Diff
Modified: branches/safari-611-branch/LayoutTests/ChangeLog (277055 => 277056)
--- branches/safari-611-branch/LayoutTests/ChangeLog 2021-05-06 00:09:44 UTC (rev 277055)
+++ branches/safari-611-branch/LayoutTests/ChangeLog 2021-05-06 00:18:52 UTC (rev 277056)
@@ -1,3 +1,57 @@
+2021-04-29 Russell Epstein <[email protected]>
+
+ Cherry-pick r276688. rdar://problem/77326513
+
+ [iOS] Web content process occasionally crashes under VisibleSelection::adjustPositionForEnd
+ https://bugs.webkit.org/show_bug.cgi?id=225072
+ rdar://77159489
+
+ Reviewed by Darin Adler.
+
+ Source/WebCore:
+
+ Add a helper method to check whether or not the given `Position` is in a tree scope. See WebKit/ChangeLog for
+ more details.
+
+ Test: editing/selection/ios/clear-selection-while-moving-selection-handles.html
+
+ * dom/Position.h:
+ (WebCore::Position::isInTreeScope const):
+
+ Source/WebKit:
+
+ Make `rangeForPointInRootViewCoordinates` robust in the case where the original selection may have become
+ orphaned or null, by checking that the `targetNode` and existing `selectionStart` or `selectionEnd` are in a
+ tree scope before accessing `treeScope()`.
+
+ * WebProcess/WebPage/ios/WebPageIOS.mm:
+ (WebKit::rangeForPointInRootViewCoordinates):
+
+ LayoutTests:
+
+ Add a layout test that programmatically clears the selection in the middle of changing it by moving selection
+ handles.
+
+ * editing/selection/ios/clear-selection-while-moving-selection-handles-expected.txt: Added.
+ * editing/selection/ios/clear-selection-while-moving-selection-handles.html: Added.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@276688 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-04-27 Wenson Hsieh <[email protected]>
+
+ [iOS] Web content process occasionally crashes under VisibleSelection::adjustPositionForEnd
+ https://bugs.webkit.org/show_bug.cgi?id=225072
+ rdar://77159489
+
+ Reviewed by Darin Adler.
+
+ Add a layout test that programmatically clears the selection in the middle of changing it by moving selection
+ handles.
+
+ * editing/selection/ios/clear-selection-while-moving-selection-handles-expected.txt: Added.
+ * editing/selection/ios/clear-selection-while-moving-selection-handles.html: Added.
+
2021-04-27 Russell Epstein <[email protected]>
Cherry-pick r276357. rdar://problem/77211423
Added: branches/safari-611-branch/LayoutTests/editing/selection/ios/clear-selection-while-moving-selection-handles-expected.txt (0 => 277056)
--- branches/safari-611-branch/LayoutTests/editing/selection/ios/clear-selection-while-moving-selection-handles-expected.txt (rev 0)
+++ branches/safari-611-branch/LayoutTests/editing/selection/ios/clear-selection-while-moving-selection-handles-expected.txt 2021-05-06 00:18:52 UTC (rev 277056)
@@ -0,0 +1,6 @@
+PASS Did not crash
+PASS successfullyParsed is true
+
+TEST COMPLETE
+Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam nonumyeirmodtempor invidunt ut labore et dolore magna aliquyam erat, sed diam voluptua.
+This test verifies that programmatically clearing the text selection while interacting with selection handles does not cause a crash.
Added: branches/safari-611-branch/LayoutTests/editing/selection/ios/clear-selection-while-moving-selection-handles.html (0 => 277056)
--- branches/safari-611-branch/LayoutTests/editing/selection/ios/clear-selection-while-moving-selection-handles.html (rev 0)
+++ branches/safari-611-branch/LayoutTests/editing/selection/ios/clear-selection-while-moving-selection-handles.html 2021-05-06 00:18:52 UTC (rev 277056)
@@ -0,0 +1,48 @@
+<!DOCTYPE html> <!-- webkit-test-runner [ useFlexibleViewport=true ] -->
+<html>
+<meta name="viewport" content="width=device-width, initial-scale=1">
+<head>
+<script src=""
+<script src=""
+<style>
+body {
+ margin: 0;
+ font-size: 18px;
+}
+</style>
+<script>
+jsTestIsAsync = true;
+
+addEventListener("load", async () => {
+ let target = document.getElementById("target");
+ await UIHelper.longPressElement(target);
+ await UIHelper.waitForSelectionToAppear();
+ let grabberRect = await UIHelper.getSelectionEndGrabberViewRect();
+ let grabberLocationX = grabberRect.left + (grabberRect.width / 2);
+ let grabberLocationY = grabberRect.top + (grabberRect.height / 2);
+
+ selectionChangeCount = 0;
+ document.addEventListener("selectionchange", () => {
+ ++selectionChangeCount;
+ if (selectionChangeCount > 5 && getSelection().rangeCount)
+ getSelection().removeAllRanges();
+ });
+
+ await UIHelper.sendEventStream(new UIHelper.EventStreamBuilder()
+ .begin(grabberLocationX, grabberLocationY)
+ .move(10, grabberLocationY, 1)
+ .end(10, grabberLocationY)
+ .takeResult());
+
+ testPassed("Did not crash");
+ finishJSTest();
+});
+</script>
+</head>
+<body>
+ Lorem ipsum dolor sit amet, consetetur sadipscing elitr, sed diam
+ <span id="target">nonumyeirmodtempor</span> invidunt ut labore et dolore magna aliquyam erat,
+ sed diam voluptua.
+ <p>This test verifies that programmatically clearing the text selection while interacting with selection handles does not cause a crash.</p>
+</body>
+</html>
Modified: branches/safari-611-branch/Source/WebCore/ChangeLog (277055 => 277056)
--- branches/safari-611-branch/Source/WebCore/ChangeLog 2021-05-06 00:09:44 UTC (rev 277055)
+++ branches/safari-611-branch/Source/WebCore/ChangeLog 2021-05-06 00:18:52 UTC (rev 277056)
@@ -1,3 +1,59 @@
+2021-04-29 Russell Epstein <[email protected]>
+
+ Cherry-pick r276688. rdar://problem/77326513
+
+ [iOS] Web content process occasionally crashes under VisibleSelection::adjustPositionForEnd
+ https://bugs.webkit.org/show_bug.cgi?id=225072
+ rdar://77159489
+
+ Reviewed by Darin Adler.
+
+ Source/WebCore:
+
+ Add a helper method to check whether or not the given `Position` is in a tree scope. See WebKit/ChangeLog for
+ more details.
+
+ Test: editing/selection/ios/clear-selection-while-moving-selection-handles.html
+
+ * dom/Position.h:
+ (WebCore::Position::isInTreeScope const):
+
+ Source/WebKit:
+
+ Make `rangeForPointInRootViewCoordinates` robust in the case where the original selection may have become
+ orphaned or null, by checking that the `targetNode` and existing `selectionStart` or `selectionEnd` are in a
+ tree scope before accessing `treeScope()`.
+
+ * WebProcess/WebPage/ios/WebPageIOS.mm:
+ (WebKit::rangeForPointInRootViewCoordinates):
+
+ LayoutTests:
+
+ Add a layout test that programmatically clears the selection in the middle of changing it by moving selection
+ handles.
+
+ * editing/selection/ios/clear-selection-while-moving-selection-handles-expected.txt: Added.
+ * editing/selection/ios/clear-selection-while-moving-selection-handles.html: Added.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@276688 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-04-27 Wenson Hsieh <[email protected]>
+
+ [iOS] Web content process occasionally crashes under VisibleSelection::adjustPositionForEnd
+ https://bugs.webkit.org/show_bug.cgi?id=225072
+ rdar://77159489
+
+ Reviewed by Darin Adler.
+
+ Add a helper method to check whether or not the given `Position` is in a tree scope. See WebKit/ChangeLog for
+ more details.
+
+ Test: editing/selection/ios/clear-selection-while-moving-selection-handles.html
+
+ * dom/Position.h:
+ (WebCore::Position::isInTreeScope const):
+
2021-04-27 Alan Coon <[email protected]>
Added blobOwner declaration from trac.webkit.org/r276230.
Modified: branches/safari-611-branch/Source/WebCore/dom/Position.h (277055 => 277056)
--- branches/safari-611-branch/Source/WebCore/dom/Position.h 2021-05-06 00:09:44 UTC (rev 277055)
+++ branches/safari-611-branch/Source/WebCore/dom/Position.h 2021-05-06 00:18:52 UTC (rev 277056)
@@ -123,6 +123,8 @@
return container ? container->rootEditableElement() : nullptr;
}
+ bool isInTreeScope() const { return m_anchorNode && m_anchorNode->isInTreeScope(); }
+
// These should only be used for PositionIsOffsetInAnchor positions, unless
// the position is a legacy editing position.
void moveToPosition(Node* anchorNode, unsigned offset);
Modified: branches/safari-611-branch/Source/WebKit/ChangeLog (277055 => 277056)
--- branches/safari-611-branch/Source/WebKit/ChangeLog 2021-05-06 00:09:44 UTC (rev 277055)
+++ branches/safari-611-branch/Source/WebKit/ChangeLog 2021-05-06 00:18:52 UTC (rev 277056)
@@ -1,3 +1,58 @@
+2021-04-29 Russell Epstein <[email protected]>
+
+ Cherry-pick r276688. rdar://problem/77326513
+
+ [iOS] Web content process occasionally crashes under VisibleSelection::adjustPositionForEnd
+ https://bugs.webkit.org/show_bug.cgi?id=225072
+ rdar://77159489
+
+ Reviewed by Darin Adler.
+
+ Source/WebCore:
+
+ Add a helper method to check whether or not the given `Position` is in a tree scope. See WebKit/ChangeLog for
+ more details.
+
+ Test: editing/selection/ios/clear-selection-while-moving-selection-handles.html
+
+ * dom/Position.h:
+ (WebCore::Position::isInTreeScope const):
+
+ Source/WebKit:
+
+ Make `rangeForPointInRootViewCoordinates` robust in the case where the original selection may have become
+ orphaned or null, by checking that the `targetNode` and existing `selectionStart` or `selectionEnd` are in a
+ tree scope before accessing `treeScope()`.
+
+ * WebProcess/WebPage/ios/WebPageIOS.mm:
+ (WebKit::rangeForPointInRootViewCoordinates):
+
+ LayoutTests:
+
+ Add a layout test that programmatically clears the selection in the middle of changing it by moving selection
+ handles.
+
+ * editing/selection/ios/clear-selection-while-moving-selection-handles-expected.txt: Added.
+ * editing/selection/ios/clear-selection-while-moving-selection-handles.html: Added.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@276688 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-04-27 Wenson Hsieh <[email protected]>
+
+ [iOS] Web content process occasionally crashes under VisibleSelection::adjustPositionForEnd
+ https://bugs.webkit.org/show_bug.cgi?id=225072
+ rdar://77159489
+
+ Reviewed by Darin Adler.
+
+ Make `rangeForPointInRootViewCoordinates` robust in the case where the original selection may have become
+ orphaned or null, by checking that the `targetNode` and existing `selectionStart` or `selectionEnd` are in a
+ tree scope before accessing `treeScope()`.
+
+ * WebProcess/WebPage/ios/WebPageIOS.mm:
+ (WebKit::rangeForPointInRootViewCoordinates):
+
2021-04-23 Russell Epstein <[email protected]>
Cherry-pick r276324. rdar://problem/77086404
Modified: branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm (277055 => 277056)
--- branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm 2021-05-06 00:09:44 UTC (rev 277055)
+++ branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm 2021-05-06 00:18:52 UTC (rev 277056)
@@ -1526,7 +1526,7 @@
if (baseIsStart) {
if (result <= selectionStart)
result = selectionStart.next();
- else if (targetNode && selectionStart.deepEquivalent().treeScope() != &targetNode->treeScope())
+ else if (targetNode && targetNode->isInTreeScope() && selectionStart.deepEquivalent().isInTreeScope() && selectionStart.deepEquivalent().treeScope() != &targetNode->treeScope())
result = VisibleSelection::adjustPositionForEnd(result.deepEquivalent(), selectionStart.deepEquivalent().containerNode());
range = makeSimpleRange(selectionStart, result);
@@ -1533,7 +1533,7 @@
} else {
if (selectionEnd <= result)
result = selectionEnd.previous();
- else if (targetNode && selectionEnd.deepEquivalent().treeScope() != &targetNode->treeScope())
+ else if (targetNode && targetNode->isInTreeScope() && selectionEnd.deepEquivalent().isInTreeScope() && selectionEnd.deepEquivalent().treeScope() != &targetNode->treeScope())
result = VisibleSelection::adjustPositionForStart(result.deepEquivalent(), selectionEnd.deepEquivalent().containerNode());
range = makeSimpleRange(result, selectionEnd);
