Bug 1397711 - Null-check widget of keyboard event before invoking its PostHandleKeyEvent. r?masayuki
MozReview-Commit-ID: KTniEBMvw9q
--- a/dom/events/EventStateManager.cpp
+++ b/dom/events/EventStateManager.cpp
@@ -2891,17 +2891,19 @@ EventStateManager::PostHandleKeyboardEve
return;
}
}
}
// The widget expects a reply for every keyboard event. If the event wasn't
// dispatched to a content process (non-e10s or no content process
// running), we need to short-circuit here. Otherwise, we need to wait for
// the content process to handle the event.
- aKeyboardEvent->mWidget->PostHandleKeyEvent(aKeyboardEvent);
+ if (aKeyboardEvent->mWidget) {
+ aKeyboardEvent->mWidget->PostHandleKeyEvent(aKeyboardEvent);
+ }
if (aKeyboardEvent->DefaultPrevented()) {
aStatus = nsEventStatus_eConsumeNoDefault;
return;
}
}
// XXX Currently, our automated tests don't support mKeyNameIndex.
// Therefore, we still need to handle this with keyCode.
new file mode 100644
--- /dev/null
+++ b/dom/events/crashtests/1397711.html
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<script>
+ let code = "x".charCodeAt(0);
+ let e = new KeyboardEvent("keypress", {
+ keyCode: code,
+ charCode: code,
+ bubbles: true
+ });
+ let utils = SpecialPowers.getDOMWindowUtils(window);
+ utils.dispatchDOMEventViaPresShell(document.documentElement, e, false);
+</script>
--- a/dom/events/crashtests/crashtests.list
+++ b/dom/events/crashtests/crashtests.list
@@ -11,8 +11,9 @@ load 1035654-1.html
load 1035654-2.html
needs-focus load 1072137-1.html
load 1143972-1.html
load 1190036-1.html
load eventctor-nulldictionary.html
load eventctor-nullstorage.html
load recursive-DOMNodeInserted.html
load recursive-onload.html
+load 1397711.html
