Title: [250222] releases/WebKitGTK/webkit-2.26/Source/WebCore
- Revision
- 250222
- Author
- carlo...@webkit.org
- Date
- 2019-09-23 03:14:32 -0700 (Mon, 23 Sep 2019)
Log Message
Merge r249854 - Crash under WebCore::firstPositionInNode()
https://bugs.webkit.org/show_bug.cgi?id=201764
<rdar://problem/54823754>
Reviewed by Wenson Hsieh and Geoff Garen.
Make sure to keep a Ref<> to the textNode when we call insertNodeAtTabSpanPosition()
or insertNodeAt().
Test: editing/firstPositionInNode-crash.html
* editing/InsertTextCommand.cpp:
(WebCore::InsertTextCommand::positionInsideTextNode):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250221 => 250222)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 10:14:29 UTC (rev 250221)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog 2019-09-23 10:14:32 UTC (rev 250222)
@@ -1,3 +1,19 @@
+2019-09-13 Chris Dumez <cdu...@apple.com>
+
+ Crash under WebCore::firstPositionInNode()
+ https://bugs.webkit.org/show_bug.cgi?id=201764
+ <rdar://problem/54823754>
+
+ Reviewed by Wenson Hsieh and Geoff Garen.
+
+ Make sure to keep a Ref<> to the textNode when we call insertNodeAtTabSpanPosition()
+ or insertNodeAt().
+
+ Test: editing/firstPositionInNode-crash.html
+
+ * editing/InsertTextCommand.cpp:
+ (WebCore::InsertTextCommand::positionInsideTextNode):
+
2019-09-11 Ali Juma <aj...@chromium.org>
Prevent reentrancy FrameLoader::dispatchUnloadEvents()
Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/editing/InsertTextCommand.cpp (250221 => 250222)
--- releases/WebKitGTK/webkit-2.26/Source/WebCore/editing/InsertTextCommand.cpp 2019-09-23 10:14:29 UTC (rev 250221)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/editing/InsertTextCommand.cpp 2019-09-23 10:14:32 UTC (rev 250222)
@@ -59,9 +59,8 @@
Position pos = p;
if (isTabSpanTextNode(pos.anchorNode())) {
auto textNode = document().createEditingTextNode(emptyString());
- auto* textNodePtr = textNode.ptr();
- insertNodeAtTabSpanPosition(WTFMove(textNode), pos);
- return firstPositionInNode(textNodePtr);
+ insertNodeAtTabSpanPosition(textNode.copyRef(), pos);
+ return firstPositionInNode(textNode.ptr());
}
// Prepare for text input by looking at the specified position.
@@ -68,9 +67,8 @@
// It may be necessary to insert a text node to receive characters.
if (!pos.containerNode()->isTextNode()) {
auto textNode = document().createEditingTextNode(emptyString());
- auto* textNodePtr = textNode.ptr();
- insertNodeAt(WTFMove(textNode), pos);
- return firstPositionInNode(textNodePtr);
+ insertNodeAt(textNode.copyRef(), pos);
+ return firstPositionInNode(textNode.ptr());
}
return pos;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes