2009-02-16 Anantanarayanan Iyengar <ananta@chromium.org>
Reviewed by Darin Fisher.
https://bugs.webkit.org/show_bug.cgi?id=23973
ScrollView::scrollContents can be invoked during view shutdown. In
this scenario the FrameView::hostWindow method can return NULL, which
indicates that the frame/page is being destroyed. This causes a crash
when we try to dereference a NULL hostWindow pointer. Fix is to add a
NULL check for this.
* platform/ScrollView.cpp:
(WebCore::ScrollView::scrollContents):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@41260 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index f3c7c42..e2fdce3 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,17 @@
+2009-02-16 Anantanarayanan Iyengar <ananta@chromium.org>
+
+ Reviewed by Darin Fisher.
+
+ https://bugs.webkit.org/show_bug.cgi?id=23973
+ ScrollView::scrollContents can be invoked during view shutdown. In
+ this scenario the FrameView::hostWindow method can return NULL, which
+ indicates that the frame/page is being destroyed. This causes a crash
+ when we try to dereference a NULL hostWindow pointer. Fix is to add a
+ NULL check for this.
+
+ * platform/ScrollView.cpp:
+ (WebCore::ScrollView::scrollContents):
+
2009-02-26 Rahul Kuchhal <kuchhal@chromium.org>
Reviewed by Dave Hyatt.
diff --git a/WebCore/platform/ScrollView.cpp b/WebCore/platform/ScrollView.cpp
index 98c3b48..f5d2465 100644
--- a/WebCore/platform/ScrollView.cpp
+++ b/WebCore/platform/ScrollView.cpp
@@ -436,6 +436,9 @@
void ScrollView::scrollContents(const IntSize& scrollDelta)
{
+ if (!hostWindow())
+ return;
+
// Since scrolling is double buffered, we will be blitting the scroll view's intersection
// with the clip rect every time to keep it smooth.
IntRect clipRect = windowClipRect();
