Title: [115848] trunk
- Revision
- 115848
- Author
- [email protected]
- Date
- 2012-05-02 10:45:14 -0700 (Wed, 02 May 2012)
Log Message
NULL ptr in WebCore::AppendNodeCommand::AppendNodeCommand
https://bugs.webkit.org/show_bug.cgi?id=75843
Reviewed by Tony Chang.
Source/WebCore:
The crash was caused by indentIntoBlockquote's passing a bad outerBlock to moveParagraphsWithClone.
When the position is created after blockquote in the following DOM:
BODY
* BLOCKQUOTE style=margin: 0 0 0 40px; border: none; padding: 0px;
E
#text "\nx\n"
VisiblePosition's constructor (of startOfContents) turns the position into a legacy position (blockquote, 0).
The crash occurs because this position doesn't belong in the same paragraph as E, which is the paragraph
we're trying to move into the blockquote.
Fixed bug by calling positionInParentAfterNode instead of positionAfterNode for now. We should eventually be
able to use positionAfterNode here once VisiblePosition's constructor starts handling before/after positions
properly.
Test: editing/execCommand/indent-with-after-content-crash.html
* editing/IndentOutdentCommand.cpp:
(WebCore::IndentOutdentCommand::indentIntoBlockquote):
LayoutTests:
Add a regression test.
* editing/execCommand/indent-with-after-content-crash-expected.txt: Added.
* editing/execCommand/indent-with-after-content-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (115847 => 115848)
--- trunk/LayoutTests/ChangeLog 2012-05-02 17:42:07 UTC (rev 115847)
+++ trunk/LayoutTests/ChangeLog 2012-05-02 17:45:14 UTC (rev 115848)
@@ -1,3 +1,15 @@
+2012-05-02 Ryosuke Niwa <[email protected]>
+
+ NULL ptr in WebCore::AppendNodeCommand::AppendNodeCommand
+ https://bugs.webkit.org/show_bug.cgi?id=75843
+
+ Reviewed by Tony Chang.
+
+ Add a regression test.
+
+ * editing/execCommand/indent-with-after-content-crash-expected.txt: Added.
+ * editing/execCommand/indent-with-after-content-crash.html: Added.
+
2012-05-02 Julien Chaffraix <[email protected]>
REGRESSION(110072): Clipping is not applied on layers that are animated using platform code
Added: trunk/LayoutTests/editing/execCommand/indent-with-after-content-crash-expected.txt (0 => 115848)
--- trunk/LayoutTests/editing/execCommand/indent-with-after-content-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/editing/execCommand/indent-with-after-content-crash-expected.txt 2012-05-02 17:45:14 UTC (rev 115848)
@@ -0,0 +1,2 @@
+This tests indenting with :after {content: "]"}. The test passes if WebKit doesn't crash.
+PASS.
Added: trunk/LayoutTests/editing/execCommand/indent-with-after-content-crash.html (0 => 115848)
--- trunk/LayoutTests/editing/execCommand/indent-with-after-content-crash.html (rev 0)
+++ trunk/LayoutTests/editing/execCommand/indent-with-after-content-crash.html 2012-05-02 17:45:14 UTC (rev 115848)
@@ -0,0 +1,21 @@
+<style>
+ :after{
+ content: "]";
+ }
+</style>
+<script>
+
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+window._onload_ = function() {
+ document.execCommand("SelectAll",false);
+ document.execCommand("Indent", false);
+
+ document.body.innerHTML = "This tests indenting with :after {content: \"]\"}. The test passes if WebKit doesn't crash.<br>"
+ + "PASS.";
+};
+</script>
+<e>
+x
+<body contenteditable="true">
\ No newline at end of file
Modified: trunk/Source/WebCore/ChangeLog (115847 => 115848)
--- trunk/Source/WebCore/ChangeLog 2012-05-02 17:42:07 UTC (rev 115847)
+++ trunk/Source/WebCore/ChangeLog 2012-05-02 17:45:14 UTC (rev 115848)
@@ -1,3 +1,30 @@
+2012-05-02 Ryosuke Niwa <[email protected]>
+
+ NULL ptr in WebCore::AppendNodeCommand::AppendNodeCommand
+ https://bugs.webkit.org/show_bug.cgi?id=75843
+
+ Reviewed by Tony Chang.
+
+ The crash was caused by indentIntoBlockquote's passing a bad outerBlock to moveParagraphsWithClone.
+
+ When the position is created after blockquote in the following DOM:
+ BODY
+ * BLOCKQUOTE style=margin: 0 0 0 40px; border: none; padding: 0px;
+ E
+ #text "\nx\n"
+ VisiblePosition's constructor (of startOfContents) turns the position into a legacy position (blockquote, 0).
+ The crash occurs because this position doesn't belong in the same paragraph as E, which is the paragraph
+ we're trying to move into the blockquote.
+
+ Fixed bug by calling positionInParentAfterNode instead of positionAfterNode for now. We should eventually be
+ able to use positionAfterNode here once VisiblePosition's constructor starts handling before/after positions
+ properly.
+
+ Test: editing/execCommand/indent-with-after-content-crash.html
+
+ * editing/IndentOutdentCommand.cpp:
+ (WebCore::IndentOutdentCommand::indentIntoBlockquote):
+
2012-05-02 Jer Noble <[email protected]>
WebWindowFadeAnimation ignores "duration" parameter.
Modified: trunk/Source/WebCore/editing/IndentOutdentCommand.cpp (115847 => 115848)
--- trunk/Source/WebCore/editing/IndentOutdentCommand.cpp 2012-05-02 17:42:07 UTC (rev 115847)
+++ trunk/Source/WebCore/editing/IndentOutdentCommand.cpp 2012-05-02 17:45:14 UTC (rev 115848)
@@ -114,7 +114,7 @@
insertNodeAt(targetBlockquote, start);
else
insertNodeBefore(targetBlockquote, outerBlock);
- startOfContents = positionAfterNode(targetBlockquote.get());
+ startOfContents = positionInParentAfterNode(targetBlockquote.get());
}
moveParagraphWithClones(startOfContents, end, targetBlockquote.get(), outerBlock.get());
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
