[webkit-changes] [286294] trunk

Tue, 30 Nov 2021 07:01:10 -0800

Title: [286294] trunk
Revision
286294
Author
[email protected]
Date
2021-11-30 07:00:09 -0800 (Tue, 30 Nov 2021)

Log Message

Null check in previousLinePosition
https://bugs.webkit.org/show_bug.cgi?id=233067

Patch by Rob Buis <[email protected]> on 2021-11-30
Reviewed by Antti Koivisto.

Source/WebCore:

Null check the iterator closestRunForPoint returns since
it can be null.

Test: editing/selection/move-by-line-crash.html

* editing/VisibleUnits.cpp:
(WebCore::previousLinePosition):
(WebCore::nextLinePosition):

LayoutTests:

* editing/selection/move-by-line-crash-expected.txt: Added.
* editing/selection/move-by-line-crash.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (286293 => 286294)


--- trunk/LayoutTests/ChangeLog	2021-11-30 14:54:52 UTC (rev 286293)
+++ trunk/LayoutTests/ChangeLog	2021-11-30 15:00:09 UTC (rev 286294)
@@ -1,3 +1,13 @@
+2021-11-30  Rob Buis  <[email protected]>
+
+        Null check in previousLinePosition
+        https://bugs.webkit.org/show_bug.cgi?id=233067
+
+        Reviewed by Antti Koivisto.
+
+        * editing/selection/move-by-line-crash-expected.txt: Added.
+        * editing/selection/move-by-line-crash.html: Added.
+
 2021-11-30  Martin Robinson  <[email protected]>
 
         Transition from perspective(500px) to 'none' is probably wrong

Added: trunk/LayoutTests/editing/selection/move-by-line-crash-expected.txt (0 => 286294)


--- trunk/LayoutTests/editing/selection/move-by-line-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/editing/selection/move-by-line-crash-expected.txt	2021-11-30 15:00:09 UTC (rev 286294)
@@ -0,0 +1 @@
+Test passes if it does not crash.

Added: trunk/LayoutTests/editing/selection/move-by-line-crash.html (0 => 286294)


--- trunk/LayoutTests/editing/selection/move-by-line-crash.html	                        (rev 0)
+++ trunk/LayoutTests/editing/selection/move-by-line-crash.html	2021-11-30 15:00:09 UTC (rev 286294)
@@ -0,0 +1,38 @@
+<!DOCTYPE>
+<html>
+<style>
+  summary::first-letter {
+    background: grey;
+  }
+  html {
+    -webkit-user-modify: read-write-plaintext-only;
+    min-inline-size: min-content;
+    writing-mode: vertical-lr;
+  }
+  video {
+    float: left;
+    inline-size: 10%;
+  }
+  div {
+    border-block-start-style: ridge;
+    padding-top: 100%;
+    height: 10px;
+  }
+</style>
+<script>
+  if (window.testRunner)
+    window.testRunner.dumpAsText();
+  _onload_ = () => {
+    let summary0 = document.createElement('summary');
+    document.documentElement.appendChild(summary0);
+    let video0 = document.createElement('video');
+    summary0.appendChild(video0);
+    let div0 = document.createElement('div');
+    document.documentElement.append(div0);
+    video0.controls = true;
+    getSelection().selectAllChildren(summary0);
+    summary0.append('foo');
+    getSelection().modify('move', 'left', 'line');
+    document.write("Test passes if it does not crash.");
+  };
+</script>

Modified: trunk/Source/WebCore/ChangeLog (286293 => 286294)


--- trunk/Source/WebCore/ChangeLog	2021-11-30 14:54:52 UTC (rev 286293)
+++ trunk/Source/WebCore/ChangeLog	2021-11-30 15:00:09 UTC (rev 286294)
@@ -1,3 +1,19 @@
+2021-11-30  Rob Buis  <[email protected]>
+
+        Null check in previousLinePosition
+        https://bugs.webkit.org/show_bug.cgi?id=233067
+
+        Reviewed by Antti Koivisto.
+
+        Null check the iterator closestRunForPoint returns since
+        it can be null.
+
+        Test: editing/selection/move-by-line-crash.html
+
+        * editing/VisibleUnits.cpp:
+        (WebCore::previousLinePosition):
+        (WebCore::nextLinePosition):
+
 2021-11-30  Kimmo Kinnunen  <[email protected]>
 
         GraphicsContextGL should have ANGLE-specific subclass

Modified: trunk/Source/WebCore/editing/VisibleUnits.cpp (286293 => 286294)


--- trunk/Source/WebCore/editing/VisibleUnits.cpp	2021-11-30 14:54:52 UTC (rev 286293)
+++ trunk/Source/WebCore/editing/VisibleUnits.cpp	2021-11-30 15:00:09 UTC (rev 286294)
@@ -990,7 +990,10 @@
     if (line) {
         // FIXME: Can be wrong for multi-column layout and with transforms.
         auto pointInLine = absoluteLineDirectionPointToLocalPointInBlock(line, lineDirectionPoint);
-        auto& renderer = line->closestRunForPoint(pointInLine, isEditablePosition(p))->renderer();
+        auto run = line->closestRunForPoint(pointInLine, isEditablePosition(p));
+        if (!run)
+            return VisiblePosition();
+        auto& renderer = run->renderer();
         Node* node = renderer.node();
         if (node && editingIgnoresContent(*node))
             return positionInParentBeforeNode(node);
@@ -1043,7 +1046,10 @@
     if (line) {
         // FIXME: Can be wrong for multi-column layout and with transforms.
         auto pointInLine = absoluteLineDirectionPointToLocalPointInBlock(line, lineDirectionPoint);
-        auto& renderer = line->closestRunForPoint(pointInLine, isEditablePosition(p))->renderer();
+        auto run = line->closestRunForPoint(pointInLine, isEditablePosition(p));
+        if (!run)
+            return VisiblePosition();
+        auto& renderer = run->renderer();
         Node* node = renderer.node();
         if (node && editingIgnoresContent(*node))
             return positionInParentBeforeNode(node);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to