Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(147)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: Source/core/input/EventHandler.cpp

Issue 1315983004: Fix use-after-free bug in long press selection (Closed) Base URL: https://chromium.googlesource.com/chromium/blink.git@master
Patch Set: Address review feedback Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« LayoutTests/editing/selection/longpress-selection-in-iframe-removed-crash.html ('K') | « LayoutTests/editing/selection/longpress-selection-in-iframe-removed-crash.html ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed. 2 * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserv ed.
3 * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org) 3 * Copyright (C) 2006 Alexey Proskuryakov (ap@webkit.org)
4 * Copyright (C) 2012 Digia Plc. and/or its subsidiary(-ies) 4 * Copyright (C) 2012 Digia Plc. and/or its subsidiary(-ies)
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
8 * are met: 8 * are met:
9 * 1. Redistributions of source code must retain the above copyright 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer. 10 * notice, this list of conditions and the following disclaimer.
(...skipping 2108 matching lines...) Expand 10 before | Expand all | Expand 10 after
2119 m_mouseDownPos = m_frame->view()->rootFrameToContents(mouseDragEvent.pos ition()); 2119 m_mouseDownPos = m_frame->view()->rootFrameToContents(mouseDragEvent.pos ition());
2120 RefPtrWillBeRawPtr<FrameView> protector(m_frame->view()); 2120 RefPtrWillBeRawPtr<FrameView> protector(m_frame->view());
2121 if (handleDrag(mev, DragInitiator::Touch)) { 2121 if (handleDrag(mev, DragInitiator::Touch)) {
2122 m_longTapShouldInvokeContextMenu = true; 2122 m_longTapShouldInvokeContextMenu = true;
2123 return true; 2123 return true;
2124 } 2124 }
2125 } 2125 }
2126 2126
2127 IntPoint hitTestPoint = m_frame->view()->rootFrameToContents(gestureEvent.po sition()); 2127 IntPoint hitTestPoint = m_frame->view()->rootFrameToContents(gestureEvent.po sition());
2128 HitTestResult result = hitTestResultAtPoint(hitTestPoint); 2128 HitTestResult result = hitTestResultAtPoint(hitTestPoint);
2129 RefPtrWillBeRawPtr<FrameView> protector(m_frame->view());
2129 if (selectionController().handleGestureLongPress(gestureEvent, result)) { 2130 if (selectionController().handleGestureLongPress(gestureEvent, result)) {
2130 focusDocumentView(); 2131 focusDocumentView();
2131 return true; 2132 return true;
2132 } 2133 }
2133 2134
2134 return sendContextMenuEventForGesture(targetedEvent); 2135 return sendContextMenuEventForGesture(targetedEvent);
2135 } 2136 }
2136 2137
2137 bool EventHandler::handleGestureLongTap(const GestureEventWithHitTestResults& ta rgetedEvent) 2138 bool EventHandler::handleGestureLongTap(const GestureEventWithHitTestResults& ta rgetedEvent)
2138 { 2139 {
(...skipping 639 matching lines...) Expand 10 before | Expand all | Expand 10 after
2778 2779
2779 // Use the focused node as the target for hover and active. 2780 // Use the focused node as the target for hover and active.
2780 HitTestRequest request(HitTestRequest::Active); 2781 HitTestRequest request(HitTestRequest::Active);
2781 HitTestResult result(request, locationInRootFrame); 2782 HitTestResult result(request, locationInRootFrame);
2782 result.setInnerNode(targetNode); 2783 result.setInnerNode(targetNode);
2783 doc->updateHoverActiveState(request, result.innerElement()); 2784 doc->updateHoverActiveState(request, result.innerElement());
2784 2785
2785 // The contextmenu event is a mouse event even when invoked using the keyboa rd. 2786 // The contextmenu event is a mouse event even when invoked using the keyboa rd.
2786 // This is required for web compatibility. 2787 // This is required for web compatibility.
2787 PlatformEvent::Type eventType = PlatformEvent::MousePressed; 2788 PlatformEvent::Type eventType = PlatformEvent::MousePressed;
2788 if (m_frame->settings()->showContextMenuOnMouseUp()) 2789 if (m_frame->settings() && m_frame->settings()->showContextMenuOnMouseUp())
2789 eventType = PlatformEvent::MouseReleased; 2790 eventType = PlatformEvent::MouseReleased;
2790 2791
2791 PlatformMouseEvent mouseEvent(locationInRootFrame, globalPosition, RightButt on, eventType, 1, false, false, false, false, PlatformMouseEvent::RealOrIndistin guishable, WTF::currentTime()); 2792 PlatformMouseEvent mouseEvent(locationInRootFrame, globalPosition, RightButt on, eventType, 1, false, false, false, false, PlatformMouseEvent::RealOrIndistin guishable, WTF::currentTime());
2792 2793
2793 handleMousePressEvent(mouseEvent); 2794 handleMousePressEvent(mouseEvent);
2794 return sendContextMenuEvent(mouseEvent, overrideTargetElement); 2795 return sendContextMenuEvent(mouseEvent, overrideTargetElement);
2795 } 2796 }
2796 2797
2797 bool EventHandler::sendContextMenuEventForGesture(const GestureEventWithHitTestR esults& targetedEvent) 2798 bool EventHandler::sendContextMenuEventForGesture(const GestureEventWithHitTestR esults& targetedEvent)
2798 { 2799 {
2799 const PlatformGestureEvent& gestureEvent = targetedEvent.event(); 2800 const PlatformGestureEvent& gestureEvent = targetedEvent.event();
2800 unsigned modifiers = gestureEvent.modifiers(); 2801 unsigned modifiers = gestureEvent.modifiers();
2801 2802
2802 // Send MouseMoved event prior to handling (https://crbug.com/485290). 2803 // Send MouseMoved event prior to handling (https://crbug.com/485290).
2803 PlatformMouseEvent fakeMouseMove(gestureEvent.position(), gestureEvent.globa lPosition(), 2804 PlatformMouseEvent fakeMouseMove(gestureEvent.position(), gestureEvent.globa lPosition(),
2804 NoButton, PlatformEvent::MouseMoved, /* clickCount */ 0, 2805 NoButton, PlatformEvent::MouseMoved, /* clickCount */ 0,
2805 static_cast<PlatformEvent::Modifiers>(modifiers), 2806 static_cast<PlatformEvent::Modifiers>(modifiers),
2806 PlatformMouseEvent::FromTouch, gestureEvent.timestamp()); 2807 PlatformMouseEvent::FromTouch, gestureEvent.timestamp());
2807 dispatchMouseEvent(EventTypeNames::mousemove, targetedEvent.hitTestResult(). innerNode(), 0, fakeMouseMove, true); 2808 dispatchMouseEvent(EventTypeNames::mousemove, targetedEvent.hitTestResult(). innerNode(), 0, fakeMouseMove, true);
2808 2809
2809 PlatformEvent::Type eventType = PlatformEvent::MousePressed; 2810 PlatformEvent::Type eventType = PlatformEvent::MousePressed;
2810 2811
2811 if (m_frame->settings()->showContextMenuOnMouseUp()) 2812 if (m_frame->settings() && m_frame->settings()->showContextMenuOnMouseUp())
2812 eventType = PlatformEvent::MouseReleased; 2813 eventType = PlatformEvent::MouseReleased;
2813 else 2814 else
2814 modifiers |= PlatformEvent::RightButtonDown; 2815 modifiers |= PlatformEvent::RightButtonDown;
2815 2816
2816 PlatformMouseEvent mouseEvent(targetedEvent.event().position(), targetedEven t.event().globalPosition(), RightButton, eventType, 1, 2817 PlatformMouseEvent mouseEvent(targetedEvent.event().position(), targetedEven t.event().globalPosition(), RightButton, eventType, 1,
2817 static_cast<PlatformEvent::Modifiers>(modifiers), 2818 static_cast<PlatformEvent::Modifiers>(modifiers),
2818 PlatformMouseEvent::FromTouch, WTF::currentTime()); 2819 PlatformMouseEvent::FromTouch, WTF::currentTime());
2819 // To simulate right-click behavior, we send a right mouse down and then 2820 // To simulate right-click behavior, we send a right mouse down and then
2820 // context menu event. 2821 // context menu event.
2821 // FIXME: Send HitTestResults to avoid redundant hit tests. 2822 // FIXME: Send HitTestResults to avoid redundant hit tests.
(...skipping 1174 matching lines...) Expand 10 before | Expand all | Expand 10 after
3996 unsigned EventHandler::accessKeyModifiers() 3997 unsigned EventHandler::accessKeyModifiers()
3997 { 3998 {
3998 #if OS(MACOSX) 3999 #if OS(MACOSX)
3999 return PlatformEvent::CtrlKey | PlatformEvent::AltKey; 4000 return PlatformEvent::CtrlKey | PlatformEvent::AltKey;
4000 #else 4001 #else
4001 return PlatformEvent::AltKey; 4002 return PlatformEvent::AltKey;
4002 #endif 4003 #endif
4003 } 4004 }
4004 4005
4005 } // namespace blink 4006 } // namespace blink
OLDNEW
« LayoutTests/editing/selection/longpress-selection-in-iframe-removed-crash.html ('K') | « LayoutTests/editing/selection/longpress-selection-in-iframe-removed-crash.html ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698