Skip to site navigation (Press enter)

[webkit-changes] [202762] trunk/Source/WebCore

cdumez Fri, 01 Jul 2016 16:26:05 -0700

Title: [202762] trunk/Source/WebCore

Revision: 202762
Author: [email protected]
Date: 2016-07-01 16:25:04 -0700 (Fri, 01 Jul 2016)

Log Message

Possible null Range dereference under AXObjectCache::visiblePositionFromCharacterOffset()
https://bugs.webkit.org/show_bug.cgi?id=159330
<rdar://problem/27123752>


Reviewed by Benjamin Poulain.

rangeForUnorderedCharacterOffsets() can return a null Range but we failed
to do a null check before dereferencing it.

* accessibility/AXObjectCache.cpp:
(WebCore::AXObjectCache::visiblePositionFromCharacterOffset):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/accessibility/AXObjectCache.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (202761 => 202762)


--- trunk/Source/WebCore/ChangeLog	2016-07-01 23:22:23 UTC (rev 202761)
+++ trunk/Source/WebCore/ChangeLog	2016-07-01 23:25:04 UTC (rev 202762)
@@ -1,5 +1,19 @@
 2016-07-01  Chris Dumez  <[email protected]>
 
+        Possible null Range dereference under AXObjectCache::visiblePositionFromCharacterOffset()
+        https://bugs.webkit.org/show_bug.cgi?id=159330
+        <rdar://problem/27123752>
+
+        Reviewed by Benjamin Poulain.
+
+        rangeForUnorderedCharacterOffsets() can return a null Range but we failed
+        to do a null check before dereferencing it.
+
+        * accessibility/AXObjectCache.cpp:
+        (WebCore::AXObjectCache::visiblePositionFromCharacterOffset):
+
+2016-07-01  Chris Dumez  <[email protected]>
+
         Regression(r199087): window.focus() / window.close() can no longer be called by a Window's opener
         https://bugs.webkit.org/show_bug.cgi?id=159364
         <rdar://problem/27117169>

Modified: trunk/Source/WebCore/accessibility/AXObjectCache.cpp (202761 => 202762)


--- trunk/Source/WebCore/accessibility/AXObjectCache.cpp	2016-07-01 23:22:23 UTC (rev 202761)
+++ trunk/Source/WebCore/accessibility/AXObjectCache.cpp	2016-07-01 23:25:04 UTC (rev 202762)
@@ -1958,8 +1958,8 @@
     
     // Create a collapsed range and use that to form a VisiblePosition, so that the case with
     // composed characters will be covered.
-    RefPtr<Range> range = rangeForUnorderedCharacterOffsets(characterOffset, characterOffset);
-    return VisiblePosition(range->startPosition());
+    auto range = rangeForUnorderedCharacterOffsets(characterOffset, characterOffset);
+    return range ? VisiblePosition(range->startPosition()) : VisiblePosition();
 }
 
 CharacterOffset AXObjectCache::characterOffsetFromVisiblePosition(const VisiblePosition& visiblePos)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes