[webkit-changes] [179066] branches/safari-600.1.4.15-branch/Source/WebKit2

Sat, 24 Jan 2015 10:31:02 -0800

Title: [179066] branches/safari-600.1.4.15-branch/Source/WebKit2
Revision
179066
Author
[email protected]
Date
2015-01-24 10:30:20 -0800 (Sat, 24 Jan 2015)

Log Message

Merged small change from r175549.  rdar://problem/19433134


Modified Paths

Diff

Modified: branches/safari-600.1.4.15-branch/Source/WebKit2/ChangeLog (179065 => 179066)


--- branches/safari-600.1.4.15-branch/Source/WebKit2/ChangeLog	2015-01-24 17:27:38 UTC (rev 179065)
+++ branches/safari-600.1.4.15-branch/Source/WebKit2/ChangeLog	2015-01-24 18:30:20 UTC (rev 179066)
@@ -1,3 +1,12 @@
+2015-01-24  David Kilzer  <[email protected]>
+
+        <rdar://problem/19433134> REGRESSION (iOS 8): Reproducible null deref in WebKit::nextFocusableElement
+
+        Merged small change from r175549.
+
+        * WebProcess/WebPage/ios/WebPageIOS.mm:
+        (WebKit::nextFocusableElement): Add isElementNode() check.
+
 2015-01-22  David Kilzer  <[email protected]>
 
         Merge r175608.

Modified: branches/safari-600.1.4.15-branch/Source/WebKit2/WebProcess/WebPage/ios/WebPageIOS.mm (179065 => 179066)


--- branches/safari-600.1.4.15-branch/Source/WebKit2/WebProcess/WebPage/ios/WebPageIOS.mm	2015-01-24 17:27:38 UTC (rev 179065)
+++ branches/safari-600.1.4.15-branch/Source/WebKit2/WebProcess/WebPage/ios/WebPageIOS.mm	2015-01-24 18:30:20 UTC (rev 179066)
@@ -2001,6 +2001,9 @@
 
 static inline Element* nextFocusableElement(Node* startNode, Page* page, bool isForward)
 {
+    if (!startNode->isElementNode())
+        return nullptr;
+
     RefPtr<KeyboardEvent> key = KeyboardEvent::create();
 
     Element* nextElement = toElement(startNode);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to