Revision 762684

Go back to digest for 20th January 2008

Bug Fixes in KDE Base

Maks Orlovich committed changes in /branches/KDE/4.0/kdelibs/khtml/rendering:

Do not emit onchange on synthetic toggling of radio buttons and checkboxes.
That's incompatible, and also led to #155973, crash on the beta BBC's page location selector, as we have the following scenario:

1. JS sets checked.
2. We do updateFromElement, ask Qt to update the widget
3. The widget emits the change signal
4. The change signal handler does ref() [rc = 2]
5. The change signal handler does onchange(). The event running causes a detach, which does a deref() [rc = 1]
6. The change signal handler does deref() [rc = 0], so the Render* gets destroyed
7. The common parts of updateFromElement, such as RenderWidget::updateFromElement, etc., run on a deleted RenderCheckBox/RadioButton, trying to access deleted RenderStyle, etc. boom.

File Changes

Modified 2 files
  • /branches/KDE/4.0/kdelibs/khtml/rendering
  •   /render_form.cpp
  •   /render_form.h
2 files changed in total