | 71b088a040027130a502f60e6f953c08a194b11e (diff) | |
| parent | 2b6ea0299b0340ff815b7beab6e7491ff5e4d6c0 (diff) | |
| download | external_webkit-7162fe0e3c5886b6c35f42c5cd9d9e83aa3785cf.zip external_webkit-7162fe0e3c5886b6c35f42c5cd9d9e83aa3785cf.tar.gz external_webkit-7162fe0e3c5886b6c35f42c5cd9d9e83aa3785cf.tar.bz2 | |
am 2b6ea029: Cherry-pick WebKit change 60984 to fix an exploitable crash when focus is changed
Merge commit '2b6ea0299b0340ff815b7beab6e7491ff5e4d6c0' into gingerbread
* commit '2b6ea0299b0340ff815b7beab6e7491ff5e4d6c0':
Cherry-pick WebKit change 60984 to fix an exploitable crash when focus is changed
| -rw-r--r-- | WebCore/dom/Element.cpp | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/WebCore/dom/Element.cpp b/WebCore/dom/Element.cpp index 0a1bc75..e12d326 100644 --- a/WebCore/dom/Element.cpp +++ b/WebCore/dom/Element.cpp @@ -1259,8 +1259,12 @@ void Element::focus(bool restorePreviousSelection) return; } - if (Page* page = doc->page()) + RefPtr<Node> protect; + if (Page* page = doc->page()) { + // Focus and change event handlers can cause us to lose our last ref. + protect = this; page->focusController()->setFocusedNode(this, doc->frame()); + } // Setting the focused node above might have invalidated the layout due to scripts. doc->updateLayoutIgnorePendingStylesheets(); |