[webkit-changes] [250222] releases/WebKitGTK/webkit-2.26/Source/WebCore

Mon, 23 Sep 2019 03:15:19 -0700

Title: [250222] releases/WebKitGTK/webkit-2.26/Source/WebCore
Revision
250222
Author
carlo...@webkit.org
Date
2019-09-23 03:14:32 -0700 (Mon, 23 Sep 2019)

Log Message

Merge r249854 - Crash under WebCore::firstPositionInNode()
https://bugs.webkit.org/show_bug.cgi?id=201764
<rdar://problem/54823754>

Reviewed by Wenson Hsieh and Geoff Garen.

Make sure to keep a Ref<> to the textNode when we call insertNodeAtTabSpanPosition()
or insertNodeAt().

Test: editing/firstPositionInNode-crash.html

* editing/InsertTextCommand.cpp:
(WebCore::InsertTextCommand::positionInsideTextNode):

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog (250221 => 250222)


--- releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog	2019-09-23 10:14:29 UTC (rev 250221)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/ChangeLog	2019-09-23 10:14:32 UTC (rev 250222)
@@ -1,3 +1,19 @@
+2019-09-13  Chris Dumez  <cdu...@apple.com>
+
+        Crash under WebCore::firstPositionInNode()
+        https://bugs.webkit.org/show_bug.cgi?id=201764
+        <rdar://problem/54823754>
+
+        Reviewed by Wenson Hsieh and Geoff Garen.
+
+        Make sure to keep a Ref<> to the textNode when we call insertNodeAtTabSpanPosition()
+        or insertNodeAt().
+
+        Test: editing/firstPositionInNode-crash.html
+
+        * editing/InsertTextCommand.cpp:
+        (WebCore::InsertTextCommand::positionInsideTextNode):
+
 2019-09-11  Ali Juma  <aj...@chromium.org>
 
         Prevent reentrancy FrameLoader::dispatchUnloadEvents()

Modified: releases/WebKitGTK/webkit-2.26/Source/WebCore/editing/InsertTextCommand.cpp (250221 => 250222)


--- releases/WebKitGTK/webkit-2.26/Source/WebCore/editing/InsertTextCommand.cpp	2019-09-23 10:14:29 UTC (rev 250221)
+++ releases/WebKitGTK/webkit-2.26/Source/WebCore/editing/InsertTextCommand.cpp	2019-09-23 10:14:32 UTC (rev 250222)
@@ -59,9 +59,8 @@
     Position pos = p;
     if (isTabSpanTextNode(pos.anchorNode())) {
         auto textNode = document().createEditingTextNode(emptyString());
-        auto* textNodePtr = textNode.ptr();
-        insertNodeAtTabSpanPosition(WTFMove(textNode), pos);
-        return firstPositionInNode(textNodePtr);
+        insertNodeAtTabSpanPosition(textNode.copyRef(), pos);
+        return firstPositionInNode(textNode.ptr());
     }
 
     // Prepare for text input by looking at the specified position.
@@ -68,9 +67,8 @@
     // It may be necessary to insert a text node to receive characters.
     if (!pos.containerNode()->isTextNode()) {
         auto textNode = document().createEditingTextNode(emptyString());
-        auto* textNodePtr = textNode.ptr();
-        insertNodeAt(WTFMove(textNode), pos);
-        return firstPositionInNode(textNodePtr);
+        insertNodeAt(textNode.copyRef(), pos);
+        return firstPositionInNode(textNode.ptr());
     }
 
     return pos;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to