[webkit-changes] [257536] trunk

Wed, 26 Feb 2020 17:03:18 -0800

Title: [257536] trunk
Revision
257536
Author
[email protected]
Date
2020-02-26 17:01:37 -0800 (Wed, 26 Feb 2020)

Log Message

Nullptr crash in WebCore::canHaveChildrenForEditing via CompositeEditCommand::insertNode
https://bugs.webkit.org/show_bug.cgi?id=208115
<rdar://problem/56685655>

Patch by Jack Lee <[email protected]> on 2020-02-26
Reviewed by Ryosuke Niwa.

When inserting a list at an element with a non-list-item child, if the element is uneditable, skip creating list item for the child.

Source/WebCore:

Test: fast/lists/insert-list-uneditable-element-with-non-li-child.html

* editing/InsertListCommand.cpp:
(WebCore::InsertListCommand::listifyParagraph):

LayoutTests:

* fast/lists/insert-list-uneditable-element-with-non-li-child-expected.txt: Added.
* fast/lists/insert-list-uneditable-element-with-non-li-child.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (257535 => 257536)


--- trunk/LayoutTests/ChangeLog	2020-02-27 00:53:28 UTC (rev 257535)
+++ trunk/LayoutTests/ChangeLog	2020-02-27 01:01:37 UTC (rev 257536)
@@ -1,3 +1,16 @@
+2020-02-26  Jack Lee  <[email protected]>
+
+        Nullptr crash in WebCore::canHaveChildrenForEditing via CompositeEditCommand::insertNode
+        https://bugs.webkit.org/show_bug.cgi?id=208115
+        <rdar://problem/56685655>
+
+        Reviewed by Ryosuke Niwa.
+
+        When inserting a list at an element with a non-list-item child, if the element is uneditable, skip creating list item for the child. 
+
+        * fast/lists/insert-list-uneditable-element-with-non-li-child-expected.txt: Added.
+        * fast/lists/insert-list-uneditable-element-with-non-li-child.html: Added.
+
 2020-02-26  Jason Lawrence  <[email protected]>
 
         [mac-sierra] LayoutTest media/modern-media-controls/pip-support/pip-support-click.html is a flaky failure

Added: trunk/LayoutTests/fast/lists/insert-list-uneditable-element-with-non-li-child-expected.txt (0 => 257536)


--- trunk/LayoutTests/fast/lists/insert-list-uneditable-element-with-non-li-child-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/lists/insert-list-uneditable-element-with-non-li-child-expected.txt	2020-02-27 01:01:37 UTC (rev 257536)
@@ -0,0 +1 @@
+Tests inserting ol at an uneditable element with non-li child. The test passes if WebKit doesn't crash or hit an assertion.

Added: trunk/LayoutTests/fast/lists/insert-list-uneditable-element-with-non-li-child.html (0 => 257536)


--- trunk/LayoutTests/fast/lists/insert-list-uneditable-element-with-non-li-child.html	                        (rev 0)
+++ trunk/LayoutTests/fast/lists/insert-list-uneditable-element-with-non-li-child.html	2020-02-27 01:01:37 UTC (rev 257536)
@@ -0,0 +1,13 @@
+<style>
+body { -webkit-user-modify: read-write; background-image: url(); }
+</style>
+<script>
+    if (window.testRunner)
+        testRunner.dumpAsText();
+    _onload_ = function fun() {
+        document.getSelection().setPosition(HR);
+        HR.appendChild(document.createElement("option"));
+        document.execCommand("insertOrderedList", false);
+    }
+</script>
+<body><hr id=HR contenteditable="false"></hr><span>Tests inserting ol at an uneditable element with non-li child. The test passes if WebKit doesn't crash or hit an assertion.</span>

Modified: trunk/Source/WebCore/ChangeLog (257535 => 257536)


--- trunk/Source/WebCore/ChangeLog	2020-02-27 00:53:28 UTC (rev 257535)
+++ trunk/Source/WebCore/ChangeLog	2020-02-27 01:01:37 UTC (rev 257536)
@@ -1,3 +1,18 @@
+2020-02-26  Jack Lee  <[email protected]>
+
+        Nullptr crash in WebCore::canHaveChildrenForEditing via CompositeEditCommand::insertNode
+        https://bugs.webkit.org/show_bug.cgi?id=208115
+        <rdar://problem/56685655>
+
+        Reviewed by Ryosuke Niwa.
+
+        When inserting a list at an element with a non-list-item child, if the element is uneditable, skip creating list item for the child. 
+
+        Test: fast/lists/insert-list-uneditable-element-with-non-li-child.html
+
+        * editing/InsertListCommand.cpp:
+        (WebCore::InsertListCommand::listifyParagraph):
+
 2020-02-26  Don Olmstead  <[email protected]>
 
         Allow setting of stack sizes for threads

Modified: trunk/Source/WebCore/editing/InsertListCommand.cpp (257535 => 257536)


--- trunk/Source/WebCore/editing/InsertListCommand.cpp	2020-02-27 00:53:28 UTC (rev 257535)
+++ trunk/Source/WebCore/editing/InsertListCommand.cpp	2020-02-27 01:01:37 UTC (rev 257536)
@@ -348,7 +348,7 @@
     VisiblePosition start = startOfParagraph(originalStart, CanSkipOverEditingBoundary);
     VisiblePosition end = endOfParagraph(start, CanSkipOverEditingBoundary);
     
-    if (start.isNull() || end.isNull())
+    if (start.isNull() || end.isNull() || !start.deepEquivalent().containerNode()->hasEditableStyle() || !end.deepEquivalent().containerNode()->hasEditableStyle())
         return 0;
 
     // Check for adjoining lists.

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to