[webkit-changes] cvs commit: WebCore/kwq KWQListBox.mm

Tim tomernic at opensource.apple.com
Fri Nov 11 15:35:18 PST 2005 

tomernic    05/11/11 15:35:17

  Modified:    .        ChangeLog
               kwq      KWQListBox.mm
  Log:
          Reviewed by Geoff.
  
  	<rdar://problem/4202650> crash in QWidget::afterMouseDown selecting "Departure box"; http://www.funjet.com/ (works in Firefox)
  
  	This crash was caused by a script which replaced the QWidget for a RenderSelect while the user was clicking on that widget.
  	RenderSelect has the interesting property that it dynamically recreates its QWidget based on how many items there are and
  	whether the select is "multiple".  Any script which caused a change to those attributes in mouseDown could have triggered
  	this crash.
  
  	The problem was simply that of a stale pointer; KWQTableView and KWQListBoxScrollView both kept a pointer to the associated
  	QListBox, but only KWQTableView had any logic to clear the pointer when the QListBox was deallocated.  Instead of adding
  	similar functionality to KWQTableViewListBox (this duplicating code), I removed KWQTableViewListBox's "_box" pointer and
  	changed its -widget method to get the widget via the KWQTableView.
  
          * kwq/KWQListBox.mm:
          (QListBox::QListBox):
          (-[KWQListBoxScrollView widget]):
  	Instead of keeping a pointer to the QListBox, get the QListBox from the KWQTableView, which is always this
  	view's documentView.
  	(-[KWQListBoxScrollView initWithListBox:]):
  	Removed this method, since we can get at the QListBox by simply asking the KWQTableView for it.
  
  Revision  Changes    Path
  1.356     +24 -0     WebCore/ChangeLog
  
  Index: ChangeLog
  ===================================================================
  RCS file: /cvs/root/WebCore/ChangeLog,v
  retrieving revision 1.355
  retrieving revision 1.356
  diff -u -r1.355 -r1.356
  --- ChangeLog	11 Nov 2005 17:44:26 -0000	1.355
  +++ ChangeLog	11 Nov 2005 23:35:12 -0000	1.356
  @@ -1,3 +1,27 @@
  +2005-11-11  Tim Omernick  <timo at apple.com>
  +
  +        Reviewed by Geoff.
  +	
  +	<rdar://problem/4202650> crash in QWidget::afterMouseDown selecting "Departure box"; http://www.funjet.com/ (works in Firefox)
  +	
  +	This crash was caused by a script which replaced the QWidget for a RenderSelect while the user was clicking on that widget.
  +	RenderSelect has the interesting property that it dynamically recreates its QWidget based on how many items there are and
  +	whether the select is "multiple".  Any script which caused a change to those attributes in mouseDown could have triggered
  +	this crash.
  +	
  +	The problem was simply that of a stale pointer; KWQTableView and KWQListBoxScrollView both kept a pointer to the associated
  +	QListBox, but only KWQTableView had any logic to clear the pointer when the QListBox was deallocated.  Instead of adding
  +	similar functionality to KWQTableViewListBox (thus duplicating code), I removed KWQTableViewListBox's "_box" pointer and
  +	changed its -widget method to get the widget via the KWQTableView.
  +
  +        * kwq/KWQListBox.mm:
  +        (QListBox::QListBox):
  +        (-[KWQListBoxScrollView widget]):
  +	Instead of keeping a pointer to the QListBox, get the QListBox from the KWQTableView, which is always this
  +	view's documentView.
  +	(-[KWQListBoxScrollView initWithListBox:]):
  +	Removed this method, since we can get at the QListBox by simply asking the KWQTableView for it.
  +	
   2005-11-11  Beth Dakin  <bdakin at apple.com>
   
           Reviewed by Hyatt.
  
  
  
  1.66      +6 -12     WebCore/kwq/KWQListBox.mm
  
  Index: KWQListBox.mm
  ===================================================================
  RCS file: /cvs/root/WebCore/kwq/KWQListBox.mm,v
  retrieving revision 1.65
  retrieving revision 1.66
  diff -u -r1.65 -r1.66
  --- KWQListBox.mm	9 Nov 2005 23:05:09 -0000	1.65
  +++ KWQListBox.mm	11 Nov 2005 23:35:17 -0000	1.66
  @@ -51,7 +51,6 @@
   
   @interface KWQListBoxScrollView : WebCoreScrollView <KWQWidgetHolder>
   {
  -    QListBox *_box;
   }
   @end
   
  @@ -140,7 +139,7 @@
   {
       KWQ_BLOCK_EXCEPTIONS;
   
  -    NSScrollView *scrollView = [[KWQListBoxScrollView alloc] initWithListBox:this];
  +    NSScrollView *scrollView = [[KWQListBoxScrollView alloc] initWithFrame:NSZeroRect];
       setView(scrollView);
       [scrollView release];
       
  @@ -380,18 +379,13 @@
   
   @implementation KWQListBoxScrollView
   
  -- (id)initWithListBox:(QListBox *)b
  -{
  -    if (!(self = [super init]))
  -        return nil;
  -
  -    _box = b;
  -    return self;
  -}
  -
   - (QWidget *)widget
   {
  -    return _box;
  +    KWQTableView *tableView = [self documentView];
  +    
  +    assert([tableView isKindOfClass:[KWQTableView class]]);
  +    
  +    return [tableView widget];
   }
   
   - (void)setFrameSize:(NSSize)size

More information about the webkit-changes mailing list