[webkit-changes] [94841] trunk

[commit-queue]

Title: [94841] trunk

Revision

94841

Author

commit-qu...@webkit.org

Date

2011-09-09 02:13:19 -0700 (Fri, 09 Sep 2011)

Log Message

Crashes in WebCore::AppendNodeCommand::create().
https://bugs.webkit.org/show_bug.cgi?id=67767

Patch by Shinya Kawanaka <shin...@google.com> on 2011-09-09
Reviewed by Darin Adler.

Source/WebCore:

In CompositeEditCommand::closeParagraphUnderNewElement(), lastNode could be a non Element node.
The current code assumes lastNode is an Element node. This patch checks it.

Test: editing/execCommand/ident-crashes-topnode-is-text.html

* editing/CompositeEditCommand.cpp:
(WebCore::CompositeEditCommand::cloneParagraphUnderNewElement): Added an element node check.

LayoutTests:

Added a crash test case.

* editing/execCommand/ident-crashes-topnode-is-text-expected.txt: Added.
* editing/execCommand/ident-crashes-topnode-is-text.html: Added.

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/editing/CompositeEditCommand.cpp

Added Paths

• trunk/LayoutTests/editing/execCommand/ident-crashes-topnode-is-text-expected.txt
• trunk/LayoutTests/editing/execCommand/ident-crashes-topnode-is-text.html

Diff

Modified: trunk/LayoutTests/ChangeLog (94840 => 94841)

--- trunk/LayoutTests/ChangeLog	2011-09-09 09:02:36 UTC (rev 94840)
+++ trunk/LayoutTests/ChangeLog	2011-09-09 09:13:19 UTC (rev 94841)
@@ -1,5 +1,17 @@
 2011-09-09  Shinya Kawanaka  <shin...@google.com>
 
+        Crashes in WebCore::AppendNodeCommand::create().
+        https://bugs.webkit.org/show_bug.cgi?id=67767
+
+        Reviewed by Darin Adler.
+
+        Added a crash test case.
+
+        * editing/execCommand/ident-crashes-topnode-is-text-expected.txt: Added.
+        * editing/execCommand/ident-crashes-topnode-is-text.html: Added.
+
+2011-09-09  Shinya Kawanaka  <shin...@google.com>
+
         Crashes in WebCore::ApplyStyleCommand.doApply()
         https://bugs.webkit.org/show_bug.cgi?id=67765
 

Added: trunk/LayoutTests/editing/execCommand/ident-crashes-topnode-is-text-expected.txt (0 => 94841)

--- trunk/LayoutTests/editing/execCommand/ident-crashes-topnode-is-text-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/editing/execCommand/ident-crashes-topnode-is-text-expected.txt	2011-09-09 09:13:19 UTC (rev 94841)
@@ -0,0 +1,4 @@
+execCommand("Indent") was crashing if the top element to be formatted is actually not an element.
+The test has passed if it does not crash.
+
+PASS

Added: trunk/LayoutTests/editing/execCommand/ident-crashes-topnode-is-text.html (0 => 94841)

--- trunk/LayoutTests/editing/execCommand/ident-crashes-topnode-is-text.html	                        (rev 0)
+++ trunk/LayoutTests/editing/execCommand/ident-crashes-topnode-is-text.html	2011-09-09 09:13:19 UTC (rev 94841)
@@ -0,0 +1,16 @@
+<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+function runTest() {
+    window.getSelection().setBaseAndExtent(start, 0, null, 0);
+    document.execCommand("Indent");
+
+    document.writeln('execCommand("Indent") was crashing if the top element to be formatted is actually not an element.<br>');
+    document.writeln('The test has passed if it does not crash.<br><br>')
+    document.writeln('PASS');
+}
+</script>
+<body _onLoad_="runTest();">
+    ><defs contenteditable="true" id="start">
+        <rt>AAAAAAA0A0AAAA00

Modified: trunk/Source/WebCore/ChangeLog (94840 => 94841)

--- trunk/Source/WebCore/ChangeLog	2011-09-09 09:02:36 UTC (rev 94840)
+++ trunk/Source/WebCore/ChangeLog	2011-09-09 09:13:19 UTC (rev 94841)
@@ -1,5 +1,20 @@
 2011-09-09  Shinya Kawanaka  <shin...@google.com>
 
+        Crashes in WebCore::AppendNodeCommand::create().
+        https://bugs.webkit.org/show_bug.cgi?id=67767
+
+        Reviewed by Darin Adler.
+
+        In CompositeEditCommand::closeParagraphUnderNewElement(), lastNode could be a non Element node.
+        The current code assumes lastNode is an Element node. This patch checks it.
+
+        Test: editing/execCommand/ident-crashes-topnode-is-text.html
+
+        * editing/CompositeEditCommand.cpp:
+        (WebCore::CompositeEditCommand::cloneParagraphUnderNewElement): Added an element node check.
+
+2011-09-09  Shinya Kawanaka  <shin...@google.com>
+
         Crashes in WebCore::ApplyStyleCommand.doApply()
         https://bugs.webkit.org/show_bug.cgi?id=67765
 

Modified: trunk/Source/WebCore/editing/CompositeEditCommand.cpp (94840 => 94841)

--- trunk/Source/WebCore/editing/CompositeEditCommand.cpp	2011-09-09 09:02:36 UTC (rev 94840)
+++ trunk/Source/WebCore/editing/CompositeEditCommand.cpp	2011-09-09 09:13:19 UTC (rev 94841)
@@ -808,7 +808,7 @@
     appendNode(topNode, blockElement);
     RefPtr<Node> lastNode = topNode;
 
-    if (start.deprecatedNode() != outerNode) {
+    if (start.deprecatedNode() != outerNode && lastNode->isElementNode()) {
         Vector<RefPtr<Node> > ancestors;
         
         // Insert each node from innerNode to outerNode (excluded) in a list.

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes