Title: [202807] trunk/Source/WebKit2
- Revision
- 202807
- Author
- [email protected]
- Date
- 2016-07-04 04:22:59 -0700 (Mon, 04 Jul 2016)
Log Message
[GTK] Null WebCore::Range dereference in WebEditorClient::updateGlobalSelection
https://bugs.webkit.org/show_bug.cgi?id=159341
Patch by Fujii Hironori <[email protected]> on 2016-07-04
Reviewed by Carlos Garcia Campos.
FrameSelection::toNormalizedRange() can return null. Null check is
needed.
Tests:
editing/input/set-value-on-input-and-delete.html
editing/selection/selection-in-iframe-removed-crash.html
imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/sizes/parse-a-sizes-attribute.html
imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-after-content-change.html
imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-not-application-textarea.html
imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-not-application.html
* WebProcess/WebCoreSupport/gtk/WebEditorClientGtk.cpp:
(WebKit::WebEditorClient::updateGlobalSelection): Do not update
global selection if FrameSelection::toNormalizedRange() returns
null.
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (202806 => 202807)
--- trunk/Source/WebKit2/ChangeLog 2016-07-04 10:51:54 UTC (rev 202806)
+++ trunk/Source/WebKit2/ChangeLog 2016-07-04 11:22:59 UTC (rev 202807)
@@ -1,5 +1,28 @@
2016-07-04 Fujii Hironori <[email protected]>
+ [GTK] Null WebCore::Range dereference in WebEditorClient::updateGlobalSelection
+ https://bugs.webkit.org/show_bug.cgi?id=159341
+
+ Reviewed by Carlos Garcia Campos.
+
+ FrameSelection::toNormalizedRange() can return null. Null check is
+ needed.
+
+ Tests:
+ editing/input/set-value-on-input-and-delete.html
+ editing/selection/selection-in-iframe-removed-crash.html
+ imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/sizes/parse-a-sizes-attribute.html
+ imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-after-content-change.html
+ imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-not-application-textarea.html
+ imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-not-application.html
+
+ * WebProcess/WebCoreSupport/gtk/WebEditorClientGtk.cpp:
+ (WebKit::WebEditorClient::updateGlobalSelection): Do not update
+ global selection if FrameSelection::toNormalizedRange() returns
+ null.
+
+2016-07-04 Fujii Hironori <[email protected]>
+
[GTK] ASSERTION_FAILED: m_key != PTHREAD_KEYS_MAX when defining WEBKIT2_PAUSE_WEB_PROCESS_ON_LAUNCH
https://bugs.webkit.org/show_bug.cgi?id=158149
Modified: trunk/Source/WebKit2/WebProcess/WebCoreSupport/gtk/WebEditorClientGtk.cpp (202806 => 202807)
--- trunk/Source/WebKit2/WebProcess/WebCoreSupport/gtk/WebEditorClientGtk.cpp 2016-07-04 10:51:54 UTC (rev 202806)
+++ trunk/Source/WebKit2/WebProcess/WebCoreSupport/gtk/WebEditorClientGtk.cpp 2016-07-04 11:22:59 UTC (rev 202807)
@@ -165,6 +165,9 @@
#if PLATFORM(X11)
if (!frame->selection().isRange())
return;
+ RefPtr<Range> range = frame->selection().toNormalizedRange();
+ if (!range)
+ return;
frameSettingClipboard = frame;
GRefPtr<GClosure> callback = adoptGRef(g_cclosure_new(G_CALLBACK(collapseSelection), frame, nullptr));
@@ -174,7 +177,6 @@
new EditorClientFrameDestructionObserver(frame, callback.get());
g_closure_set_marshal(callback.get(), g_cclosure_marshal_VOID__VOID);
- RefPtr<Range> range = frame->selection().toNormalizedRange();
PasteboardWebContent pasteboardContent;
pasteboardContent.canSmartCopyOrDelete = false;
pasteboardContent.text = range->text();
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
