Title: [269198] branches/safari-611.1.4-branch
- Revision
- 269198
- Author
- [email protected]
- Date
- 2020-10-30 10:42:40 -0700 (Fri, 30 Oct 2020)
Log Message
Cherry-pick r269136. rdar://problem/70831153
REGRESSION(r267329): Crash in VisibleSelection::toNormalizedRange()
https://bugs.webkit.org/show_bug.cgi?id=218276
Reviewed by Wenson Hsieh.
Source/WebCore:
The crash was a symptom of the issue that m_extent or m_base could be null but not the other
when canonicalizing a non-null Position with VisiblePosition will make it null.
Fixed the bug by making sure base and extent's nullness match.
Test: editing/selection/delete-selection-with-disconnected-extent.html
* editing/VisibleSelection.cpp:
(WebCore::VisibleSelection::setBaseAndExtentToDeepEquivalents):
LayoutTests:
Added a regression test and rebaselined the test now that we got the pre-r267329 behavior back.
* editing/execCommand/insert-list-nested-with-orphaned-expected.txt: Reverted the rebaseline in r267329.
* editing/selection/delete-selection-with-disconnected-extent-expected.txt: Added.
* editing/selection/delete-selection-with-disconnected-extent.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269136 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Added Paths
Diff
Modified: branches/safari-611.1.4-branch/LayoutTests/ChangeLog (269197 => 269198)
--- branches/safari-611.1.4-branch/LayoutTests/ChangeLog 2020-10-30 17:42:36 UTC (rev 269197)
+++ branches/safari-611.1.4-branch/LayoutTests/ChangeLog 2020-10-30 17:42:40 UTC (rev 269198)
@@ -1,3 +1,48 @@
+2020-10-29 Alan Coon <[email protected]>
+
+ Cherry-pick r269136. rdar://problem/70831153
+
+ REGRESSION(r267329): Crash in VisibleSelection::toNormalizedRange()
+ https://bugs.webkit.org/show_bug.cgi?id=218276
+
+ Reviewed by Wenson Hsieh.
+
+ Source/WebCore:
+
+ The crash was a symptom of the issue that m_extent or m_base could be null but not the other
+ when canonicalizing a non-null Position with VisiblePosition will make it null.
+
+ Fixed the bug by making sure base and extent's nullness match.
+
+ Test: editing/selection/delete-selection-with-disconnected-extent.html
+
+ * editing/VisibleSelection.cpp:
+ (WebCore::VisibleSelection::setBaseAndExtentToDeepEquivalents):
+
+ LayoutTests:
+
+ Added a regression test and rebaselined the test now that we got the pre-r267329 behavior back.
+
+ * editing/execCommand/insert-list-nested-with-orphaned-expected.txt: Reverted the rebaseline in r267329.
+ * editing/selection/delete-selection-with-disconnected-extent-expected.txt: Added.
+ * editing/selection/delete-selection-with-disconnected-extent.html: Added.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269136 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-10-28 Ryosuke Niwa <[email protected]>
+
+ REGRESSION(r267329): Crash in VisibleSelection::toNormalizedRange()
+ https://bugs.webkit.org/show_bug.cgi?id=218276
+
+ Reviewed by Wenson Hsieh.
+
+ Added a regression test and rebaselined the test now that we got the pre-r267329 behavior back.
+
+ * editing/execCommand/insert-list-nested-with-orphaned-expected.txt: Reverted the rebaseline in r267329.
+ * editing/selection/delete-selection-with-disconnected-extent-expected.txt: Added.
+ * editing/selection/delete-selection-with-disconnected-extent.html: Added.
+
2020-10-26 Alan Coon <[email protected]>
Cherry-pick r268382. rdar://problem/70702384
Modified: branches/safari-611.1.4-branch/LayoutTests/editing/execCommand/insert-list-nested-with-orphaned-expected.txt (269197 => 269198)
--- branches/safari-611.1.4-branch/LayoutTests/editing/execCommand/insert-list-nested-with-orphaned-expected.txt 2020-10-30 17:42:36 UTC (rev 269197)
+++ branches/safari-611.1.4-branch/LayoutTests/editing/execCommand/insert-list-nested-with-orphaned-expected.txt 2020-10-30 17:42:40 UTC (rev 269198)
@@ -17,7 +17,7 @@
"
| <ol>
| <li>
-| "because of you"
+| "<#selection-caret>because of you"
| "
"
| "
Added: branches/safari-611.1.4-branch/LayoutTests/editing/selection/delete-selection-with-disconnected-extent-expected.txt (0 => 269198)
--- branches/safari-611.1.4-branch/LayoutTests/editing/selection/delete-selection-with-disconnected-extent-expected.txt (rev 0)
+++ branches/safari-611.1.4-branch/LayoutTests/editing/selection/delete-selection-with-disconnected-extent-expected.txt 2020-10-30 17:42:40 UTC (rev 269198)
@@ -0,0 +1,3 @@
+This tests invoking deletion after attempting to extend selection to a disconnected node. WebKit should not crash.
+
+PASS.
Added: branches/safari-611.1.4-branch/LayoutTests/editing/selection/delete-selection-with-disconnected-extent.html (0 => 269198)
--- branches/safari-611.1.4-branch/LayoutTests/editing/selection/delete-selection-with-disconnected-extent.html (rev 0)
+++ branches/safari-611.1.4-branch/LayoutTests/editing/selection/delete-selection-with-disconnected-extent.html 2020-10-30 17:42:40 UTC (rev 269198)
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<script>
+function runTest() {
+ if (window.testRunner)
+ testRunner.dumpAsText();
+
+ document.querySelector('input').setRangeText('aa', 0, 1, 'end');
+ getSelection().extend(document.createElement('select'));
+ document.execCommand('delete', false);
+
+ document.body.innerHTML = `<p>This tests invoking deletion after attempting to extend selection to a disconnected node. WebKit should not crash.</p>PASS.`;
+}
+</script>
+<body _onload_=runTest()>
+<input>
Modified: branches/safari-611.1.4-branch/Source/WebCore/ChangeLog (269197 => 269198)
--- branches/safari-611.1.4-branch/Source/WebCore/ChangeLog 2020-10-30 17:42:36 UTC (rev 269197)
+++ branches/safari-611.1.4-branch/Source/WebCore/ChangeLog 2020-10-30 17:42:40 UTC (rev 269198)
@@ -1,5 +1,54 @@
2020-10-29 Alan Coon <[email protected]>
+ Cherry-pick r269136. rdar://problem/70831153
+
+ REGRESSION(r267329): Crash in VisibleSelection::toNormalizedRange()
+ https://bugs.webkit.org/show_bug.cgi?id=218276
+
+ Reviewed by Wenson Hsieh.
+
+ Source/WebCore:
+
+ The crash was a symptom of the issue that m_extent or m_base could be null but not the other
+ when canonicalizing a non-null Position with VisiblePosition will make it null.
+
+ Fixed the bug by making sure base and extent's nullness match.
+
+ Test: editing/selection/delete-selection-with-disconnected-extent.html
+
+ * editing/VisibleSelection.cpp:
+ (WebCore::VisibleSelection::setBaseAndExtentToDeepEquivalents):
+
+ LayoutTests:
+
+ Added a regression test and rebaselined the test now that we got the pre-r267329 behavior back.
+
+ * editing/execCommand/insert-list-nested-with-orphaned-expected.txt: Reverted the rebaseline in r267329.
+ * editing/selection/delete-selection-with-disconnected-extent-expected.txt: Added.
+ * editing/selection/delete-selection-with-disconnected-extent.html: Added.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@269136 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2020-10-28 Ryosuke Niwa <[email protected]>
+
+ REGRESSION(r267329): Crash in VisibleSelection::toNormalizedRange()
+ https://bugs.webkit.org/show_bug.cgi?id=218276
+
+ Reviewed by Wenson Hsieh.
+
+ The crash was a symptom of the issue that m_extent or m_base could be null but not the other
+ when canonicalizing a non-null Position with VisiblePosition will make it null.
+
+ Fixed the bug by making sure base and extent's nullness match.
+
+ Test: editing/selection/delete-selection-with-disconnected-extent.html
+
+ * editing/VisibleSelection.cpp:
+ (WebCore::VisibleSelection::setBaseAndExtentToDeepEquivalents):
+
+2020-10-29 Alan Coon <[email protected]>
+
Cherry-pick r269110. rdar://problem/70831200
[LFC][IFC] horizontalAlignmentOffset should check for empty run list
Modified: branches/safari-611.1.4-branch/Source/WebCore/editing/VisibleSelection.cpp (269197 => 269198)
--- branches/safari-611.1.4-branch/Source/WebCore/editing/VisibleSelection.cpp 2020-10-30 17:42:36 UTC (rev 269197)
+++ branches/safari-611.1.4-branch/Source/WebCore/editing/VisibleSelection.cpp 2020-10-30 17:42:40 UTC (rev 269198)
@@ -232,6 +232,12 @@
m_extent = m_base;
else
m_extent = VisiblePosition(m_focus, m_affinity).deepEquivalent();
+ if (m_base.isNull() != m_extent.isNull()) {
+ if (m_base.isNull())
+ m_base = m_extent;
+ else
+ m_extent = m_base;
+ }
}
void VisibleSelection::adjustSelectionRespectingGranularity(TextGranularity granularity)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
