Title: [277057] branches/safari-611-branch/Source
- Revision
- 277057
- Author
- [email protected]
- Date
- 2021-05-05 17:18:58 -0700 (Wed, 05 May 2021)
Log Message
Merge Cherry-pick r276742. rdar://problem/77326513
Modified Paths
Diff
Modified: branches/safari-611-branch/Source/WebCore/ChangeLog (277056 => 277057)
--- branches/safari-611-branch/Source/WebCore/ChangeLog 2021-05-06 00:18:52 UTC (rev 277056)
+++ branches/safari-611-branch/Source/WebCore/ChangeLog 2021-05-06 00:18:58 UTC (rev 277057)
@@ -1,5 +1,50 @@
2021-04-29 Russell Epstein <[email protected]>
+ Cherry-pick r276742. rdar://problem/77326513
+
+ [iOS] Web content process occasionally crashes under VisibleSelection::adjustPositionForEnd
+ https://bugs.webkit.org/show_bug.cgi?id=225072
+ rdar://77159489
+
+ Reviewed by Darin Adler.
+
+ Source/WebCore:
+
+ Remove a helper method that was added in r276688, which we no longer need.
+
+ * dom/Position.h:
+ (WebCore::Position::isInTreeScope const): Deleted.
+
+ Source/WebKit:
+
+ The fix for this crash that I landed in r276688 was based on a misunderstanding that accessing `treeScope()`
+ would trigger a null pointer deref if `isInTreeScope()` is `false`. This is not the case, since the `treeScope`
+ of a `Node` is a separate notion from whether that `Node` is connected to said tree scope.
+
+ Since this crash is really due to dereferencing a null container node in the case where `selectionStart` or
+ `selectionEnd` are null, a better fix is to just check the nullity of the container node.
+
+ * WebProcess/WebPage/ios/WebPageIOS.mm:
+ (WebKit::rangeForPointInRootViewCoordinates):
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@276742 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-04-28 Wenson Hsieh <[email protected]>
+
+ [iOS] Web content process occasionally crashes under VisibleSelection::adjustPositionForEnd
+ https://bugs.webkit.org/show_bug.cgi?id=225072
+ rdar://77159489
+
+ Reviewed by Darin Adler.
+
+ Remove a helper method that was added in r276688, which we no longer need.
+
+ * dom/Position.h:
+ (WebCore::Position::isInTreeScope const): Deleted.
+
+2021-04-29 Russell Epstein <[email protected]>
+
Cherry-pick r276688. rdar://problem/77326513
[iOS] Web content process occasionally crashes under VisibleSelection::adjustPositionForEnd
Modified: branches/safari-611-branch/Source/WebCore/dom/Position.h (277056 => 277057)
--- branches/safari-611-branch/Source/WebCore/dom/Position.h 2021-05-06 00:18:52 UTC (rev 277056)
+++ branches/safari-611-branch/Source/WebCore/dom/Position.h 2021-05-06 00:18:58 UTC (rev 277057)
@@ -123,8 +123,6 @@
return container ? container->rootEditableElement() : nullptr;
}
- bool isInTreeScope() const { return m_anchorNode && m_anchorNode->isInTreeScope(); }
-
// These should only be used for PositionIsOffsetInAnchor positions, unless
// the position is a legacy editing position.
void moveToPosition(Node* anchorNode, unsigned offset);
Modified: branches/safari-611-branch/Source/WebKit/ChangeLog (277056 => 277057)
--- branches/safari-611-branch/Source/WebKit/ChangeLog 2021-05-06 00:18:52 UTC (rev 277056)
+++ branches/safari-611-branch/Source/WebKit/ChangeLog 2021-05-06 00:18:58 UTC (rev 277057)
@@ -1,5 +1,55 @@
2021-04-29 Russell Epstein <[email protected]>
+ Cherry-pick r276742. rdar://problem/77326513
+
+ [iOS] Web content process occasionally crashes under VisibleSelection::adjustPositionForEnd
+ https://bugs.webkit.org/show_bug.cgi?id=225072
+ rdar://77159489
+
+ Reviewed by Darin Adler.
+
+ Source/WebCore:
+
+ Remove a helper method that was added in r276688, which we no longer need.
+
+ * dom/Position.h:
+ (WebCore::Position::isInTreeScope const): Deleted.
+
+ Source/WebKit:
+
+ The fix for this crash that I landed in r276688 was based on a misunderstanding that accessing `treeScope()`
+ would trigger a null pointer deref if `isInTreeScope()` is `false`. This is not the case, since the `treeScope`
+ of a `Node` is a separate notion from whether that `Node` is connected to said tree scope.
+
+ Since this crash is really due to dereferencing a null container node in the case where `selectionStart` or
+ `selectionEnd` are null, a better fix is to just check the nullity of the container node.
+
+ * WebProcess/WebPage/ios/WebPageIOS.mm:
+ (WebKit::rangeForPointInRootViewCoordinates):
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@276742 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-04-28 Wenson Hsieh <[email protected]>
+
+ [iOS] Web content process occasionally crashes under VisibleSelection::adjustPositionForEnd
+ https://bugs.webkit.org/show_bug.cgi?id=225072
+ rdar://77159489
+
+ Reviewed by Darin Adler.
+
+ The fix for this crash that I landed in r276688 was based on a misunderstanding that accessing `treeScope()`
+ would trigger a null pointer deref if `isInTreeScope()` is `false`. This is not the case, since the `treeScope`
+ of a `Node` is a separate notion from whether that `Node` is connected to said tree scope.
+
+ Since this crash is really due to dereferencing a null container node in the case where `selectionStart` or
+ `selectionEnd` are null, a better fix is to just check the nullity of the container node.
+
+ * WebProcess/WebPage/ios/WebPageIOS.mm:
+ (WebKit::rangeForPointInRootViewCoordinates):
+
+2021-04-29 Russell Epstein <[email protected]>
+
Cherry-pick r276688. rdar://problem/77326513
[iOS] Web content process occasionally crashes under VisibleSelection::adjustPositionForEnd
Modified: branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm (277056 => 277057)
--- branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm 2021-05-06 00:18:52 UTC (rev 277056)
+++ branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm 2021-05-06 00:18:58 UTC (rev 277057)
@@ -1526,15 +1526,15 @@
if (baseIsStart) {
if (result <= selectionStart)
result = selectionStart.next();
- else if (targetNode && targetNode->isInTreeScope() && selectionStart.deepEquivalent().isInTreeScope() && selectionStart.deepEquivalent().treeScope() != &targetNode->treeScope())
- result = VisibleSelection::adjustPositionForEnd(result.deepEquivalent(), selectionStart.deepEquivalent().containerNode());
+ else if (auto containerNode = makeRefPtr(selectionStart.deepEquivalent().containerNode()); containerNode && targetNode && &containerNode->treeScope() != &targetNode->treeScope())
+ result = VisibleSelection::adjustPositionForEnd(result.deepEquivalent(), containerNode.get());
range = makeSimpleRange(selectionStart, result);
} else {
if (selectionEnd <= result)
result = selectionEnd.previous();
- else if (targetNode && targetNode->isInTreeScope() && selectionEnd.deepEquivalent().isInTreeScope() && selectionEnd.deepEquivalent().treeScope() != &targetNode->treeScope())
- result = VisibleSelection::adjustPositionForStart(result.deepEquivalent(), selectionEnd.deepEquivalent().containerNode());
+ else if (auto containerNode = makeRefPtr(selectionEnd.deepEquivalent().containerNode()); containerNode && targetNode && &containerNode->treeScope() != &targetNode->treeScope())
+ result = VisibleSelection::adjustPositionForStart(result.deepEquivalent(), containerNode.get());
range = makeSimpleRange(result, selectionEnd);
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
