Title: [258522] trunk
- Revision
- 258522
- Author
- [email protected]
- Date
- 2020-03-16 15:10:33 -0700 (Mon, 16 Mar 2020)
Log Message
Crash in CSSValue::isPrimitiveValue
https://bugs.webkit.org/show_bug.cgi?id=208309
Patch by Pinki Gyanchandani <[email protected]> on 2020-03-16
Reviewed by Ryosuke Niwa.
Source/WebCore:
Added a NULL check before dereferencing value in ApplyStyleCommand::computedFontSize
Test: editing/execCommand/primitive-value.html
* editing/ApplyStyleCommand.cpp:
(WebCore::ApplyStyleCommand::computedFontSize):
LayoutTests:
Added a testcase attached to bugzilla issue 208309, with little modification.
* editing/execCommand/primitive-value-expected.txt: Added.
* editing/execCommand/primitive-value.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (258521 => 258522)
--- trunk/LayoutTests/ChangeLog 2020-03-16 22:04:02 UTC (rev 258521)
+++ trunk/LayoutTests/ChangeLog 2020-03-16 22:10:33 UTC (rev 258522)
@@ -1,3 +1,15 @@
+2020-03-16 Pinki Gyanchandani <[email protected]>
+
+ Crash in CSSValue::isPrimitiveValue
+ https://bugs.webkit.org/show_bug.cgi?id=208309
+
+ Reviewed by Ryosuke Niwa.
+
+ Added a testcase attached to bugzilla issue 208309, with little modification.
+
+ * editing/execCommand/primitive-value-expected.txt: Added.
+ * editing/execCommand/primitive-value.html: Added.
+
2020-03-16 Jason Lawrence <[email protected]>
[ Mac wk2 ] imported/w3c/web-platform-tests/mediacapture-streams/MediaStream tests are flaky failing.
Added: trunk/LayoutTests/editing/execCommand/primitive-value-expected.txt (0 => 258522)
--- trunk/LayoutTests/editing/execCommand/primitive-value-expected.txt (rev 0)
+++ trunk/LayoutTests/editing/execCommand/primitive-value-expected.txt 2020-03-16 22:10:33 UTC (rev 258522)
@@ -0,0 +1 @@
+This test checks that pasing in a combination of nested blocks where one starts with a text field doesn't crash or fail assertions. x
Added: trunk/LayoutTests/editing/execCommand/primitive-value.html (0 => 258522)
--- trunk/LayoutTests/editing/execCommand/primitive-value.html (rev 0)
+++ trunk/LayoutTests/editing/execCommand/primitive-value.html 2020-03-16 22:10:33 UTC (rev 258522)
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+<html>
+<script>
+
+function primValueTest() {
+ if (window.testRunner)
+ testRunner.dumpAsText();
+
+ document.designMode = 'on';
+ document.execCommand("selectAll");
+ document.execCommand("InsertHTML",false,"This test checks that pasing in a combination of nested blocks where one starts with a text field doesn't crash or fail assertions.<textarea> </textarea> \n<span>x</span>\n");
+ document.execCommand("selectAll");
+ document.execCommand("FontSizeDelta",false,3);
+}
+</script>
+<body _onload_=primValueTest()>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (258521 => 258522)
--- trunk/Source/WebCore/ChangeLog 2020-03-16 22:04:02 UTC (rev 258521)
+++ trunk/Source/WebCore/ChangeLog 2020-03-16 22:10:33 UTC (rev 258522)
@@ -1,3 +1,17 @@
+2020-03-16 Pinki Gyanchandani <[email protected]>
+
+ Crash in CSSValue::isPrimitiveValue
+ https://bugs.webkit.org/show_bug.cgi?id=208309
+
+ Reviewed by Ryosuke Niwa.
+
+ Added a NULL check before dereferencing value in ApplyStyleCommand::computedFontSize
+
+ Test: editing/execCommand/primitive-value.html
+
+ * editing/ApplyStyleCommand.cpp:
+ (WebCore::ApplyStyleCommand::computedFontSize):
+
2020-03-16 Megan Gardner <[email protected]>
Color Picker crashes on touch
Modified: trunk/Source/WebCore/editing/ApplyStyleCommand.cpp (258521 => 258522)
--- trunk/Source/WebCore/editing/ApplyStyleCommand.cpp 2020-03-16 22:04:02 UTC (rev 258521)
+++ trunk/Source/WebCore/editing/ApplyStyleCommand.cpp 2020-03-16 22:10:33 UTC (rev 258522)
@@ -1497,6 +1497,8 @@
return 0;
auto value = ComputedStyleExtractor(node).propertyValue(CSSPropertyFontSize);
+ if (!value)
+ return 0;
return downcast<CSSPrimitiveValue>(*value).floatValue(CSSUnitType::CSS_PX);
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
