[webkit-changes] [111125] trunk/Source/WebKit2

[mitz]

Title: [111125] trunk/Source/WebKit2

Revision

111125

Author

m...@apple.com

Date

2012-03-17 12:23:28 -0700 (Sat, 17 Mar 2012)

Log Message

<rdar://problem/10263562> Crash in WebCore::Range::startPosition() when dismissing the Press and Hold panel by clicking in the menu bar
https://bugs.webkit.org/show_bug.cgi?id=81454

Reviewed by Ada Chan.

When the Press and Hold panel is dismissed by clicking in the menu bar,
-insertText:replacementRange: is called with an NSRange whose location is NSNotFound - 1
(see <rdar://problem/11069374>). Trying to convert this bogus range to a WebCore Range
returns 0, which leads to the crash.

* WebProcess/WebPage/mac/WebPageMac.mm:
(WebKit::WebPage::insertText): Added a null check, to protect the code from bogus ranges.

Modified Paths

• trunk/Source/WebKit2/ChangeLog
• trunk/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm

Diff

Modified: trunk/Source/WebKit2/ChangeLog (111124 => 111125)

--- trunk/Source/WebKit2/ChangeLog	2012-03-17 18:53:23 UTC (rev 111124)
+++ trunk/Source/WebKit2/ChangeLog	2012-03-17 19:23:28 UTC (rev 111125)
@@ -1,3 +1,18 @@
+2012-03-17  Dan Bernstein  <m...@apple.com>
+
+        <rdar://problem/10263562> Crash in WebCore::Range::startPosition() when dismissing the Press and Hold panel by clicking in the menu bar
+        https://bugs.webkit.org/show_bug.cgi?id=81454
+
+        Reviewed by Ada Chan.
+
+        When the Press and Hold panel is dismissed by clicking in the menu bar,
+        -insertText:replacementRange: is called with an NSRange whose location is NSNotFound - 1
+        (see <rdar://problem/11069374>). Trying to convert this bogus range to a WebCore Range
+        returns 0, which leads to the crash.
+
+        * WebProcess/WebPage/mac/WebPageMac.mm:
+        (WebKit::WebPage::insertText): Added a null check, to protect the code from bogus ranges.
+
 2012-03-16  Stephanie Lewis  <sle...@apple.com>
 
         https://bugs.webkit.org/show_bug.cgi?id=81065

Modified: trunk/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm (111124 => 111125)

--- trunk/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm	2012-03-17 18:53:23 UTC (rev 111124)
+++ trunk/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm	2012-03-17 19:23:28 UTC (rev 111125)
@@ -268,10 +268,10 @@
 {
     Frame* frame = m_page->focusController()->focusedOrMainFrame();
 
-    RefPtr<Range> replacementRange;
     if (replacementRangeStart != NSNotFound) {
-        replacementRange = convertToRange(frame, NSMakeRange(replacementRangeStart, replacementRangeEnd - replacementRangeStart));
-        frame->selection()->setSelection(VisibleSelection(replacementRange.get(), SEL_DEFAULT_AFFINITY));
+        RefPtr<Range> replacementRange = convertToRange(frame, NSMakeRange(replacementRangeStart, replacementRangeEnd - replacementRangeStart));
+        if (replacementRange)
+            frame->selection()->setSelection(VisibleSelection(replacementRange.get(), SEL_DEFAULT_AFFINITY));
     }
 
     if (!frame->editor()->hasComposition()) {

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes