[webkit-changes] [216652] trunk/Source/WebKit2

[timothy_horton]

Title: [216652] trunk/Source/WebKit2

Revision

216652

Author

timothy_hor...@apple.com

Date

2017-05-10 21:53:15 -0700 (Wed, 10 May 2017)

Log Message

Null deref in WebPage::dictionaryPopupInfoForRange
https://bugs.webkit.org/show_bug.cgi?id=171959
<rdar://problem/20886282>

Reviewed by Beth Dakin.

* WebProcess/WebPage/mac/WebPageMac.mm:
(WebKit::WebPage::dictionaryPopupInfoForRange):
Speculative fix for non-reproducible crash when the startContainer of
the range is in an anonymous node.

Modified Paths

• trunk/Source/WebKit2/ChangeLog
• trunk/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm

Diff

Modified: trunk/Source/WebKit2/ChangeLog (216651 => 216652)

--- trunk/Source/WebKit2/ChangeLog	2017-05-11 04:23:26 UTC (rev 216651)
+++ trunk/Source/WebKit2/ChangeLog	2017-05-11 04:53:15 UTC (rev 216652)
@@ -1,3 +1,16 @@
+2017-05-10  Tim Horton  <timothy_hor...@apple.com>
+
+        Null deref in WebPage::dictionaryPopupInfoForRange
+        https://bugs.webkit.org/show_bug.cgi?id=171959
+        <rdar://problem/20886282>
+
+        Reviewed by Beth Dakin.
+
+        * WebProcess/WebPage/mac/WebPageMac.mm:
+        (WebKit::WebPage::dictionaryPopupInfoForRange):
+        Speculative fix for non-reproducible crash when the startContainer of
+        the range is in an anonymous node.
+
 2017-05-09  Sam Weinig  <s...@webkit.org>
 
         Remove support for legacy Notifications

Modified: trunk/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm (216651 => 216652)

--- trunk/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm	2017-05-11 04:23:26 UTC (rev 216651)
+++ trunk/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm	2017-05-11 04:53:15 UTC (rev 216652)
@@ -74,6 +74,7 @@
 #import <WebCore/MainFrame.h>
 #import <WebCore/NetworkStorageSession.h>
 #import <WebCore/NetworkingContext.h>
+#import <WebCore/NodeRenderStyle.h>
 #import <WebCore/Page.h>
 #import <WebCore/PageOverlayController.h>
 #import <WebCore/PlatformKeyboardEvent.h>
@@ -434,9 +435,6 @@
         editor.setIsGettingDictionaryPopupInfo(false);
         return dictionaryPopupInfo;
     }
-    
-    RenderObject* renderer = range.startContainer().renderer();
-    const RenderStyle& style = renderer->style();
 
     Vector<FloatQuad> quads;
     range.absoluteTextQuads(quads);
@@ -447,7 +445,9 @@
 
     IntRect rangeRect = frame->view()->contentsToWindow(quads[0].enclosingBoundingBox());
 
-    dictionaryPopupInfo.origin = FloatPoint(rangeRect.x(), rangeRect.y() + (style.fontMetrics().ascent() * pageScaleFactor()));
+    const RenderStyle* style = range.startContainer().renderStyle();
+    float scaledAscent = style ? style->fontMetrics().ascent() * pageScaleFactor() : 0;
+    dictionaryPopupInfo.origin = FloatPoint(rangeRect.x(), rangeRect.y() + scaledAscent);
     dictionaryPopupInfo.options = *options;
 
     NSAttributedString *nsAttributedString = editingAttributedStringFromRange(range, IncludeImagesInAttributedString::No);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes