[webkit-changes] [210643] branches/safari-603-branch/Source/WebCore

Thu, 12 Jan 2017 08:45:14 -0800

Title: [210643] branches/safari-603-branch/Source/WebCore
Revision
210643
Author
[email protected]
Date
2017-01-12 08:45:15 -0800 (Thu, 12 Jan 2017)

Log Message

Merge r210376. rdar://problem/29763079


Modified Paths

Diff

Modified: branches/safari-603-branch/Source/WebCore/ChangeLog (210642 => 210643)


--- branches/safari-603-branch/Source/WebCore/ChangeLog	2017-01-12 16:45:12 UTC (rev 210642)
+++ branches/safari-603-branch/Source/WebCore/ChangeLog	2017-01-12 16:45:15 UTC (rev 210643)
@@ -1,5 +1,27 @@
 2017-01-12  Matthew Hanson  <[email protected]>
 
+        Merge r210376. rdar://problem/29763079
+
+    2017-01-04  Ryosuke Niwa  <[email protected]>
+
+            Crash inside Editor::styleForSelectionStart
+            https://bugs.webkit.org/show_bug.cgi?id=166710
+
+            Reviewed by Chris Dumez.
+
+            Added a null pointer check. This crash can happen when the DOM is mutated as editorState tries
+            to compute the style at the selection start.
+
+            No new tests since there is no reproducible test case, and I couldn't come up with one either.
+            This crash seems to retire some intricate dependency between when DOM is mutated, selection is
+            updated, and then performPostLayoutTasks ends up updating the editor state in response to
+            the element's editabilty changing.
+
+            * editing/cocoa/EditorCocoa.mm:
+            (WebCore::Editor::styleForSelectionStart):
+
+2017-01-12  Matthew Hanson  <[email protected]>
+
         Merge r210147. rdar://problem/29675551
 
     2016-12-23  Simon Fraser  <[email protected]>

Modified: branches/safari-603-branch/Source/WebCore/editing/cocoa/EditorCocoa.mm (210642 => 210643)


--- branches/safari-603-branch/Source/WebCore/editing/cocoa/EditorCocoa.mm	2017-01-12 16:45:12 UTC (rev 210642)
+++ branches/safari-603-branch/Source/WebCore/editing/cocoa/EditorCocoa.mm	2017-01-12 16:45:15 UTC (rev 210643)
@@ -76,8 +76,9 @@
 
     styleElement->appendChild(frame->document()->createEditingTextNode(emptyString()));
 
-    if (position.deprecatedNode()->parentNode()->appendChild(styleElement).hasException())
-        return nullptr; 
+    auto positionNode = position.deprecatedNode();
+    if (!positionNode || !positionNode->parentNode() || positionNode->parentNode()->appendChild(styleElement).hasException())
+        return nullptr;
 
     nodeToRemove = styleElement.ptr();
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to