Title: [88685] trunk/Source/WebCore
- Revision
- 88685
- Author
- rn...@webkit.org
- Date
- 2011-06-13 13:46:24 -0700 (Mon, 13 Jun 2011)
Log Message
2011-06-13 Ryosuke Niwa <rn...@webkit.org>
Reviewed by Dan Bernstein.
REGRESSION (r81518): Crash in makeRange() when invoking the dictionary panel over a file input
https://bugs.webkit.org/show_bug.cgi?id=62544
Fixed the crash by adding null pointer checks.
No new tests since there's no way to open dictionary panel.
* dom/Position.cpp:
(WebCore::Position::parentAnchoredEquivalent):
* editing/VisiblePosition.cpp:
(WebCore::makeRange):
* page/Frame.cpp:
(WebCore::Frame::rangeForPoint):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (88684 => 88685)
--- trunk/Source/WebCore/ChangeLog 2011-06-13 20:41:39 UTC (rev 88684)
+++ trunk/Source/WebCore/ChangeLog 2011-06-13 20:46:24 UTC (rev 88685)
@@ -1,3 +1,21 @@
+2011-06-13 Ryosuke Niwa <rn...@webkit.org>
+
+ Reviewed by Dan Bernstein.
+
+ REGRESSION (r81518): Crash in makeRange() when invoking the dictionary panel over a file input
+ https://bugs.webkit.org/show_bug.cgi?id=62544
+
+ Fixed the crash by adding null pointer checks.
+
+ No new tests since there's no way to open dictionary panel.
+
+ * dom/Position.cpp:
+ (WebCore::Position::parentAnchoredEquivalent):
+ * editing/VisiblePosition.cpp:
+ (WebCore::makeRange):
+ * page/Frame.cpp:
+ (WebCore::Frame::rangeForPoint):
+
2011-06-13 Adam Barth <aba...@webkit.org>
Reviewed by Nate Chapin.
Modified: trunk/Source/WebCore/dom/Position.cpp (88684 => 88685)
--- trunk/Source/WebCore/dom/Position.cpp 2011-06-13 20:41:39 UTC (rev 88684)
+++ trunk/Source/WebCore/dom/Position.cpp 2011-06-13 20:46:24 UTC (rev 88685)
@@ -174,7 +174,8 @@
return firstPositionInOrBeforeNode(m_anchorNode.get());
}
if (!m_anchorNode->offsetInCharacters() && (m_anchorType == PositionIsAfterAnchor || static_cast<unsigned>(m_offset) == m_anchorNode->childNodeCount())
- && (editingIgnoresContent(m_anchorNode.get()) || isTableElement(m_anchorNode.get()))) {
+ && (editingIgnoresContent(m_anchorNode.get()) || isTableElement(m_anchorNode.get()))
+ && containerNode()) {
return positionInParentAfterNode(m_anchorNode.get());
}
Modified: trunk/Source/WebCore/editing/VisiblePosition.cpp (88684 => 88685)
--- trunk/Source/WebCore/editing/VisiblePosition.cpp 2011-06-13 20:41:39 UTC (rev 88684)
+++ trunk/Source/WebCore/editing/VisiblePosition.cpp 2011-06-13 20:46:24 UTC (rev 88685)
@@ -632,6 +632,9 @@
Position s = start.deepEquivalent().parentAnchoredEquivalent();
Position e = end.deepEquivalent().parentAnchoredEquivalent();
+ if (s.isNull() || e.isNull())
+ return 0;
+
return Range::create(s.containerNode()->document(), s.containerNode(), s.offsetInContainerNode(), e.containerNode(), e.offsetInContainerNode());
}
Modified: trunk/Source/WebCore/page/Frame.cpp (88684 => 88685)
--- trunk/Source/WebCore/page/Frame.cpp 2011-06-13 20:41:39 UTC (rev 88684)
+++ trunk/Source/WebCore/page/Frame.cpp 2011-06-13 20:46:24 UTC (rev 88685)
@@ -898,8 +898,7 @@
}
VisiblePosition next = position.next();
- if (next.isNotNull()) {
- RefPtr<Range> nextCharacterRange = makeRange(position, next);
+ if (RefPtr<Range> nextCharacterRange = makeRange(position, next)) {
IntRect rect = editor()->firstRectForRange(nextCharacterRange.get());
if (rect.contains(framePoint))
return nextCharacterRange.release();
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
