[webkit-changes] [203964] branches/safari-602-branch/Source/WebKit2

Sun, 31 Jul 2016 23:51:42 -0700

Title: [203964] branches/safari-602-branch/Source/WebKit2
Revision
203964
Author
[email protected]
Date
2016-07-31 23:51:21 -0700 (Sun, 31 Jul 2016)

Log Message

Merge r203909. rdar://problem/27078089


Modified Paths

Diff

Modified: branches/safari-602-branch/Source/WebKit2/ChangeLog (203963 => 203964)


--- branches/safari-602-branch/Source/WebKit2/ChangeLog	2016-08-01 06:51:18 UTC (rev 203963)
+++ branches/safari-602-branch/Source/WebKit2/ChangeLog	2016-08-01 06:51:21 UTC (rev 203964)
@@ -1,3 +1,27 @@
+2016-07-31  Babak Shafiei  <[email protected]>
+
+        Merge r203909. rdar://problem/27078089
+
+    2016-07-28  Ryosuke Niwa  <[email protected]>
+
+            Crash with an Invalid Web Process IPC Message ID: WebPageProxy.AttributedStringForCharacterRangeCallback
+            https://bugs.webkit.org/show_bug.cgi?id=160334
+            <rdar://problem/27078089>
+
+            Reviewed by Alexey Proskuryakov.
+
+            The crash is most likely caused by an MESSAGE_CHECK failure in WebPageProxy::attributedStringForCharacterRangeCallback
+            which marks the currently dispatching message was invalid inside the macro.
+
+            Make sure we never fail this check by sending an empty EditingRange in attributedSubstringForCharacterRangeAsync when
+            the editing range we're about to send to the UIProcess is invalid in WebProcess.
+
+            Unfortunately, no new tests since we don't have any reproduction and I couldn't spot any code path in which we end up
+            with an invalid EditingRage here with multiple inspection of the relevant code.
+
+            * WebProcess/WebPage/mac/WebPageMac.mm:
+            (WebKit::WebPage::attributedSubstringForCharacterRangeAsync):
+
 2016-07-28  Babak Shafiei  <[email protected]>
 
         Merge r203780. rdar://problem/27569255

Modified: branches/safari-602-branch/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm (203963 => 203964)


--- branches/safari-602-branch/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm	2016-08-01 06:51:18 UTC (rev 203963)
+++ branches/safari-602-branch/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm	2016-08-01 06:51:21 UTC (rev 203964)
@@ -352,7 +352,15 @@
         result.string = [attributedString attributedSubstringFromRange:NSMakeRange(0, editingRange.length)];
     }
 
-    send(Messages::WebPageProxy::AttributedStringForCharacterRangeCallback(result, EditingRange(editingRange.location, [result.string length]), callbackID));
+    EditingRange rangeToSend(editingRange.location, [result.string length]);
+    ASSERT(rangeToSend.isValid());
+    if (!rangeToSend.isValid()) {
+        // Send an empty EditingRange as a last resort for <rdar://problem/27078089>.
+        send(Messages::WebPageProxy::AttributedStringForCharacterRangeCallback(result, EditingRange(), callbackID));
+        return;
+    }
+
+    send(Messages::WebPageProxy::AttributedStringForCharacterRangeCallback(result, rangeToSend, callbackID));
 }
 
 void WebPage::fontAtSelection(uint64_t callbackID)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to