Skip to site navigation (Press enter)

[webkit-changes] [88627] trunk

commit-queue Sun, 12 Jun 2011 21:56:37 -0700

Title: [88627] trunk

Revision: 88627
Author: [email protected]
Date: 2011-06-12 21:55:42 -0700 (Sun, 12 Jun 2011)

Log Message

2011-06-12  Hironori Bono  <[email protected]>

        Reviewed by Hajime Morita.


        Add null checks to HTMLTextAreaElement::removeSpellcheckRange().
        https://bugs.webkit.org/show_bug.cgi?id=62526

        This change adds null checks to the following function to prevent crashes
        when calling removeSpellcheckRange() with null:
        HTMLTextAreaElement::removeSpellcheckRange(),
        HTMLInputElement::removeSpellcheckRange(), and
        HTMLDivElement::removeSpellcheckRange().

        * editing/spelling/spellcheck-api-crash-expected.txt: Added.
        * editing/spelling/spellcheck-api-crash.html: Added.
2011-06-12  Hironori Bono  <[email protected]>

        Reviewed by Hajime Morita.

        Add null checks to HTMLTextAreaElement::removeSpellcheckRange().
        https://bugs.webkit.org/show_bug.cgi?id=62526

        This change adds null checks to the following function to prevent crashes
        when calling removeSpellcheckRange() with null:
        HTMLTextAreaElement::removeSpellcheckRange(),
        HTMLInputElement::removeSpellcheckRange(), and
        HTMLDivElement::removeSpellcheckRange().

        Test: editing/spelling/spellcheck-api-crash.html

        * html/HTMLDivElement.cpp:
        (WebCore::HTMLDivElement::removeSpellcheckRange):
        * html/HTMLInputElement.cpp:
        (WebCore::HTMLInputElement::removeSpellcheckRange):
        * html/HTMLTextAreaElement.cpp:
        (WebCore::HTMLTextAreaElement::removeSpellcheckRange):

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/html/HTMLDivElement.cpp
trunk/Source/WebCore/html/HTMLInputElement.cpp
trunk/Source/WebCore/html/HTMLTextAreaElement.cpp

Added Paths

trunk/LayoutTests/editing/spelling/spellcheck-api-crash-expected.txt
trunk/LayoutTests/editing/spelling/spellcheck-api-crash.html

Diff

Modified: trunk/LayoutTests/ChangeLog (88626 => 88627)


--- trunk/LayoutTests/ChangeLog	2011-06-13 04:13:16 UTC (rev 88626)
+++ trunk/LayoutTests/ChangeLog	2011-06-13 04:55:42 UTC (rev 88627)
@@ -1,3 +1,19 @@
+2011-06-12  Hironori Bono  <[email protected]>
+
+        Reviewed by Hajime Morita.
+
+        Add null checks to HTMLTextAreaElement::removeSpellcheckRange().
+        https://bugs.webkit.org/show_bug.cgi?id=62526
+
+        This change adds null checks to the following function to prevent crashes
+        when calling removeSpellcheckRange() with null:
+        HTMLTextAreaElement::removeSpellcheckRange(),
+        HTMLInputElement::removeSpellcheckRange(), and
+        HTMLDivElement::removeSpellcheckRange().
+
+        * editing/spelling/spellcheck-api-crash-expected.txt: Added.
+        * editing/spelling/spellcheck-api-crash.html: Added.
+
 2011-06-12  Mahesh Kulkarni  <[email protected]>
 
         Reviewed by Antonio Gomes.

Added: trunk/LayoutTests/editing/spelling/spellcheck-api-crash-expected.txt (0 => 88627)


--- trunk/LayoutTests/editing/spelling/spellcheck-api-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/editing/spelling/spellcheck-api-crash-expected.txt	2011-06-13 04:55:42 UTC (rev 88627)
@@ -0,0 +1,7 @@
+This tests thats WebKit does not crash when we call removeSpellcheckRange() with a null parameter. To test manually, open this HTML file and check if the browser can open this file without a crash.
+
+
+
+wellcome
+
+

Added: trunk/LayoutTests/editing/spelling/spellcheck-api-crash.html (0 => 88627)


--- trunk/LayoutTests/editing/spelling/spellcheck-api-crash.html	                        (rev 0)
+++ trunk/LayoutTests/editing/spelling/spellcheck-api-crash.html	2011-06-13 04:55:42 UTC (rev 88627)
@@ -0,0 +1,27 @@
+<html>
+<head>
+<title></title>
+<script language="_javascript_" type="text/_javascript_">
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+function Test() {
+    var node0 = document.getElementById('test0');
+    if (node0.removeSpellcheckRange)
+        node0.removeSpellcheckRange(null);
+    var node1 = document.getElementById('test1');
+    if (node1.removeSpellcheckRange)
+        node1.removeSpellcheckRange(null);
+    var node2 = document.getElementById('test2');
+    if (node2.removeSpellcheckRange)
+        node2.removeSpellcheckRange(null);
+}
+</script>
+</head>
+<body _onload_="Test()">
+<p>This tests thats WebKit does not crash when we call removeSpellcheckRange() with a null parameter. To test manually, open this HTML file and check if the browser can open this file without a crash.</p>
+<textarea id="test0" rows="10" cols="80">wellcome</textarea><br />
+<input id="test1" type="text" value="wellcome" /><br />
+<div id="test2" contenteditable="true">wellcome</div><br />
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (88626 => 88627)


--- trunk/Source/WebCore/ChangeLog	2011-06-13 04:13:16 UTC (rev 88626)
+++ trunk/Source/WebCore/ChangeLog	2011-06-13 04:55:42 UTC (rev 88627)
@@ -1,3 +1,25 @@
+2011-06-12  Hironori Bono  <[email protected]>
+
+        Reviewed by Hajime Morita.
+
+        Add null checks to HTMLTextAreaElement::removeSpellcheckRange().
+        https://bugs.webkit.org/show_bug.cgi?id=62526
+
+        This change adds null checks to the following function to prevent crashes
+        when calling removeSpellcheckRange() with null:
+        HTMLTextAreaElement::removeSpellcheckRange(),
+        HTMLInputElement::removeSpellcheckRange(), and
+        HTMLDivElement::removeSpellcheckRange().
+
+        Test: editing/spelling/spellcheck-api-crash.html
+
+        * html/HTMLDivElement.cpp:
+        (WebCore::HTMLDivElement::removeSpellcheckRange):
+        * html/HTMLInputElement.cpp:
+        (WebCore::HTMLInputElement::removeSpellcheckRange):
+        * html/HTMLTextAreaElement.cpp:
+        (WebCore::HTMLTextAreaElement::removeSpellcheckRange):
+
 2011-06-12  Adam Barth  <[email protected]>
 
         Reviewed by Darin Adler.

Modified: trunk/Source/WebCore/html/HTMLDivElement.cpp (88626 => 88627)


--- trunk/Source/WebCore/html/HTMLDivElement.cpp	2011-06-13 04:13:16 UTC (rev 88626)
+++ trunk/Source/WebCore/html/HTMLDivElement.cpp	2011-06-13 04:55:42 UTC (rev 88627)
@@ -95,6 +95,8 @@
 
 void HTMLDivElement::removeSpellcheckRange(RefPtr<SpellcheckRange> range)
 {
+    if (!range)
+        return;
     document()->markers()->removeUserSpellingMarker(this, range->start(), range->length());
 }
 #endif

Modified: trunk/Source/WebCore/html/HTMLInputElement.cpp (88626 => 88627)


--- trunk/Source/WebCore/html/HTMLInputElement.cpp	2011-06-13 04:13:16 UTC (rev 88626)
+++ trunk/Source/WebCore/html/HTMLInputElement.cpp	2011-06-13 04:55:42 UTC (rev 88627)
@@ -1861,6 +1861,8 @@
 
 void HTMLInputElement::removeSpellcheckRange(RefPtr<SpellcheckRange> range)
 {
+    if (!range)
+        return;
     document()->markers()->removeUserSpellingMarker(this, range->start(), range->length());
 }
 #endif

Modified: trunk/Source/WebCore/html/HTMLTextAreaElement.cpp (88626 => 88627)


--- trunk/Source/WebCore/html/HTMLTextAreaElement.cpp	2011-06-13 04:13:16 UTC (rev 88626)
+++ trunk/Source/WebCore/html/HTMLTextAreaElement.cpp	2011-06-13 04:55:42 UTC (rev 88627)
@@ -462,6 +462,8 @@
 
 void HTMLTextAreaElement::removeSpellcheckRange(RefPtr<SpellcheckRange> range)
 {
+    if (!range)
+        return;
     document()->markers()->removeUserSpellingMarker(this, range->start(), range->length());
 }
 #endif

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes