Title: [161442] branches/safari-537.74-branch/Source/WebCore
- Revision
- 161442
- Author
- matthew_han...@apple.com
- Date
- 2014-01-07 11:39:50 -0800 (Tue, 07 Jan 2014)
Log Message
Merge 161050: <rdar://problem/15754482>
Modified Paths
Diff
Modified: branches/safari-537.74-branch/Source/WebCore/ChangeLog (161441 => 161442)
--- branches/safari-537.74-branch/Source/WebCore/ChangeLog 2014-01-07 19:36:11 UTC (rev 161441)
+++ branches/safari-537.74-branch/Source/WebCore/ChangeLog 2014-01-07 19:39:50 UTC (rev 161442)
@@ -1,5 +1,22 @@
2013-12-23 Matthew Hanson <matthew_han...@apple.com>
+ Merge 161050: <rdar://problem/15754482>
+
+ 2013-12-23 Ryosuke Niwa <rn...@webkit.org>
+
+ Crash in ReplaceSelectionCommand
+ https://bugs.webkit.org/show_bug.cgi?id=126107
+
+ Reviewed by Benjamin Poulain.
+
+ Merge https://chromium.googlesource.com/chromium/blink/+/c1ebe5c1e808daf9db5e348a8d0ab32570b9f7a5
+ except the test since it doesn't reproduce the crash in WebKit.
+
+ * editing/ReplaceSelectionCommand.cpp:
+ (WebCore::ReplaceSelectionCommand::doApply):
+
+2013-12-23 Matthew Hanson <matthew_han...@apple.com>
+
Merge 161003: <rdar://problem/15719584>
2013-12-23 Lucas Forschler <lforsch...@apple.com>
Modified: branches/safari-537.74-branch/Source/WebCore/editing/ReplaceSelectionCommand.cpp (161441 => 161442)
--- branches/safari-537.74-branch/Source/WebCore/editing/ReplaceSelectionCommand.cpp 2014-01-07 19:36:11 UTC (rev 161441)
+++ branches/safari-537.74-branch/Source/WebCore/editing/ReplaceSelectionCommand.cpp 2014-01-07 19:39:50 UTC (rev 161442)
@@ -988,22 +988,22 @@
// NOTE: This would be an incorrect usage of downstream() if downstream() were changed to mean the last position after
// p that maps to the same visible position as p (since in the case where a br is at the end of a block and collapsed
// away, there are positions after the br which map to the same visible position as [br, 0]).
- Node* endBR = insertionPos.downstream().deprecatedNode()->hasTagName(brTag) ? insertionPos.downstream().deprecatedNode() : 0;
+ RefPtr<Node> endBR = insertionPos.downstream().deprecatedNode()->hasTagName(brTag) ? insertionPos.downstream().deprecatedNode() : nullptr;
VisiblePosition originalVisPosBeforeEndBR;
if (endBR)
- originalVisPosBeforeEndBR = VisiblePosition(positionBeforeNode(endBR), DOWNSTREAM).previous();
+ originalVisPosBeforeEndBR = VisiblePosition(positionBeforeNode(endBR.get()), DOWNSTREAM).previous();
- startBlock = enclosingBlock(insertionPos.deprecatedNode());
+ RefPtr<Node> insertionBlock = enclosingBlock(insertionPos.deprecatedNode());
// Adjust insertionPos to prevent nesting.
// If the start was in a Mail blockquote, we will have already handled adjusting insertionPos above.
- if (m_preventNesting && startBlock && !isTableCell(startBlock) && !startIsInsideMailBlockquote) {
- ASSERT(startBlock != currentRoot);
+ if (m_preventNesting && insertionBlock && !isTableCell(insertionBlock.get()) && !startIsInsideMailBlockquote) {
+ ASSERT(insertionBlock != currentRoot);
VisiblePosition visibleInsertionPos(insertionPos);
if (isEndOfBlock(visibleInsertionPos) && !(isStartOfBlock(visibleInsertionPos) && fragment.hasInterchangeNewlineAtEnd()))
- insertionPos = positionInParentAfterNode(startBlock);
+ insertionPos = positionInParentAfterNode(insertionBlock.get());
else if (isStartOfBlock(visibleInsertionPos))
- insertionPos = positionInParentBeforeNode(startBlock);
+ insertionPos = positionInParentBeforeNode(insertionBlock.get());
}
// Paste at start or end of link goes outside of link.
@@ -1114,14 +1114,14 @@
VisiblePosition startOfInsertedContent = firstPositionInOrBeforeNode(insertedNodes.firstNodeInserted());
- // We inserted before the startBlock to prevent nesting, and the content before the startBlock wasn't in its own block and
+ // We inserted before the insertionBlock to prevent nesting, and the content before the insertionBlock wasn't in its own block and
// didn't have a br after it, so the inserted content ended up in the same paragraph.
- if (startBlock && insertionPos.deprecatedNode() == startBlock->parentNode() && (unsigned)insertionPos.deprecatedEditingOffset() < startBlock->nodeIndex() && !isStartOfParagraph(startOfInsertedContent))
+ if (insertionBlock && insertionPos.deprecatedNode() == insertionBlock->parentNode() && (unsigned)insertionPos.deprecatedEditingOffset() < insertionBlock->nodeIndex() && !isStartOfParagraph(startOfInsertedContent))
insertNodeAt(createBreakElement(document()).get(), startOfInsertedContent.deepEquivalent());
- if (endBR && (plainTextFragment || shouldRemoveEndBR(endBR, originalVisPosBeforeEndBR))) {
+ if (endBR && (plainTextFragment || shouldRemoveEndBR(endBR.get(), originalVisPosBeforeEndBR))) {
RefPtr<Node> parent = endBR->parentNode();
- insertedNodes.willRemoveNode(endBR);
+ insertedNodes.willRemoveNode(endBR.get());
removeNode(endBR);
if (Node* nodeToRemove = highestNodeToRemoveInPruning(parent.get())) {
insertedNodes.willRemoveNode(nodeToRemove);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes