2010-09-16 Daniel Cheng <dcheng@chromium.org>
Reviewed by Tony Chang.
Fix incorrect usage of dissolveDragImageToFraction().
https://bugs.webkit.org/show_bug.cgi?id=45835
createDragImageForSelection() was ignoring the return value of
dissolveDragImageToFraction(). This didn't happen to crash on most
platforms, since most implementations simply modified the image that was
passed in. However, Chromium Mac's implementation actually creates a new
image and returns that instead. This caused us to crash when copying the
image from the renderer to the browser process, since the memory had
already been freed.
* manual-tests/selection-drag-crash.html: Added.
* platform/DragImage.cpp:
(WebCore::createDragImageForSelection):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@67641 268f45cc-cd09-0410-ab3c-d52691b4dbfc
3 files changed
