<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[177898] releases/WebKitGTK/webkit-2.4</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/177898">177898</a></dd>
<dt>Author</dt> <dd>carlosgc@webkit.org</dd>
<dt>Date</dt> <dd>2015-01-05 02:05:06 -0800 (Mon, 05 Jan 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/167805">r167805</a> - Web process is crashed during dispatching touchEvent created by JS.
https://bugs.webkit.org/show_bug.cgi?id=113225
Patch by Miyoung Shin <myid.shin@samsung.com> on 2014-04-25
Reviewed by Benjamin Poulain.
TouchEvent created by JS should have the necessary attributes
of touches, targetTouches and changedTouches.
It should be verified weather there are touchLists before dispatching touch event.
Source/WebCore:
Test: fast/events/touch/create-touch-event-without-touchList.html
* dom/EventDispatcher.cpp:
(WebCore::EventDispatcher::dispatchEvent):
(WebCore::EventPath::updateTouchLists):
(WebCore::addRelatedNodeResolversForTouchList): Deleted.
LayoutTests:
* fast/events/touch/create-touch-event-without-touchList-expected.txt: Added.
* fast/events/touch/create-touch-event-without-touchList.html: Added.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit24LayoutTestsChangeLog">releases/WebKitGTK/webkit-2.4/LayoutTests/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit24SourceWebCoreChangeLog">releases/WebKitGTK/webkit-2.4/Source/WebCore/ChangeLog</a></li>
<li><a href="#releasesWebKitGTKwebkit24SourceWebCoredomEventDispatchercpp">releases/WebKitGTK/webkit-2.4/Source/WebCore/dom/EventDispatcher.cpp</a></li>
</ul>
<h3>Added Paths</h3>
<ul>
<li><a href="#releasesWebKitGTKwebkit24LayoutTestsfasteventstouchcreatetoucheventwithouttouchListexpectedtxt">releases/WebKitGTK/webkit-2.4/LayoutTests/fast/events/touch/create-touch-event-without-touchList-expected.txt</a></li>
<li><a href="#releasesWebKitGTKwebkit24LayoutTestsfasteventstouchcreatetoucheventwithouttouchListhtml">releases/WebKitGTK/webkit-2.4/LayoutTests/fast/events/touch/create-touch-event-without-touchList.html</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="releasesWebKitGTKwebkit24LayoutTestsChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.4/LayoutTests/ChangeLog (177897 => 177898)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.4/LayoutTests/ChangeLog 2015-01-05 09:25:45 UTC (rev 177897)
+++ releases/WebKitGTK/webkit-2.4/LayoutTests/ChangeLog 2015-01-05 10:05:06 UTC (rev 177898)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2014-04-25 Miyoung Shin <myid.shin@samsung.com>
+
+ Web process is crashed during dispatching touchEvent created by JS.
+ https://bugs.webkit.org/show_bug.cgi?id=113225
+
+ Reviewed by Benjamin Poulain.
+
+ TouchEvent created by JS should have the necessary attributes
+ of touches, targetTouches and changedTouches.
+ It should be verified weather there are touchLists before dispatching touch event.
+
+ * fast/events/touch/create-touch-event-without-touchList-expected.txt: Added.
+ * fast/events/touch/create-touch-event-without-touchList.html: Added.
+
</ins><span class="cx"> 2014-07-08 Jeffrey Pfau <jpfau@apple.com>
</span><span class="cx">
</span><span class="cx"> Fix flaky loading tests
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit24LayoutTestsfasteventstouchcreatetoucheventwithouttouchListexpectedtxt"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.4/LayoutTests/fast/events/touch/create-touch-event-without-touchList-expected.txt (0 => 177898)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.4/LayoutTests/fast/events/touch/create-touch-event-without-touchList-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.4/LayoutTests/fast/events/touch/create-touch-event-without-touchList-expected.txt 2015-01-05 10:05:06 UTC (rev 177898)
</span><span class="lines">@@ -0,0 +1,3 @@
</span><ins>+Should not crash when trying to dispath touchEvent without touchList properties
+
+PASSED
</ins></span></pre></div>
<a id="releasesWebKitGTKwebkit24LayoutTestsfasteventstouchcreatetoucheventwithouttouchListhtml"></a>
<div class="addfile"><h4>Added: releases/WebKitGTK/webkit-2.4/LayoutTests/fast/events/touch/create-touch-event-without-touchList.html (0 => 177898)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.4/LayoutTests/fast/events/touch/create-touch-event-without-touchList.html (rev 0)
+++ releases/WebKitGTK/webkit-2.4/LayoutTests/fast/events/touch/create-touch-event-without-touchList.html 2015-01-05 10:05:06 UTC (rev 177898)
</span><span class="lines">@@ -0,0 +1,27 @@
</span><ins>+<html>
+<script>
+ function runTest() {
+ if (window.testRunner)
+ testRunner.dumpAsText();
+
+ var name = 'touchstart';
+ var handler = function(){
+ document.removeEventListener(name, handler, true);
+ };
+
+ try {
+ document.addEventListener(name, handler, true);
+ var event = document.createEvent('TouchEvent');
+ event.initTouchEvent(name);
+ document.dispatchEvent(event);
+ }
+ catch(e){ }
+
+ document.getElementById("console").innerHTML = "PASSED";
+}
+</script>
+<body onload="runTest()">
+<p>Should not crash when trying to dispath touchEvent without touchList properties</p>
+<div id="console"></div>
+</body>
+</html>
</ins><span class="cx">\ No newline at end of file
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit24SourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.4/Source/WebCore/ChangeLog (177897 => 177898)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.4/Source/WebCore/ChangeLog 2015-01-05 09:25:45 UTC (rev 177897)
+++ releases/WebKitGTK/webkit-2.4/Source/WebCore/ChangeLog 2015-01-05 10:05:06 UTC (rev 177898)
</span><span class="lines">@@ -1,3 +1,21 @@
</span><ins>+2014-04-25 Miyoung Shin <myid.shin@samsung.com>
+
+ Web process is crashed during dispatching touchEvent created by JS.
+ https://bugs.webkit.org/show_bug.cgi?id=113225
+
+ Reviewed by Benjamin Poulain.
+
+ TouchEvent created by JS should have the necessary attributes
+ of touches, targetTouches and changedTouches.
+ It should be verified weather there are touchLists before dispatching touch event.
+
+ Test: fast/events/touch/create-touch-event-without-touchList.html
+
+ * dom/EventDispatcher.cpp:
+ (WebCore::EventDispatcher::dispatchEvent):
+ (WebCore::EventPath::updateTouchLists):
+ (WebCore::addRelatedNodeResolversForTouchList): Deleted.
+
</ins><span class="cx"> 2014-07-08 Jeffrey Pfau <jpfau@apple.com>
</span><span class="cx">
</span><span class="cx"> Fix flaky loading tests
</span></span></pre></div>
<a id="releasesWebKitGTKwebkit24SourceWebCoredomEventDispatchercpp"></a>
<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.4/Source/WebCore/dom/EventDispatcher.cpp (177897 => 177898)</h4>
<pre class="diff"><span>
<span class="info">--- releases/WebKitGTK/webkit-2.4/Source/WebCore/dom/EventDispatcher.cpp 2015-01-05 09:25:45 UTC (rev 177897)
+++ releases/WebKitGTK/webkit-2.4/Source/WebCore/dom/EventDispatcher.cpp 2015-01-05 10:05:06 UTC (rev 177898)
</span><span class="lines">@@ -91,7 +91,7 @@
</span><span class="cx"> EventContext& contextAt(size_t i) { return *m_path[i]; }
</span><span class="cx">
</span><span class="cx"> #if ENABLE(TOUCH_EVENTS)
</span><del>- void updateTouchLists(const TouchEvent&);
</del><ins>+ bool updateTouchLists(const TouchEvent&);
</ins><span class="cx"> #endif
</span><span class="cx"> void setRelatedTarget(EventTarget&);
</span><span class="cx">
</span><span class="lines">@@ -312,8 +312,10 @@
</span><span class="cx"> if (EventTarget* relatedTarget = event->relatedTarget())
</span><span class="cx"> eventPath.setRelatedTarget(*relatedTarget);
</span><span class="cx"> #if ENABLE(TOUCH_EVENTS) && !PLATFORM(IOS)
</span><del>- if (event->isTouchEvent())
- eventPath.updateTouchLists(*toTouchEvent(event.get()));
</del><ins>+ if (event->isTouchEvent()) {
+ if (!eventPath.updateTouchLists(*toTouchEvent(event.get())))
+ return true;
+ }
</ins><span class="cx"> #endif
</span><span class="cx">
</span><span class="cx"> ChildNodesLazySnapshot::takeChildNodesLazySnapshot();
</span><span class="lines">@@ -432,8 +434,11 @@
</span><span class="cx"> touchTargetResolvers.append(EventRelatedNodeResolver(*touchList->item(i), type));
</span><span class="cx"> }
</span><span class="cx">
</span><del>-void EventPath::updateTouchLists(const TouchEvent& touchEvent)
</del><ins>+bool EventPath::updateTouchLists(const TouchEvent& touchEvent)
</ins><span class="cx"> {
</span><ins>+ if (!touchEvent.touches() || !touchEvent.targetTouches() || !touchEvent.changedTouches())
+ return false;
+
</ins><span class="cx"> Vector<EventRelatedNodeResolver, 16> touchTargetResolvers;
</span><span class="cx"> const size_t touchNodeCount = touchEvent.touches()->length() + touchEvent.targetTouches()->length() + touchEvent.changedTouches()->length();
</span><span class="cx"> touchTargetResolvers.reserveInitialCapacity(touchNodeCount);
</span><span class="lines">@@ -454,6 +459,7 @@
</span><span class="cx"> context.touchList(currentResolver.touchListType())->append(currentResolver.touch()->cloneWithNewTarget(nodeInCurrentTreeScope));
</span><span class="cx"> }
</span><span class="cx"> }
</span><ins>+ return true;
</ins><span class="cx"> }
</span><span class="cx"> #endif
</span><span class="cx">
</span></span></pre>
</div>
</div>
</body>
</html>