Title: [204813] releases/WebKitGTK/webkit-2.12/Source/WebKit2
- Revision
- 204813
- Author
- [email protected]
- Date
- 2016-08-23 04:42:04 -0700 (Tue, 23 Aug 2016)
Log Message
Merge r202807 - [GTK] Null WebCore::Range dereference in WebEditorClient::updateGlobalSelection
https://bugs.webkit.org/show_bug.cgi?id=159341
Patch by Fujii Hironori <[email protected]> on 2016-07-04
Reviewed by Carlos Garcia Campos.
FrameSelection::toNormalizedRange() can return null. Null check is
needed.
Tests:
editing/input/set-value-on-input-and-delete.html
editing/selection/selection-in-iframe-removed-crash.html
imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/sizes/parse-a-sizes-attribute.html
imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-after-content-change.html
imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-not-application-textarea.html
imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-not-application.html
* WebProcess/WebCoreSupport/gtk/WebEditorClientGtk.cpp:
(WebKit::WebEditorClient::updateGlobalSelection): Do not update
global selection if FrameSelection::toNormalizedRange() returns
null.
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.12/Source/WebKit2/ChangeLog (204812 => 204813)
--- releases/WebKitGTK/webkit-2.12/Source/WebKit2/ChangeLog 2016-08-23 11:40:19 UTC (rev 204812)
+++ releases/WebKitGTK/webkit-2.12/Source/WebKit2/ChangeLog 2016-08-23 11:42:04 UTC (rev 204813)
@@ -1,5 +1,28 @@
2016-07-04 Fujii Hironori <[email protected]>
+ [GTK] Null WebCore::Range dereference in WebEditorClient::updateGlobalSelection
+ https://bugs.webkit.org/show_bug.cgi?id=159341
+
+ Reviewed by Carlos Garcia Campos.
+
+ FrameSelection::toNormalizedRange() can return null. Null check is
+ needed.
+
+ Tests:
+ editing/input/set-value-on-input-and-delete.html
+ editing/selection/selection-in-iframe-removed-crash.html
+ imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/sizes/parse-a-sizes-attribute.html
+ imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-after-content-change.html
+ imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-not-application-textarea.html
+ imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-not-application.html
+
+ * WebProcess/WebCoreSupport/gtk/WebEditorClientGtk.cpp:
+ (WebKit::WebEditorClient::updateGlobalSelection): Do not update
+ global selection if FrameSelection::toNormalizedRange() returns
+ null.
+
+2016-07-04 Fujii Hironori <[email protected]>
+
[GTK] ASSERTION_FAILED: m_key != PTHREAD_KEYS_MAX when defining WEBKIT2_PAUSE_WEB_PROCESS_ON_LAUNCH
https://bugs.webkit.org/show_bug.cgi?id=158149
Modified: releases/WebKitGTK/webkit-2.12/Source/WebKit2/WebProcess/WebCoreSupport/gtk/WebEditorClientGtk.cpp (204812 => 204813)
--- releases/WebKitGTK/webkit-2.12/Source/WebKit2/WebProcess/WebCoreSupport/gtk/WebEditorClientGtk.cpp 2016-08-23 11:40:19 UTC (rev 204812)
+++ releases/WebKitGTK/webkit-2.12/Source/WebKit2/WebProcess/WebCoreSupport/gtk/WebEditorClientGtk.cpp 2016-08-23 11:42:04 UTC (rev 204813)
@@ -164,6 +164,9 @@
#if PLATFORM(X11)
if (!frame->selection().isRange())
return;
+ RefPtr<Range> range = frame->selection().toNormalizedRange();
+ if (!range)
+ return;
frameSettingClipboard = frame;
GRefPtr<GClosure> callback = adoptGRef(g_cclosure_new(G_CALLBACK(collapseSelection), frame, nullptr));
@@ -173,7 +176,6 @@
new EditorClientFrameDestructionObserver(frame, callback.get());
g_closure_set_marshal(callback.get(), g_cclosure_marshal_VOID__VOID);
- RefPtr<Range> range = frame->selection().toNormalizedRange();
PasteboardWebContent pasteboardContent;
pasteboardContent.canSmartCopyOrDelete = false;
pasteboardContent.text = range->text();
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
