[webkit-changes] [WebKit/WebKit] 4f3e85: Bad variant access exception under UnifiedTextRepl...

Wed, 17 Apr 2024 21:57:41 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 4f3e85482d496dd4c68bd5a954a22597695e6c8b
      
https://github.com/WebKit/WebKit/commit/4f3e85482d496dd4c68bd5a954a22597695e6c8b
  Author: Richard Robinson <[email protected]>
  Date:   2024-04-17 (Wed, 17 Apr 2024)

  Changed paths:
    M Source/WebKit/WebProcess/WebPage/Cocoa/UnifiedTextReplacementController.mm

  Log Message:
  -----------
  Bad variant access exception under UnifiedTextReplacementController
https://bugs.webkit.org/show_bug.cgi?id=272857
rdar://126196535

Reviewed by Wenson Hsieh.

When receiving multiple replacements in `didReceiveReplacements`, the 
`sessionRange` is used during
each iteration of the replacements in order to create a resolved range. 
However, it is possible for
one iteration to end up modifying the range for subsequent iterations, 
resulting in an outdated
`sessionRange` for those iterations.

Fix by re-creating the session range in each iteration, as the live range it is 
created from does
get updated to reflect the updated contents and range.

This implementation bug also revealed another bug, which is that if the markers 
happen to have
ill-formed ranges, as was the case due to the above bug, then in the iteration 
of the unified text
replacement document markers in `didEndTextReplacementSession`, it would be 
possible for the call
to `replaceTextInRange` to end up modifying other markers. Since this is during 
iteration of the
markers, this can lead to a corrupted document marker instance, resulting in 
the bad variant access
exception.

Fix by saving all the ranges and replacement texts into a vector after 
iterating the markers, and
then iterate the vector and perform the replacements.

* Source/WebKit/WebProcess/WebPage/Cocoa/UnifiedTextReplacementController.mm:
(WebKit::UnifiedTextReplacementController::didEndTextReplacementSession):

Canonical link: https://commits.webkit.org/277652@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to