Modified: trunk/LayoutTests/ChangeLog (91307 => 91308)
--- trunk/LayoutTests/ChangeLog 2011-07-19 22:07:11 UTC (rev 91307)
+++ trunk/LayoutTests/ChangeLog 2011-07-19 22:08:54 UTC (rev 91308)
@@ -229,6 +229,19 @@
2011-07-19 Abhishek Arya <[email protected]>
+ Crash in CompositeEditCommand::replaceTextInNodePreservingMarkers
+ https://bugs.webkit.org/show_bug.cgi?id=64738
+
+ Tests that we do not crash when replacing text in node preserving
+ markers.
+
+ Reviewed by Ryosuke Niwa.
+
+ * editing/undo/replace-text-in-node-preserving-markers-crash-expected.txt: Added
+ * editing/undo/replace-text-in-node-preserving-markers-crash.html: Added.
+
+2011-07-19 Abhishek Arya <[email protected]>
+
Tests that we do not crash when removing unrendering nodes
in a replacement fragment.
https://bugs.webkit.org/show_bug.cgi?id=64801
Added: trunk/LayoutTests/editing/undo/replace-text-in-node-preserving-markers-crash-expected.txt (0 => 91308)
--- trunk/LayoutTests/editing/undo/replace-text-in-node-preserving-markers-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/editing/undo/replace-text-in-node-preserving-markers-crash-expected.txt 2011-07-19 22:08:54 UTC (rev 91308)
@@ -0,0 +1,27 @@
+EDITING DELEGATE: shouldBeginEditingInDOMRange:range from 0 of DIV > BODY > HTML > #document to 2 of DIV > BODY > HTML > #document
+EDITING DELEGATE: webViewDidBeginEditing:WebViewDidBeginEditingNotification
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: shouldDeleteDOMRange:range from 7 of #text > SYMBOL > UL > DIV > BODY > HTML > #document to 8 of #text > SYMBOL > UL > DIV > BODY > HTML > #document
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: webViewDidChange:WebViewDidChangeNotification
+EDITING DELEGATE: shouldDeleteDOMRange:range from 6 of #text > SYMBOL > UL > DIV > BODY > HTML > #document to 7 of #text > SYMBOL > UL > DIV > BODY > HTML > #document
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: webViewDidChange:WebViewDidChangeNotification
+EDITING DELEGATE: shouldDeleteDOMRange:range from 5 of #text > SYMBOL > UL > DIV > BODY > HTML > #document to 6 of #text > SYMBOL > UL > DIV > BODY > HTML > #document
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: shouldChangeSelectedDOMRange:range from 4 of #text > SYMBOL > UL > DIV > BODY > HTML > #document to 5 of #text > SYMBOL > UL > DIV > BODY > HTML > #document toDOMRange:range from 5 of #text > SYMBOL > UL > DIV > BODY > HTML > #document to 5 of #text > SYMBOL > UL > DIV > BODY > HTML > #document affinity:NSSelectionAffinityDownstream stillSelecting:FALSE
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: webViewDidChange:WebViewDidChangeNotification
+EDITING DELEGATE: shouldDeleteDOMRange:range from 4 of #text > SYMBOL > UL > DIV > BODY > HTML > #document to 5 of #text > SYMBOL > UL > DIV > BODY > HTML > #document
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: webViewDidChangeSelection:WebViewDidChangeSelectionNotification
+EDITING DELEGATE: webViewDidChange:WebViewDidChangeNotification
+PASSEDabcdhijkl
Added: trunk/LayoutTests/editing/undo/replace-text-in-node-preserving-markers-crash.html (0 => 91308)
--- trunk/LayoutTests/editing/undo/replace-text-in-node-preserving-markers-crash.html (rev 0)
+++ trunk/LayoutTests/editing/undo/replace-text-in-node-preserving-markers-crash.html 2011-07-19 22:08:54 UTC (rev 91308)
@@ -0,0 +1,25 @@
+<!DOCTYPE html>
+<html>
+<style>
+.editing { width: 12px; }
+</style>
+<script src=""
+<script>
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+function editingTest() {
+ moveSelectionForwardByWordCommand();
+ moveSelectionForwardByWordCommand();
+ deleteCommand();
+ deleteCommand();
+ deleteCommand();
+ deleteCommand();
+}
+</script>
+<div contenteditable class="editing">
+<ul>PASSED<symbol id="test">abcd efg hijkl
+<script>
+runEditingTest();
+</script>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (91307 => 91308)
--- trunk/Source/WebCore/ChangeLog 2011-07-19 22:07:11 UTC (rev 91307)
+++ trunk/Source/WebCore/ChangeLog 2011-07-19 22:08:54 UTC (rev 91308)
@@ -1,3 +1,16 @@
+2011-07-19 MORITA Hajime <[email protected]>
+
+ Crash in CompositeEditCommand::replaceTextInNodePreservingMarkers.
+ https://bugs.webkit.org/show_bug.cgi?id=64738
+
+ Reviewed by Ryosuke Niwa.
+
+ Test: editing/undo/replace-text-in-node-preserving-markers-crash.html
+
+ * editing/CompositeEditCommand.cpp:
+ (WebCore::copyMarkers):
+ (WebCore::CompositeEditCommand::replaceTextInNodePreservingMarkers):
+
2011-07-19 Mike West <[email protected]>
Sending a `Ping-From` header for cross-origin pings from non-HTTPS documents.
Modified: trunk/Source/WebCore/editing/CompositeEditCommand.cpp (91307 => 91308)
--- trunk/Source/WebCore/editing/CompositeEditCommand.cpp 2011-07-19 22:07:11 UTC (rev 91307)
+++ trunk/Source/WebCore/editing/CompositeEditCommand.cpp 2011-07-19 22:08:54 UTC (rev 91308)
@@ -337,18 +337,27 @@
return Position(textNode.release(), start.offsetInContainerNode() + text.length());
}
+static void copyMarkers(const Vector<DocumentMarker*>& markerPointers, Vector<DocumentMarker>& markers)
+{
+ size_t arraySize = markerPointers.size();
+ markers.reserveCapacity(arraySize);
+ for (size_t i = 0; i < arraySize; ++i)
+ markers.append(*markerPointers[i]);
+}
+
void CompositeEditCommand::replaceTextInNodePreservingMarkers(PassRefPtr<Text> prpNode, unsigned offset, unsigned count, const String& replacementText)
{
RefPtr<Text> node(prpNode);
DocumentMarkerController* markerController = document()->markers();
- Vector<DocumentMarker*> markers = markerController->markersInRange(Range::create(document(), node, offset, node, offset + count).get(), DocumentMarker::AllMarkers());
+ Vector<DocumentMarker> markers;
+ copyMarkers(markerController->markersInRange(Range::create(document(), node, offset, node, offset + count).get(), DocumentMarker::AllMarkers()), markers);
replaceTextInNode(node, offset, count, replacementText);
RefPtr<Range> newRange = Range::create(document(), node, offset, node, offset + replacementText.length());
for (size_t i = 0; i < markers.size(); ++i) {
- if (markers[i]->hasDescription())
- markerController->addMarker(newRange.get(), markers[i]->type(), markers[i]->description());
+ if (markers[i].hasDescription())
+ markerController->addMarker(newRange.get(), markers[i].type(), markers[i].description());
else
- markerController->addMarker(newRange.get(), markers[i]->type());
+ markerController->addMarker(newRange.get(), markers[i].type());
}
}
