<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"

"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />

<title>[207949] releases/WebKitGTK/webkit-2.14/Source/WebCore</title>

</head>

<body>

<style type="text/css"><!--

#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }

#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }

#msg dt:after { content:':';}

#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt;  }

#msg dl a { font-weight: bold}

#msg dl a:link    { color:#fc3; }

#msg dl a:active  { color:#ff0; }

#msg dl a:visited { color:#cc6; }

h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }

#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }

#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }

#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }

#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }

#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }

#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }

#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }

#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }

#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }

#logmsg pre { background: #eee; padding: 1em; }

#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}

#logmsg dl { margin: 0; }

#logmsg dt { font-weight: bold; }

#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }

#logmsg dd:before { content:'\00bb';}

#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }

#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }

#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }

#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }

#logmsg table th.Corner { text-align: left; }

#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }

#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }

#patch { width: 100%; }

#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}

#patch .propset h4, #patch .binary h4 {margin:0;}

#patch pre {padding:0;line-height:1.2em;margin:0;}

#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}

#patch .propset .diff, #patch .binary .diff  {padding:10px 0;}

#patch span {display:block;padding:0 10px;}

#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}

#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}

#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}

#patch .lines, .info {color:#888;background:#fff;}

--></style>

<div id="msg">

<dl class="meta">

<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/207949">207949</a></dd>

<dt>Author</dt> <dd>carlosgc@webkit.org</dd>

<dt>Date</dt> <dd>2016-10-27 00:20:24 -0700 (Thu, 27 Oct 2016)</dd>

</dl>

<h3>Log Message</h3>

<pre>Merge <a href="http://trac.webkit.org/projects/webkit/changeset/206941">r206941</a> - EventHandler functions that need to guarantee event handler lifetime need to use Ref&lt;Frame&gt;

https://bugs.webkit.org/show_bug.cgi?id=98617

&lt;rdar://problem/12778649&gt;

Reviewed by Daniel Bates.

Improve stability by ensuring that the Frame holding an active EventHandler is kept

alive while in the process of handling events and executing JavaScript.

No new tests since there is no change in behavior.

* page/EventHandler.cpp:

(WebCore::EventHandler::handleMousePressEventSingleClick): Protect the Frame with a Ref&lt;&gt;.

(WebCore::EventHandler::handleMousePressEvent): Ditto.

(WebCore::EventHandler::handleMouseDraggedEvent): Ditto.

(WebCore::EventHandler::eventMayStartDrag): Ditto.

(WebCore::EventHandler::handleMouseReleaseEvent): Ditto.

(WebCore::EventHandler::hitTestResultAtPoint): Ditto.

(WebCore::EventHandler::scrollRecursively): Ditto.

(WebCore::EventHandler::logicalScrollRecursively): Ditto.

(WebCore::EventHandler::selectCursor): Ditto.

(WebCore::EventHandler::handleMouseDoubleClickEvent): Ditto.

(WebCore::EventHandler::mouseMoved): Ditto.

(WebCore::EventHandler::handleMouseMoveEvent): Ditto.

(WebCore::EventHandler::handleMouseForceEvent): Ditto.

(WebCore::EventHandler::dispatchDragEvent): Ditto.

(WebCore::EventHandler::updateDragAndDrop): Ditto.

(WebCore::EventHandler::cancelDragAndDrop): Ditto.

(WebCore::EventHandler::performDragAndDrop): Ditto.

(WebCore::EventHandler::prepareMouseEvent): Ditto.

(WebCore::EventHandler::updateMouseEventTargetNode): Ditto.

(WebCore::EventHandler::dispatchMouseEvent): Ditto.

(WebCore::EventHandler::platformCompleteWheelEvent): Ditto.

(WebCore::EventHandler::handleWheelEvent): Ditto.

(WebCore::EventHandler::defaultWheelEventHandler): Ditto.

(WebCore::EventHandler::sendContextMenuEvent): Ditto.

(WebCore::EventHandler::sendContextMenuEventForKey): Ditto.

(WebCore::EventHandler::hoverTimerFired): Ditto.

(WebCore::EventHandler::keyEvent): Ditto.

(WebCore::EventHandler::defaultKeyboardEventHandler): Ditto.

(WebCore::EventHandler::handleDrag): Ditto.

(WebCore::EventHandler::handleTextInputEvent): Ditto.

(WebCore::EventHandler::defaultSpaceEventHandler): Ditto.

(WebCore::EventHandler::defaultTabEventHandler): Ditto.

(WebCore::EventHandler::sendScrollEvent): Ditto.

(WebCore::EventHandler::handleTouchEvent): Ditto.

* page/ios/EventHandlerIOS.mm:

(WebCore::EventHandler::focusDocumentView): Ditto.

* page/mac/EventHandlerMac.mm:

(WebCore::EventHandler::platformCompleteWheelEvent): Ditto.</pre>

<h3>Modified Paths</h3>

<ul>

<li><a href="#releasesWebKitGTKwebkit214SourceWebCoreChangeLog">releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog</a></li>

<li><a href="#releasesWebKitGTKwebkit214SourceWebCorepageEventHandlercpp">releases/WebKitGTK/webkit-2.14/Source/WebCore/page/EventHandler.cpp</a></li>

<li><a href="#releasesWebKitGTKwebkit214SourceWebCorepageiosEventHandlerIOSmm">releases/WebKitGTK/webkit-2.14/Source/WebCore/page/ios/EventHandlerIOS.mm</a></li>

<li><a href="#releasesWebKitGTKwebkit214SourceWebCorepagemacEventHandlerMacmm">releases/WebKitGTK/webkit-2.14/Source/WebCore/page/mac/EventHandlerMac.mm</a></li>

</ul>

</div>

<div id="patch">

<h3>Diff</h3>

<a id="releasesWebKitGTKwebkit214SourceWebCoreChangeLog"></a>

<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog (207948 => 207949)</h4>

<pre class="diff"><span>

<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog        2016-10-27 07:18:05 UTC (rev 207948)

+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/ChangeLog        2016-10-27 07:20:24 UTC (rev 207949)

</span><span class="lines">@@ -1,3 +1,56 @@

</span><ins>+2016-10-07  Brent Fulgham  &lt;bfulgham@apple.com&gt;

+

+        EventHandler functions that need to guarantee event handler lifetime need to use Ref&lt;Frame&gt;

+        https://bugs.webkit.org/show_bug.cgi?id=98617

+        &lt;rdar://problem/12778649&gt;

+

+        Reviewed by Daniel Bates.

+

+        Improve stability by ensuring that the Frame holding an active EventHandler is kept

+        alive while in the process of handling events and executing JavaScript.

+

+        No new tests since there is no change in behavior.

+

+        * page/EventHandler.cpp:

+        (WebCore::EventHandler::handleMousePressEventSingleClick): Protect the Frame with a Ref&lt;&gt;.

+        (WebCore::EventHandler::handleMousePressEvent): Ditto.

+        (WebCore::EventHandler::handleMouseDraggedEvent): Ditto.

+        (WebCore::EventHandler::eventMayStartDrag): Ditto.

+        (WebCore::EventHandler::handleMouseReleaseEvent): Ditto.

+        (WebCore::EventHandler::hitTestResultAtPoint): Ditto.

+        (WebCore::EventHandler::scrollRecursively): Ditto.

+        (WebCore::EventHandler::logicalScrollRecursively): Ditto.

+        (WebCore::EventHandler::selectCursor): Ditto.

+        (WebCore::EventHandler::handleMouseDoubleClickEvent): Ditto.

+        (WebCore::EventHandler::mouseMoved): Ditto.

+        (WebCore::EventHandler::handleMouseMoveEvent): Ditto.

+        (WebCore::EventHandler::handleMouseForceEvent): Ditto.

+        (WebCore::EventHandler::dispatchDragEvent): Ditto.

+        (WebCore::EventHandler::updateDragAndDrop): Ditto.

+        (WebCore::EventHandler::cancelDragAndDrop): Ditto.

+        (WebCore::EventHandler::performDragAndDrop): Ditto.

+        (WebCore::EventHandler::prepareMouseEvent): Ditto.

+        (WebCore::EventHandler::updateMouseEventTargetNode): Ditto.

+        (WebCore::EventHandler::dispatchMouseEvent): Ditto.

+        (WebCore::EventHandler::platformCompleteWheelEvent): Ditto.

+        (WebCore::EventHandler::handleWheelEvent): Ditto.

+        (WebCore::EventHandler::defaultWheelEventHandler): Ditto.

+        (WebCore::EventHandler::sendContextMenuEvent): Ditto.

+        (WebCore::EventHandler::sendContextMenuEventForKey): Ditto.

+        (WebCore::EventHandler::hoverTimerFired): Ditto.

+        (WebCore::EventHandler::keyEvent): Ditto.

+        (WebCore::EventHandler::defaultKeyboardEventHandler): Ditto.

+        (WebCore::EventHandler::handleDrag): Ditto.

+        (WebCore::EventHandler::handleTextInputEvent): Ditto.

+        (WebCore::EventHandler::defaultSpaceEventHandler): Ditto.

+        (WebCore::EventHandler::defaultTabEventHandler): Ditto.

+        (WebCore::EventHandler::sendScrollEvent): Ditto.

+        (WebCore::EventHandler::handleTouchEvent): Ditto.

+        * page/ios/EventHandlerIOS.mm:

+        (WebCore::EventHandler::focusDocumentView): Ditto.

+        * page/mac/EventHandlerMac.mm:

+        (WebCore::EventHandler::platformCompleteWheelEvent): Ditto.

+

</ins><span class="cx"> 2016-10-07  Andreas Kling  &lt;akling@apple.com&gt;

</span><span class="cx"> 

<span class="cx">         [WK2] didRemoveFrameFromHierarchy callback doesn't fire for subframes when evicting from PageCache.

</span></span></pre></div>

<a id="releasesWebKitGTKwebkit214SourceWebCorepageEventHandlercpp"></a>

<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/page/EventHandler.cpp (207948 => 207949)</h4>

<pre class="diff"><span>

<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/page/EventHandler.cpp        2016-10-27 07:18:05 UTC (rev 207948)

+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/page/EventHandler.cpp        2016-10-27 07:20:24 UTC (rev 207949)

</span><span class="lines">@@ -660,6 +660,8 @@

</span><span class="cx"> 

</span><span class="cx"> bool EventHandler::handleMousePressEventSingleClick(const MouseEventWithHitTestResults&amp; event)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     m_frame.document()-&gt;updateLayoutIgnorePendingStylesheets();

</span><span class="cx">     Node* targetNode = event.targetNode();

</span><span class="cx">     if (!(targetNode &amp;&amp; targetNode-&gt;renderer() &amp;&amp; m_mouseDownMayStartSelect))

</span><span class="lines">@@ -735,6 +737,8 @@

</span><span class="cx"> 

</span><span class="cx"> bool EventHandler::handleMousePressEvent(const MouseEventWithHitTestResults&amp; event)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx"> #if ENABLE(DRAG_SUPPORT)

<span class="cx">     // Reset drag state.

</span><span class="cx">     dragState().source = nullptr;

</span><span class="lines">@@ -819,6 +823,8 @@

</span><span class="cx">     if (!m_mousePressed)

</span><span class="cx">         return false;

</span><span class="cx"> 

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     if (handleDrag(event, ShouldCheckDragHysteresis))

</span><span class="cx">         return true;

</span><span class="cx"> 

</span><span class="lines">@@ -878,6 +884,8 @@

</span><span class="cx">     if (!page)

</span><span class="cx">         return false;

</span><span class="cx"> 

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     updateDragSourceActionsAllowed();

</span><span class="cx">     HitTestRequest request(HitTestRequest::ReadOnly | HitTestRequest::DisallowUserAgentShadowContent);

</span><span class="cx">     HitTestResult result(view-&gt;windowToContents(event.position()));

</span><span class="lines">@@ -1010,6 +1018,8 @@

</span><span class="cx">     if (autoscrollInProgress())

</span><span class="cx">         stopAutoscrollTimer();

</span><span class="cx"> 

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     if (handleMouseUp(event))

</span><span class="cx">         return true;

</span><span class="cx"> 

</span><span class="lines">@@ -1118,6 +1128,8 @@

</span><span class="cx"> 

</span><span class="cx"> HitTestResult EventHandler::hitTestResultAtPoint(const LayoutPoint&amp; point, HitTestRequest::HitTestRequestType hitType, const LayoutSize&amp; padding)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     // We always send hitTestResultAtPoint to the main frame if we have one,

<span class="cx">     // otherwise we might hit areas that are obscured by higher frames.

</span><span class="cx">     if (!m_frame.isMainFrame()) {

</span><span class="lines">@@ -1201,6 +1213,8 @@

</span><span class="cx"> 

</span><span class="cx"> bool EventHandler::scrollRecursively(ScrollDirection direction, ScrollGranularity granularity, Node* startingNode)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     // The layout needs to be up to date to determine if we can scroll. We may be

<span class="cx">     // here because of an onLoad event, in which case the final layout hasn't been performed yet.

</span><span class="cx">     m_frame.document()-&gt;updateLayoutIgnorePendingStylesheets();

</span><span class="lines">@@ -1218,6 +1232,8 @@

</span><span class="cx"> 

</span><span class="cx"> bool EventHandler::logicalScrollRecursively(ScrollLogicalDirection direction, ScrollGranularity granularity, Node* startingNode)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     // The layout needs to be up to date to determine if we can scroll. We may be

<span class="cx">     // here because of an onLoad event, in which case the final layout hasn't been performed yet.

</span><span class="cx">     m_frame.document()-&gt;updateLayoutIgnorePendingStylesheets();

</span><span class="lines">@@ -1371,6 +1387,8 @@

</span><span class="cx">         return NoCursorChange;

</span><span class="cx"> #endif

</span><span class="cx"> 

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     // Use always pointer cursor for scrollbars.

</span><span class="cx">     if (result.scrollbar()) {

</span><span class="cx"> #if ENABLE(CURSOR_VISIBILITY)

</span><span class="lines">@@ -1598,6 +1616,7 @@

</span><span class="cx"> 

</span><span class="cx"> bool EventHandler::handleMousePressEvent(const PlatformMouseEvent&amp; platformMouseEvent)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

</ins><span class="cx">     RefPtr&lt;FrameView&gt; protector(m_frame.view());

</span><span class="cx"> 

</span><span class="cx">     if (InspectorInstrumentation::handleMousePress(m_frame)) {

</span><span class="lines">@@ -1738,6 +1757,7 @@

</span><span class="cx"> // This method only exists for platforms that don't know how to deliver 

</span><span class="cx"> bool EventHandler::handleMouseDoubleClickEvent(const PlatformMouseEvent&amp; platformMouseEvent)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

</ins><span class="cx">     RefPtr&lt;FrameView&gt; protector(m_frame.view());

</span><span class="cx"> 

</span><span class="cx">     m_frame.selection().setCaretBlinkingSuspended(false);

</span><span class="lines">@@ -1792,6 +1812,7 @@

</span><span class="cx"> 

</span><span class="cx"> bool EventHandler::mouseMoved(const PlatformMouseEvent&amp; event)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

</ins><span class="cx">     RefPtr&lt;FrameView&gt; protector(m_frame.view());

</span><span class="cx">     MaximumDurationTracker maxDurationTracker(&amp;m_maxMouseMovedDuration);

</span><span class="cx"> 

</span><span class="lines">@@ -1835,6 +1856,7 @@

</span><span class="cx">         return true;

</span><span class="cx"> #endif

</span><span class="cx"> 

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

</ins><span class="cx">     RefPtr&lt;FrameView&gt; protector(m_frame.view());

</span><span class="cx">     

</span><span class="cx">     setLastKnownMousePosition(platformMouseEvent);

</span><span class="lines">@@ -1970,6 +1992,7 @@

</span><span class="cx"> 

</span><span class="cx"> bool EventHandler::handleMouseReleaseEvent(const PlatformMouseEvent&amp; platformMouseEvent)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

</ins><span class="cx">     RefPtr&lt;FrameView&gt; protector(m_frame.view());

</span><span class="cx"> 

</span><span class="cx">     m_frame.selection().setCaretBlinkingSuspended(false);

</span><span class="lines">@@ -2049,6 +2072,7 @@

</span><span class="cx"> #if ENABLE(MOUSE_FORCE_EVENTS)

</span><span class="cx"> bool EventHandler::handleMouseForceEvent(const PlatformMouseEvent&amp; event)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

</ins><span class="cx">     RefPtr&lt;FrameView&gt; protector(m_frame.view());

</span><span class="cx"> 

</span><span class="cx">     setLastKnownMousePosition(event);

</span><span class="lines">@@ -2113,6 +2137,7 @@

</span><span class="cx"> 

</span><span class="cx"> bool EventHandler::dispatchDragEvent(const AtomicString&amp; eventType, Element&amp; dragTarget, const PlatformMouseEvent&amp; event, DataTransfer* dataTransfer)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

</ins><span class="cx">     FrameView* view = m_frame.view();

</span><span class="cx"> 

<span class="cx">     // FIXME: We might want to dispatch a dragleave even if the view is gone.

</span><span class="lines">@@ -2206,6 +2231,8 @@

</span><span class="cx">     

</span><span class="cx"> bool EventHandler::updateDragAndDrop(const PlatformMouseEvent&amp; event, DataTransfer* dataTransfer)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     bool accept = false;

</span><span class="cx"> 

</span><span class="cx">     if (!m_frame.view())

</span><span class="lines">@@ -2280,6 +2307,8 @@

</span><span class="cx"> 

</span><span class="cx"> void EventHandler::cancelDragAndDrop(const PlatformMouseEvent&amp; event, DataTransfer* dataTransfer)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     Frame* targetFrame;

</span><span class="cx">     if (targetIsFrame(m_dragTarget.get(), targetFrame)) {

</span><span class="cx">         if (targetFrame)

</span><span class="lines">@@ -2294,6 +2323,8 @@

</span><span class="cx"> 

</span><span class="cx"> bool EventHandler::performDragAndDrop(const PlatformMouseEvent&amp; event, DataTransfer* dataTransfer)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     Frame* targetFrame;

</span><span class="cx">     bool preventedDefault = false;

</span><span class="cx">     if (targetIsFrame(m_dragTarget.get(), targetFrame)) {

</span><span class="lines">@@ -2325,6 +2356,7 @@

</span><span class="cx"> 

</span><span class="cx"> MouseEventWithHitTestResults EventHandler::prepareMouseEvent(const HitTestRequest&amp; request, const PlatformMouseEvent&amp; mouseEvent)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

</ins><span class="cx">     ASSERT(m_frame.document());

</span><span class="cx">     return m_frame.document()-&gt;prepareMouseEvent(request, documentPointForWindowPoint(m_frame, mouseEvent.position()), mouseEvent);

</span><span class="cx"> }

</span><span class="lines">@@ -2355,6 +2387,7 @@

</span><span class="cx"> 

</span><span class="cx"> void EventHandler::updateMouseEventTargetNode(Node* targetNode, const PlatformMouseEvent&amp; platformMouseEvent, bool fireMouseOverOut)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

</ins><span class="cx">     Element* targetElement = nullptr;

</span><span class="cx">     

<span class="cx">     // If we're capturing, we always go right to that element.

</span><span class="lines">@@ -2473,6 +2506,7 @@

</span><span class="cx"> 

</span><span class="cx"> bool EventHandler::dispatchMouseEvent(const AtomicString&amp; eventType, Node* targetNode, bool /*cancelable*/, int clickCount, const PlatformMouseEvent&amp; platformMouseEvent, bool setUnder)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

</ins><span class="cx">     if (FrameView* view = m_frame.view())

</span><span class="cx">         view-&gt;disableLayerFlushThrottlingTemporarilyForInteraction();

</span><span class="cx"> 

</span><span class="lines">@@ -2573,6 +2607,8 @@

</span><span class="cx"> 

</span><span class="cx"> bool EventHandler::platformCompleteWheelEvent(const PlatformWheelEvent&amp; event, ContainerNode*, const WeakPtr&lt;ScrollableArea&gt;&amp;)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     // We do another check on the frame view because the event handler can run JS which results in the frame getting destroyed.

</span><span class="cx">     FrameView* view = m_frame.view();

</span><span class="cx">     

</span><span class="lines">@@ -2647,6 +2683,7 @@

</span><span class="cx">     if (!renderView)

</span><span class="cx">         return false;

</span><span class="cx"> 

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

</ins><span class="cx">     RefPtr&lt;FrameView&gt; protector(m_frame.view());

</span><span class="cx"> 

</span><span class="cx">     FrameView* view = m_frame.view();

</span><span class="lines">@@ -2722,6 +2759,8 @@

</span><span class="cx">     if (!startNode)

</span><span class="cx">         return;

</span><span class="cx">     

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     FloatSize filteredPlatformDelta(wheelEvent.deltaX(), wheelEvent.deltaY());

</span><span class="cx">     if (const PlatformWheelEvent* platformWheelEvent = wheelEvent.wheelEvent()) {

</span><span class="cx">         filteredPlatformDelta.setWidth(platformWheelEvent-&gt;deltaX());

</span><span class="lines">@@ -2751,6 +2790,8 @@

</span><span class="cx"> #if ENABLE(CONTEXT_MENUS)

</span><span class="cx"> bool EventHandler::sendContextMenuEvent(const PlatformMouseEvent&amp; event)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     Document* doc = m_frame.document();

</span><span class="cx">     FrameView* view = m_frame.view();

</span><span class="cx">     if (!view)

</span><span class="lines">@@ -2784,6 +2825,8 @@

</span><span class="cx"> 

</span><span class="cx"> bool EventHandler::sendContextMenuEventForKey()

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     FrameView* view = m_frame.view();

</span><span class="cx">     if (!view)

</span><span class="cx">         return false;

</span><span class="lines">@@ -2955,6 +2998,8 @@

</span><span class="cx"> 

</span><span class="cx">     ASSERT(m_frame.document());

</span><span class="cx"> 

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     if (RenderView* renderView = m_frame.contentRenderer()) {

</span><span class="cx">         if (FrameView* view = m_frame.view()) {

</span><span class="cx">             HitTestRequest request(HitTestRequest::Move | HitTestRequest::DisallowUserAgentShadowContent);

</span><span class="lines">@@ -3012,6 +3057,7 @@

</span><span class="cx"> 

</span><span class="cx"> bool EventHandler::keyEvent(const PlatformKeyboardEvent&amp; initialKeyEvent)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

</ins><span class="cx">     RefPtr&lt;FrameView&gt; protector(m_frame.view());

</span><span class="cx"> 

</span><span class="cx">     LOG(Editing, &quot;EventHandler %p keyEvent (text %s keyIdentifier %s)&quot;, this, initialKeyEvent.text().utf8().data(), initialKeyEvent.keyIdentifier().utf8().data());

</span><span class="lines">@@ -3266,6 +3312,8 @@

</span><span class="cx"> 

</span><span class="cx"> void EventHandler::defaultKeyboardEventHandler(KeyboardEvent&amp; event)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     if (event.type() == eventNames().keydownEvent) {

</span><span class="cx">         m_frame.editor().handleKeyboardEvent(event);

</span><span class="cx">         if (event.defaultHandled())

</span><span class="lines">@@ -3379,6 +3427,8 @@

</span><span class="cx">         return false;

</span><span class="cx">     }

</span><span class="cx">     

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     if (eventLoopHandleMouseDragged(event))

</span><span class="cx">         return true;

</span><span class="cx">     

</span><span class="lines">@@ -3542,6 +3592,8 @@

<span class="cx">     // and avoid dispatching text input events from keydown default handlers.

</span><span class="cx">     ASSERT(!is&lt;KeyboardEvent&gt;(underlyingEvent) || downcast&lt;KeyboardEvent&gt;(*underlyingEvent).type() == eventNames().keypressEvent);

</span><span class="cx"> 

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     EventTarget* target;

</span><span class="cx">     if (underlyingEvent)

</span><span class="cx">         target = underlyingEvent-&gt;target();

</span><span class="lines">@@ -3599,6 +3651,8 @@

</span><span class="cx"> 

</span><span class="cx"> void EventHandler::defaultSpaceEventHandler(KeyboardEvent&amp; event)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     ASSERT(event.type() == eventNames().keypressEvent);

</span><span class="cx"> 

</span><span class="cx">     if (event.ctrlKey() || event.metaKey() || event.altKey() || event.altGraphKey())

</span><span class="lines">@@ -3672,6 +3726,8 @@

</span><span class="cx"> 

</span><span class="cx"> void EventHandler::defaultTabEventHandler(KeyboardEvent&amp; event)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     ASSERT(event.type() == eventNames().keydownEvent);

</span><span class="cx"> 

<span class="cx">     // We should only advance focus on tabs if no special modifier keys are held down.

</span><span class="lines">@@ -3696,6 +3752,7 @@

</span><span class="cx"> 

</span><span class="cx"> void EventHandler::sendScrollEvent()

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

</ins><span class="cx">     setFrameWasScrolledByUser();

</span><span class="cx">     if (m_frame.view() &amp;&amp; m_frame.document())

</span><span class="cx">         m_frame.document()-&gt;eventQueue().enqueueOrDispatchScrollEvent(*m_frame.document());

</span><span class="lines">@@ -3774,6 +3831,8 @@

</span><span class="cx"> 

</span><span class="cx"> bool EventHandler::handleTouchEvent(const PlatformTouchEvent&amp; event)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     // First build up the lists to use for the 'touches', 'targetTouches' and 'changedTouches' attributes

</span><span class="cx">     // in the JS event. See http://www.sitepen.com/blog/2008/07/10/touching-and-gesturing-on-the-iphone/

<span class="cx">     // for an overview of how these lists fit together.

</span></span></pre></div>

<a id="releasesWebKitGTKwebkit214SourceWebCorepageiosEventHandlerIOSmm"></a>

<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/page/ios/EventHandlerIOS.mm (207948 => 207949)</h4>

<pre class="diff"><span>

<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/page/ios/EventHandlerIOS.mm        2016-10-27 07:18:05 UTC (rev 207948)

+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/page/ios/EventHandlerIOS.mm        2016-10-27 07:20:24 UTC (rev 207949)

</span><span class="lines">@@ -166,6 +166,8 @@

</span><span class="cx">     if (!page)

</span><span class="cx">         return;

</span><span class="cx"> 

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     if (FrameView* frameView = m_frame.view()) {

</span><span class="cx">         if (NSView *documentView = frameView-&gt;documentView())

</span><span class="cx">             page-&gt;chrome().focusNSView(documentView);

</span></span></pre></div>

<a id="releasesWebKitGTKwebkit214SourceWebCorepagemacEventHandlerMacmm"></a>

<div class="modfile"><h4>Modified: releases/WebKitGTK/webkit-2.14/Source/WebCore/page/mac/EventHandlerMac.mm (207948 => 207949)</h4>

<pre class="diff"><span>

<span class="info">--- releases/WebKitGTK/webkit-2.14/Source/WebCore/page/mac/EventHandlerMac.mm        2016-10-27 07:18:05 UTC (rev 207948)

+++ releases/WebKitGTK/webkit-2.14/Source/WebCore/page/mac/EventHandlerMac.mm        2016-10-27 07:20:24 UTC (rev 207949)

</span><span class="lines">@@ -1038,6 +1038,8 @@

</span><span class="cx"> 

</span><span class="cx"> bool EventHandler::platformCompleteWheelEvent(const PlatformWheelEvent&amp; wheelEvent, ContainerNode* scrollableContainer, const WeakPtr&lt;ScrollableArea&gt;&amp; scrollableArea)

</span><span class="cx"> {

</span><ins>+    Ref&lt;Frame&gt; protectedFrame(m_frame);

+

</ins><span class="cx">     FrameView* view = m_frame.view();

<span class="cx">     // We do another check on the frame view because the event handler can run JS which results in the frame getting destroyed.

</span><span class="cx">     if (!view)

</span></span></pre>

</div>

</div>

</body>

</html>