Title: [277425] trunk/Source/WebCore
- Revision
- 277425
- Author
- [email protected]
- Date
- 2021-05-12 23:45:07 -0700 (Wed, 12 May 2021)
Log Message
RELEASE_ASSERT(m_selection->isNone()) fails in Document::removedLastRef
https://bugs.webkit.org/show_bug.cgi?id=225434
Patch by Frederic Wang <[email protected]> on 2021-05-12
Reviewed by Ryosuke Niwa.
Document::removedLastRef asserts that the document's selection is not set. However, setting
that selection is possible in FrameSelection::setSelectionWithoutUpdatingAppearance when the
document has not been destroyed yet but is already detached from its frame. This patch
instead clears the selection in that case.
No new tests.
* editing/FrameSelection.cpp:
(WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance): Clears the selection when
newSelection is in a detached document. Given the other conditions, this is actually
checking equivalent to !m_document->frame().
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (277424 => 277425)
--- trunk/Source/WebCore/ChangeLog 2021-05-13 05:37:17 UTC (rev 277424)
+++ trunk/Source/WebCore/ChangeLog 2021-05-13 06:45:07 UTC (rev 277425)
@@ -1,3 +1,22 @@
+2021-05-12 Frederic Wang <[email protected]>
+
+ RELEASE_ASSERT(m_selection->isNone()) fails in Document::removedLastRef
+ https://bugs.webkit.org/show_bug.cgi?id=225434
+
+ Reviewed by Ryosuke Niwa.
+
+ Document::removedLastRef asserts that the document's selection is not set. However, setting
+ that selection is possible in FrameSelection::setSelectionWithoutUpdatingAppearance when the
+ document has not been destroyed yet but is already detached from its frame. This patch
+ instead clears the selection in that case.
+
+ No new tests.
+
+ * editing/FrameSelection.cpp:
+ (WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance): Clears the selection when
+ newSelection is in a detached document. Given the other conditions, this is actually
+ checking equivalent to !m_document->frame().
+
2021-05-12 Peng Liu <[email protected]>
[iPad] SourceBufferPrivateAVFObjC should not report an error to the web page when the video playback is interrupted
Modified: trunk/Source/WebCore/editing/FrameSelection.cpp (277424 => 277425)
--- trunk/Source/WebCore/editing/FrameSelection.cpp 2021-05-13 05:37:17 UTC (rev 277424)
+++ trunk/Source/WebCore/editing/FrameSelection.cpp 2021-05-13 06:45:07 UTC (rev 277425)
@@ -363,7 +363,7 @@
return false;
}
- if (!m_document || !m_document->frame()) {
+ if (!m_document) {
m_selection = newSelection;
updateAssociatedLiveRange();
return false;
@@ -371,7 +371,8 @@
bool selectionEndpointsBelongToMultipleDocuments = newSelection.base().document() && !newSelection.document();
bool selectionIsInAnotherDocument = newSelection.document() && newSelection.document() != m_document.get();
- if (selectionEndpointsBelongToMultipleDocuments || selectionIsInAnotherDocument) {
+ bool selectionIsInDetachedDocument = newSelection.document() && !newSelection.document()->frame();
+ if (selectionEndpointsBelongToMultipleDocuments || selectionIsInAnotherDocument || selectionIsInDetachedDocument) {
clear();
return false;
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
