[webkit-reviews] review denied: [Bug 42047] Add click handler to the input element's speech button. : [Attachment 61486] Patch

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jul 14 02:03:05 PDT 2010


Kent Tamura <tkent at chromium.org> has denied Satish Sampath
<satish at chromium.org>'s request for review:
Bug 42047: Add click handler to the input element's speech button.
https://bugs.webkit.org/show_bug.cgi?id=42047

Attachment 61486: Patch
https://bugs.webkit.org/attachment.cgi?id=61486&action=review

------- Additional Comments from Kent Tamura <tkent at chromium.org>
WebCore/rendering/TextControlInnerElements.cpp:353
 +	    input->focus();
focus() dispatches a focus event, and an event handler might remove 'input'
node.  So the next input->select() can use a deleted object.
Please look at SpinButtonElement::defaultEventHandler() of the latest revision
of TextControlInnerElements.cpp.


WebCore/rendering/TextControlInnerElements.cpp:392
 +	input->dispatchFormControlChangeEvent();
This has a similar problem.  An event handler of the event might remove the
'input' node.  So this InputFieldSpeechButtonElement instance might be removed.

So, we need
  RefPtr<InputFieldSpeechButtonElement> protector(this);
before input->dispatchFormControlChangeEvent().


More information about the webkit-reviews mailing list