Title: [259619] trunk
- Revision
- 259619
- Author
- [email protected]
- Date
- 2020-04-06 18:45:56 -0700 (Mon, 06 Apr 2020)
Log Message
Nullptr crash in WebCore::lastPositionInNode when indenting text node that has user-select:all parent.
https://bugs.webkit.org/show_bug.cgi?id=210016
<rdar://problem/61014577>
Reviewed by Ryosuke Niwa.
Source/WebCore:
In rangeForParagraphSplittingTextNodesIfNeeded, added null check for previousSibling()
after splitTextNode is called, and returns empty positions to caller.
In formatSelection, check the returned positions from rangeForParagraphSplittingTextNodesIfNeeded
and stop indenting the rest of the paragraphs.
Test: fast/editing/indent-pre-user-select-all-crash.html
* editing/ApplyBlockElementCommand.cpp:
(WebCore::ApplyBlockElementCommand::formatSelection):
(WebCore::ApplyBlockElementCommand::rangeForParagraphSplittingTextNodesIfNeeded):
LayoutTests:
Added a regression test for the crash.
* fast/editing/indent-pre-user-select-all-crash-expected.txt: Added.
* fast/editing/indent-pre-user-select-all-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (259618 => 259619)
--- trunk/LayoutTests/ChangeLog 2020-04-07 01:04:05 UTC (rev 259618)
+++ trunk/LayoutTests/ChangeLog 2020-04-07 01:45:56 UTC (rev 259619)
@@ -1,3 +1,16 @@
+2020-04-06 Jack Lee <[email protected]>
+
+ Nullptr crash in WebCore::lastPositionInNode when indenting text node that has user-select:all parent.
+ https://bugs.webkit.org/show_bug.cgi?id=210016
+ <rdar://problem/61014577>
+
+ Reviewed by Ryosuke Niwa.
+
+ Added a regression test for the crash.
+
+ * fast/editing/indent-pre-user-select-all-crash-expected.txt: Added.
+ * fast/editing/indent-pre-user-select-all-crash.html: Added.
+
2020-04-06 Jason Lawrence <[email protected]>
[ Mac wk1 Debug ] inspector/debugger/evaluateOnCallFrame-errors.html is flaky failing.
Added: trunk/LayoutTests/fast/editing/indent-pre-user-select-all-crash-expected.txt (0 => 259619)
--- trunk/LayoutTests/fast/editing/indent-pre-user-select-all-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/editing/indent-pre-user-select-all-crash-expected.txt 2020-04-07 01:45:56 UTC (rev 259619)
@@ -0,0 +1 @@
+Tests indenting pre element that has user-select:all parent. The test passes if WebKit doesn't crash or hit an assertion.
Added: trunk/LayoutTests/fast/editing/indent-pre-user-select-all-crash.html (0 => 259619)
--- trunk/LayoutTests/fast/editing/indent-pre-user-select-all-crash.html (rev 0)
+++ trunk/LayoutTests/fast/editing/indent-pre-user-select-all-crash.html 2020-04-07 01:45:56 UTC (rev 259619)
@@ -0,0 +1,23 @@
+<style>
+ #DETAILS { -webkit-user-select: all; }
+</style>
+<script>
+ if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+ }
+
+ window._onload_ = () => {
+ document.execCommand("selectAll", false);
+ document.execCommand("indent", false);
+
+ requestAnimationFrame(function () {
+ document.body.innerHTML = "<p>Tests indenting pre element that has user-select:all parent. The test passes if WebKit doesn't crash or hit an assertion.</p>";
+ if (window.testRunner) {
+ testRunner.notifyDone();
+ }
+ });
+ }
+</script>
+<body contentEditable="true"><br></br><details id=DETAILS open="true"><pre>a
+</pre></details><span>a</span>
Modified: trunk/Source/WebCore/ChangeLog (259618 => 259619)
--- trunk/Source/WebCore/ChangeLog 2020-04-07 01:04:05 UTC (rev 259618)
+++ trunk/Source/WebCore/ChangeLog 2020-04-07 01:45:56 UTC (rev 259619)
@@ -1,3 +1,23 @@
+2020-04-06 Jack Lee <[email protected]>
+
+ Nullptr crash in WebCore::lastPositionInNode when indenting text node that has user-select:all parent.
+ https://bugs.webkit.org/show_bug.cgi?id=210016
+ <rdar://problem/61014577>
+
+ Reviewed by Ryosuke Niwa.
+
+ In rangeForParagraphSplittingTextNodesIfNeeded, added null check for previousSibling()
+ after splitTextNode is called, and returns empty positions to caller.
+
+ In formatSelection, check the returned positions from rangeForParagraphSplittingTextNodesIfNeeded
+ and stop indenting the rest of the paragraphs.
+
+ Test: fast/editing/indent-pre-user-select-all-crash.html
+
+ * editing/ApplyBlockElementCommand.cpp:
+ (WebCore::ApplyBlockElementCommand::formatSelection):
+ (WebCore::ApplyBlockElementCommand::rangeForParagraphSplittingTextNodesIfNeeded):
+
2020-04-06 Devin Rousso <[email protected]>
Web Inspector: `console.log(...)` appear as `CONSOLE LOG LOG` in the system console
Modified: trunk/Source/WebCore/editing/ApplyBlockElementCommand.cpp (259618 => 259619)
--- trunk/Source/WebCore/editing/ApplyBlockElementCommand.cpp 2020-04-07 01:04:05 UTC (rev 259618)
+++ trunk/Source/WebCore/editing/ApplyBlockElementCommand.cpp 2020-04-07 01:45:56 UTC (rev 259619)
@@ -133,6 +133,9 @@
atEnd = true;
rangeForParagraphSplittingTextNodesIfNeeded(endOfCurrentParagraph, start, end);
+ if (start.isNull() || end.isNull())
+ break;
+
endOfCurrentParagraph = end;
// FIXME: endOfParagraph can errornously return a position at the beginning of a block element
@@ -241,6 +244,11 @@
if (endStyle->userModify() != UserModify::ReadOnly && !endStyle->collapseWhiteSpace() && end.offsetInContainerNode() && end.offsetInContainerNode() < end.containerNode()->maxCharacterOffset()) {
RefPtr<Text> endContainer = end.containerText();
splitTextNode(*endContainer, end.offsetInContainerNode());
+ if (is<Text>(endContainer) && !endContainer->previousSibling()) {
+ start = { };
+ end = { };
+ return;
+ }
if (isStartAndEndOnSameNode)
start = firstPositionInOrBeforeNode(endContainer->previousSibling());
if (isEndAndEndOfLastParagraphOnSameNode) {
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
