[webkit-changes] [217958] trunk

Thu, 08 Jun 2017 19:13:42 -0700

Title: [217958] trunk
Revision
217958
Author
[email protected]
Date
2017-06-08 19:13:06 -0700 (Thu, 08 Jun 2017)

Log Message

Crash inside InsertNodeBeforeCommand via InsertParagraphSeparatorCommand
https://bugs.webkit.org/show_bug.cgi?id=173085
Source/WebCore:

<rdar://problem/32575059>

Reviewed by Wenson Hsieh.

The crash was caused by the condition to check for special cases failing when visiblePos is null.
Exit early in these extreme cases.

Also replaced the use of deprecatedNode and deprecatedEditingOffset to modern idioms.

Test: editing/inserting/insert-horizontal-rule-in-empty-document-crash.html

* editing/InsertParagraphSeparatorCommand.cpp:
(WebCore::InsertParagraphSeparatorCommand::doApply):

LayoutTests:


Reviewed by Wenson Hsieh.

Added a regresion test.

* editing/inserting/insert-horizontal-rule-in-empty-document-crash-expected.txt: Added.
* editing/inserting/insert-horizontal-rule-in-empty-document-crash.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (217957 => 217958)


--- trunk/LayoutTests/ChangeLog	2017-06-09 02:09:39 UTC (rev 217957)
+++ trunk/LayoutTests/ChangeLog	2017-06-09 02:13:06 UTC (rev 217958)
@@ -1,5 +1,17 @@
 2017-06-08  Ryosuke Niwa  <[email protected]>
 
+        Crash inside InsertNodeBeforeCommand via InsertParagraphSeparatorCommand
+        https://bugs.webkit.org/show_bug.cgi?id=173085
+
+        Reviewed by Wenson Hsieh.
+
+        Added a regresion test.
+
+        * editing/inserting/insert-horizontal-rule-in-empty-document-crash-expected.txt: Added.
+        * editing/inserting/insert-horizontal-rule-in-empty-document-crash.html: Added.
+
+2017-06-08  Ryosuke Niwa  <[email protected]>
+
         The tree scope of an Attr node inside a shadow tree does not updated upon detach.
         https://bugs.webkit.org/show_bug.cgi?id=173122

Added: trunk/LayoutTests/editing/inserting/insert-horizontal-rule-in-empty-document-crash-expected.txt (0 => 217958)


--- trunk/LayoutTests/editing/inserting/insert-horizontal-rule-in-empty-document-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/editing/inserting/insert-horizontal-rule-in-empty-document-crash-expected.txt	2017-06-09 02:13:06 UTC (rev 217958)
@@ -0,0 +1 @@
+PASS. WebKit did not crash.

Added: trunk/LayoutTests/editing/inserting/insert-horizontal-rule-in-empty-document-crash.html (0 => 217958)


--- trunk/LayoutTests/editing/inserting/insert-horizontal-rule-in-empty-document-crash.html	                        (rev 0)
+++ trunk/LayoutTests/editing/inserting/insert-horizontal-rule-in-empty-document-crash.html	2017-06-09 02:13:06 UTC (rev 217958)
@@ -0,0 +1,21 @@
+<html>
+<head>
+<script>
+function runTest()
+{
+   document.execCommand("selectAll", true);
+   document['designMode'] = 'on';
+   document.execCommand("insertHorizontalRule", true);
+   document.body.replaceWith(document.createElement('div'));
+   document.execCommand("insertHorizontalRule", true);
+   if (window.testRunner) {
+       testRunner.dumpAsText();
+       document.documentElement.textContent = 'PASS. WebKit did not crash.';
+   }
+}
+window._onload_ = runTest;
+</script>
+</head>
+<body>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (217957 => 217958)


--- trunk/Source/WebCore/ChangeLog	2017-06-09 02:09:39 UTC (rev 217957)
+++ trunk/Source/WebCore/ChangeLog	2017-06-09 02:13:06 UTC (rev 217958)
@@ -1,5 +1,23 @@
 2017-06-08  Ryosuke Niwa  <[email protected]>
 
+        Crash inside InsertNodeBeforeCommand via InsertParagraphSeparatorCommand
+        https://bugs.webkit.org/show_bug.cgi?id=173085
+        <rdar://problem/32575059>
+
+        Reviewed by Wenson Hsieh.
+
+        The crash was caused by the condition to check for special cases failing when visiblePos is null.
+        Exit early in these extreme cases.
+
+        Also replaced the use of deprecatedNode and deprecatedEditingOffset to modern idioms.
+
+        Test: editing/inserting/insert-horizontal-rule-in-empty-document-crash.html
+
+        * editing/InsertParagraphSeparatorCommand.cpp:
+        (WebCore::InsertParagraphSeparatorCommand::doApply):
+
+2017-06-08  Ryosuke Niwa  <[email protected]>
+
         The tree scope of an Attr node inside a shadow tree does not updated upon detach.
         https://bugs.webkit.org/show_bug.cgi?id=173122

Modified: trunk/Source/WebCore/editing/InsertParagraphSeparatorCommand.cpp (217957 => 217958)


--- trunk/Source/WebCore/editing/InsertParagraphSeparatorCommand.cpp	2017-06-09 02:09:39 UTC (rev 217957)
+++ trunk/Source/WebCore/editing/InsertParagraphSeparatorCommand.cpp	2017-06-09 02:13:06 UTC (rev 217958)
@@ -185,6 +185,9 @@
     // Adjust the insertion position after the delete
     insertionPosition = positionAvoidingSpecialElementBoundary(insertionPosition);
     VisiblePosition visiblePos(insertionPosition, affinity);
+    if (visiblePos.isNull())
+        return;
+
     calculateStyleBeforeInsertion(insertionPosition);
 
     //---------------------------------------------------------------------
@@ -266,9 +269,8 @@
             // startBlock should always have children, otherwise isLastInBlock would be true and it's handled above.
             ASSERT(startBlock->firstChild());
             refNode = startBlock->firstChild();
-        }
-        else if (insertionPosition.deprecatedNode() == startBlock && nestNewBlock) {
-            refNode = startBlock->traverseToChildAt(insertionPosition.deprecatedEditingOffset());
+        } else if (insertionPosition.containerNode() == startBlock && nestNewBlock) {
+            refNode = startBlock->traverseToChildAt(insertionPosition.computeOffsetInContainerNode());
             ASSERT(refNode); // must be true or we'd be in the end of block case
         } else
             refNode = insertionPosition.deprecatedNode();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to