[webkit-changes] [254677] trunk/Source/WebKit

[carlosgc]

Title: [254677] trunk/Source/WebKit

Revision

254677

Author

carlo...@webkit.org

Date

2020-01-16 06:47:40 -0800 (Thu, 16 Jan 2020)

Log Message

[GTK][WPE] Web process crash when IM tries to delete surrounding text
https://bugs.webkit.org/show_bug.cgi?id=206352

Reviewed by Adrian Perez de Castro.

TextIterator::rangeFromLocationAndLength() can return nullptr when the start of the range can't be found.

* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::deleteSurrounding): Return early if selectionRange is nullptr.

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp

Diff

Modified: trunk/Source/WebKit/ChangeLog (254676 => 254677)

--- trunk/Source/WebKit/ChangeLog	2020-01-16 14:47:17 UTC (rev 254676)
+++ trunk/Source/WebKit/ChangeLog	2020-01-16 14:47:40 UTC (rev 254677)
@@ -1,3 +1,15 @@
+2020-01-16  Carlos Garcia Campos  <cgar...@igalia.com>
+
+        [GTK][WPE] Web process crash when IM tries to delete surrounding text
+        https://bugs.webkit.org/show_bug.cgi?id=206352
+
+        Reviewed by Adrian Perez de Castro.
+
+        TextIterator::rangeFromLocationAndLength() can return nullptr when the start of the range can't be found.
+
+        * WebProcess/WebPage/WebPage.cpp:
+        (WebKit::WebPage::deleteSurrounding): Return early if selectionRange is nullptr.
+
 2020-01-16  Cathie Chen  <cathiec...@igalia.com>
 
         Mapping HTML attributes width/height to the default aspect ratio of <img>

Modified: trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp (254676 => 254677)

--- trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp	2020-01-16 14:47:17 UTC (rev 254676)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebPage.cpp	2020-01-16 14:47:40 UTC (rev 254677)
@@ -5412,6 +5412,8 @@
     auto cursorPosition = TextIterator::rangeLength(paragraphRange.get());
     auto& rootNode = paragraphRange->startContainer().treeScope().rootNode();
     auto selectionRange = TextIterator::rangeFromLocationAndLength(&rootNode, cursorPosition + offset, characterCount);
+    if (!selectionRange)
+        return;
 
     targetFrame->editor().setIgnoreSelectionChanges(true);
     targetFrame->selection().setSelection(VisibleSelection(*selectionRange, SEL_DEFAULT_AFFINITY));

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes