Title: [239546] trunk/Source/WebKit
- Revision
- 239546
- Author
- wenson_hs...@apple.com
- Date
- 2018-12-23 15:51:30 -0800 (Sun, 23 Dec 2018)
Log Message
Fix fast/ruby/ruby-base-merge-block-children-crash-2.html after r239543
https://bugs.webkit.org/show_bug.cgi?id=193015
<rdar://problem/46583527>
Reviewed by Tim Horton.
Fix the crash by gracefully handling integer overflow when computing the area of a very large editable element.
* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView _elementDidFocus:userIsInteracting:blurPreviousNode:changingActivityState:userObject:]):
(-[WKContentView _updateChangedSelection:]):
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (239545 => 239546)
--- trunk/Source/WebKit/ChangeLog 2018-12-23 10:46:38 UTC (rev 239545)
+++ trunk/Source/WebKit/ChangeLog 2018-12-23 23:51:30 UTC (rev 239546)
@@ -1,3 +1,17 @@
+2018-12-23 Wenson Hsieh <wenson_hs...@apple.com>
+
+ Fix fast/ruby/ruby-base-merge-block-children-crash-2.html after r239543
+ https://bugs.webkit.org/show_bug.cgi?id=193015
+ <rdar://problem/46583527>
+
+ Reviewed by Tim Horton.
+
+ Fix the crash by gracefully handling integer overflow when computing the area of a very large editable element.
+
+ * UIProcess/ios/WKContentViewInteraction.mm:
+ (-[WKContentView _elementDidFocus:userIsInteracting:blurPreviousNode:changingActivityState:userObject:]):
+ (-[WKContentView _updateChangedSelection:]):
+
2018-12-22 Wenson Hsieh <wenson_hs...@apple.com>
[iOS] Suppress native selection behaviors when focusing a very small editable element
Modified: trunk/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm (239545 => 239546)
--- trunk/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm 2018-12-23 10:46:38 UTC (rev 239545)
+++ trunk/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm 2018-12-23 23:51:30 UTC (rev 239546)
@@ -4476,7 +4476,8 @@
else
[self _stopSuppressingSelectionAssistantForReason:WebKit::FocusedElementIsTransparent];
- if (information.elementRect.area() < minimumFocusedElementAreaForSuppressingSelectionAssistant)
+ auto elementArea = information.elementRect.area<RecordOverflow>();
+ if (!elementArea.hasOverflowed() && elementArea < minimumFocusedElementAreaForSuppressingSelectionAssistant)
[self _beginSuppressingSelectionAssistantForReason:WebKit::FocusedElementIsTooSmall];
else
[self _stopSuppressingSelectionAssistantForReason:WebKit::FocusedElementIsTooSmall];
@@ -5013,7 +5014,8 @@
else
[self _stopSuppressingSelectionAssistantForReason:WebKit::FocusedElementIsTransparent];
- if (postLayoutData.focusedElementRect.area() < minimumFocusedElementAreaForSuppressingSelectionAssistant)
+ auto elementArea = postLayoutData.focusedElementRect.area<RecordOverflow>();
+ if (!elementArea.hasOverflowed() && elementArea < minimumFocusedElementAreaForSuppressingSelectionAssistant)
[self _beginSuppressingSelectionAssistantForReason:WebKit::FocusedElementIsTooSmall];
else
[self _stopSuppressingSelectionAssistantForReason:WebKit::FocusedElementIsTooSmall];
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes