[webkit-changes] [148894] trunk

Mon, 22 Apr 2013 10:54:36 -0700

Title: [148894] trunk
Revision
148894
Author
[email protected]
Date
2013-04-22 10:56:22 -0700 (Mon, 22 Apr 2013)

Log Message

Crash on OS X when shift clicking outside of input
https://bugs.webkit.org/show_bug.cgi?id=104058

Patch by Yi Shen <[email protected]> on 2013-04-22
Reviewed by Chang Shu.

Source/WebCore:

Shift clicking outside of a focused div while removing the focused div from
the dom tree at the same time may hit a null visible position, which should
not be used to calculate the text distance with the new selection's start and
end position. Otherwise, the browser may crash.

Test: editing/selection/crash-on-shift-click.html

* page/EventHandler.cpp:
(WebCore::EventHandler::handleMousePressEventSingleClick):

LayoutTests:

Add test for shift click crash issue.

* editing/selection/crash-on-shift-click-expected.txt: Added.
* editing/selection/crash-on-shift-click.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (148893 => 148894)


--- trunk/LayoutTests/ChangeLog	2013-04-22 17:37:29 UTC (rev 148893)
+++ trunk/LayoutTests/ChangeLog	2013-04-22 17:56:22 UTC (rev 148894)
@@ -1,3 +1,15 @@
+2013-04-22  Yi Shen  <[email protected]>
+
+        Crash on OS X when shift clicking outside of input
+        https://bugs.webkit.org/show_bug.cgi?id=104058
+
+        Reviewed by Chang Shu.
+
+        Add test for shift click crash issue.
+
+        * editing/selection/crash-on-shift-click-expected.txt: Added.
+        * editing/selection/crash-on-shift-click.html: Added.
+
 2013-04-22  Jessie Berlin  <[email protected]>
 
         Fix an incorrect rebaseline done in r148830.

Added: trunk/LayoutTests/editing/selection/crash-on-shift-click-expected.txt (0 => 148894)


--- trunk/LayoutTests/editing/selection/crash-on-shift-click-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/editing/selection/crash-on-shift-click-expected.txt	2013-04-22 17:56:22 UTC (rev 148894)
@@ -0,0 +1,2 @@
+This test shift clicks outside of a focused div with removing the focused div from the dom tree at the same time. If this doesn't crash, then the test passes.
+

Added: trunk/LayoutTests/editing/selection/crash-on-shift-click.html (0 => 148894)


--- trunk/LayoutTests/editing/selection/crash-on-shift-click.html	                        (rev 0)
+++ trunk/LayoutTests/editing/selection/crash-on-shift-click.html	2013-04-22 17:56:22 UTC (rev 148894)
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<html>
+<body>
+<div id="parentDiv">
+<div id="firstChildDiv" contenteditable>first child div</div>
+<div id="secondChildDiv" contenteditable>second child div</div>
+<div/>
+<script>
+
+function clickOnTestPage(x, y, keys) {
+    eventSender.mouseMoveTo(x, y);
+    eventSender.mouseDown(0, keys);
+    eventSender.mouseUp(0, keys);
+}
+
+function runTest() {
+    var parentDivElement = document.getElementById('parentDiv');
+    clickOnTestPage(parentDivElement.offsetLeft + 10, parentDivElement.offsetTop + 10);
+    eventSender.leapForward(300);
+    window._onmousedown_ = removeFirstChildDiv;
+    clickOnTestPage(100, 100, ['shiftKey']);
+    document.getElementById('secondChildDiv').innerHTML = "This test shift clicks outside of a focused div with removing the focused div from the dom tree at the same time. If this doesn't crash, then the test passes.";
+}
+
+function removeFirstChildDiv() {
+    var parentDivElement = document.getElementById('parentDiv');
+    var childDivElement = document.getElementById('firstChildDiv');
+    parentDivElement.removeChild(childDivElement);
+}
+
+if (window.eventSender)
+    runTest();
+
+if (window.testRunner)
+    testRunner.dumpAsText();
+
+</script>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (148893 => 148894)


--- trunk/Source/WebCore/ChangeLog	2013-04-22 17:37:29 UTC (rev 148893)
+++ trunk/Source/WebCore/ChangeLog	2013-04-22 17:56:22 UTC (rev 148894)
@@ -1,3 +1,20 @@
+2013-04-22  Yi Shen  <[email protected]>
+
+        Crash on OS X when shift clicking outside of input
+        https://bugs.webkit.org/show_bug.cgi?id=104058
+
+        Reviewed by Chang Shu.
+
+        Shift clicking outside of a focused div while removing the focused div from
+        the dom tree at the same time may hit a null visible position, which should
+        not be used to calculate the text distance with the new selection's start and
+        end position. Otherwise, the browser may crash.
+
+        Test: editing/selection/crash-on-shift-click.html
+
+        * page/EventHandler.cpp:
+        (WebCore::EventHandler::handleMousePressEventSingleClick):
+
 2013-04-22  Carlos Garcia Campos  <[email protected]>
 
         Scrollbar should not depend on EventHandler, Frame and FrameView

Modified: trunk/Source/WebCore/page/EventHandler.cpp (148893 => 148894)


--- trunk/Source/WebCore/page/EventHandler.cpp	2013-04-22 17:37:29 UTC (rev 148893)
+++ trunk/Source/WebCore/page/EventHandler.cpp	2013-04-22 17:56:22 UTC (rev 148894)
@@ -605,7 +605,7 @@
                 pos = selectionInUserSelectAll.end();
         }
 
-        if (!m_frame->editor()->behavior().shouldConsiderSelectionAsDirectional()) {
+        if (!m_frame->editor()->behavior().shouldConsiderSelectionAsDirectional() && pos.isNotNull()) {
             // See <rdar://problem/3668157> REGRESSION (Mail): shift-click deselects when selection
             // was created right-to-left
             Position start = newSelection.start();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to