Skip to site navigation (Press enter)

[webkit-changes] [261126] trunk

shihchieh_lee Mon, 04 May 2020 16:56:10 -0700

Title: [261126] trunk

Revision: 261126
Author: [email protected]
Date: 2020-05-04 16:55:06 -0700 (Mon, 04 May 2020)

Log Message

Nullptr crash in CompositeEditCommand::moveParagraphs when changing style on elements that are
user-select:none and dir:rtl.
https://bugs.webkit.org/show_bug.cgi?id=211206
<rdar://problem/61830589>


Reviewed by Geoffrey Garen.

Source/WebCore:

In function moveParagraphs check if the destination is an empty position and
bail out before moving the paragraphs.

Test: fast/editing/justify-user-select-none-dir-rtl-crash.html

* editing/CompositeEditCommand.cpp:
(WebCore::CompositeEditCommand::moveParagraphs):

LayoutTests:

Added a regression test for the crash.

* fast/editing/justify-user-select-none-dir-rtl-crash-expected.txt: Added.
* fast/editing/justify-user-select-none-dir-rtl-crash.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/editing/CompositeEditCommand.cpp

Added Paths

trunk/LayoutTests/fast/editing/justify-user-select-none-dir-rtl-crash-expected.txt
trunk/LayoutTests/fast/editing/justify-user-select-none-dir-rtl-crash.html

Diff

Modified: trunk/LayoutTests/ChangeLog (261125 => 261126)


--- trunk/LayoutTests/ChangeLog	2020-05-04 23:37:44 UTC (rev 261125)
+++ trunk/LayoutTests/ChangeLog	2020-05-04 23:55:06 UTC (rev 261126)
@@ -1,3 +1,17 @@
+2020-05-04  Jack Lee  <[email protected]>
+
+        Nullptr crash in CompositeEditCommand::moveParagraphs when changing style on elements that are
+        user-select:none and dir:rtl.
+        https://bugs.webkit.org/show_bug.cgi?id=211206
+        <rdar://problem/61830589>
+
+        Reviewed by Geoffrey Garen.
+
+        Added a regression test for the crash.
+
+        * fast/editing/justify-user-select-none-dir-rtl-crash-expected.txt: Added.
+        * fast/editing/justify-user-select-none-dir-rtl-crash.html: Added.
+
 2020-05-04  Jason Lawrence  <[email protected]>
 
         [ iPadOS wk2 ] editing/selection/selection-change-in-mutation-event-by-remove-children.html is timing out.

Added: trunk/LayoutTests/fast/editing/justify-user-select-none-dir-rtl-crash-expected.txt (0 => 261126)


--- trunk/LayoutTests/fast/editing/justify-user-select-none-dir-rtl-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/editing/justify-user-select-none-dir-rtl-crash-expected.txt	2020-05-04 23:55:06 UTC (rev 261126)
@@ -0,0 +1 @@
+Test editing a paragraph that is user-select:none and dir:rtl. The test passes if WebKit doesn't crash or hit an assertion.

Added: trunk/LayoutTests/fast/editing/justify-user-select-none-dir-rtl-crash.html (0 => 261126)


--- trunk/LayoutTests/fast/editing/justify-user-select-none-dir-rtl-crash.html	                        (rev 0)
+++ trunk/LayoutTests/fast/editing/justify-user-select-none-dir-rtl-crash.html	2020-05-04 23:55:06 UTC (rev 261126)
@@ -0,0 +1,14 @@
+<body><label contenteditable="true" style="-webkit-appearance: button" dir="rtl"><q id=q style="-webkit-user-select:none">a</q>
+<script>
+    if (window.testRunner) {
+        testRunner.dumpAsText();
+        testRunner.waitUntilDone();
+    }
+
+    window.getSelection().selectAllChildren(q);
+    document.execCommand("justifyLeft", false);
+    document.body.innerText = "Test editing a paragraph that is user-select:none and dir:rtl. The test passes if WebKit doesn't crash or hit an assertion.";
+    
+    if (window.testRunner)
+        testRunner.notifyDone();
+</script>

Modified: trunk/Source/WebCore/ChangeLog (261125 => 261126)


--- trunk/Source/WebCore/ChangeLog	2020-05-04 23:37:44 UTC (rev 261125)
+++ trunk/Source/WebCore/ChangeLog	2020-05-04 23:55:06 UTC (rev 261126)
@@ -1,3 +1,20 @@
+2020-05-04  Jack Lee  <[email protected]>
+
+        Nullptr crash in CompositeEditCommand::moveParagraphs when changing style on elements that are
+        user-select:none and dir:rtl.
+        https://bugs.webkit.org/show_bug.cgi?id=211206
+        <rdar://problem/61830589>
+
+        Reviewed by Geoffrey Garen.
+
+        In function moveParagraphs check if the destination is an empty position and 
+        bail out before moving the paragraphs.
+
+        Test: fast/editing/justify-user-select-none-dir-rtl-crash.html
+
+        * editing/CompositeEditCommand.cpp:
+        (WebCore::CompositeEditCommand::moveParagraphs):
+
 2020-05-04  Jiewen Tan  <[email protected]>
 
         [WebAuthn] Implement +[_WKWebAuthenticationPanel clearAllLocalAuthenticatorCredentials]

Modified: trunk/Source/WebCore/editing/CompositeEditCommand.cpp (261125 => 261126)


--- trunk/Source/WebCore/editing/CompositeEditCommand.cpp	2020-05-04 23:37:44 UTC (rev 261125)
+++ trunk/Source/WebCore/editing/CompositeEditCommand.cpp	2020-05-04 23:55:06 UTC (rev 261126)
@@ -1398,7 +1398,7 @@
 
 void CompositeEditCommand::moveParagraphs(const VisiblePosition& startOfParagraphToMove, const VisiblePosition& endOfParagraphToMove, const VisiblePosition& destination, bool preserveSelection, bool preserveStyle)
 {
-    if (startOfParagraphToMove == destination)
+    if (destination.isNull() || startOfParagraphToMove == destination)
         return;
     
     Optional<uint64_t> startIndex;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes