[webkit-changes] [183086] branches/safari-600.1.4.16-branch/Source/WebKit2

Tue, 21 Apr 2015 17:15:07 -0700

Title: [183086] branches/safari-600.1.4.16-branch/Source/WebKit2
Revision
183086
Author
[email protected]
Date
2015-04-21 17:14:34 -0700 (Tue, 21 Apr 2015)

Log Message

Merge r182162

    2015-03-30  Enrica Casucci  <[email protected]> 

[iOS] WebContent crashing at WebCore: WebCore::Range::collectSelectionRects. 
https://bugs.webkit.org/show_bug.cgi?id=143234 
<rdar://problem/18571345> 

Reviewed by Tim Horton. 

This is a speculative fix that adds a null check before referencing the range. 
In both places where the check has been added the range returned by the call 
that should create it could be null. 

* WebProcess/WebPage/WebPage.cpp: 
(WebKit::WebPage::editorState):

Modified Paths

Diff

Modified: branches/safari-600.1.4.16-branch/Source/WebKit2/ChangeLog (183085 => 183086)


--- branches/safari-600.1.4.16-branch/Source/WebKit2/ChangeLog	2015-04-22 00:13:54 UTC (rev 183085)
+++ branches/safari-600.1.4.16-branch/Source/WebKit2/ChangeLog	2015-04-22 00:14:34 UTC (rev 183086)
@@ -1,3 +1,22 @@
+2015-04-21  Lucas Forschler  <[email protected]>
+
+        Merge r182162
+
+    2015-03-30  Enrica Casucci  <[email protected]> 
+
+        [iOS] WebContent crashing at WebCore: WebCore::Range::collectSelectionRects. 
+        https://bugs.webkit.org/show_bug.cgi?id=143234 
+        <rdar://problem/18571345> 
+
+        Reviewed by Tim Horton. 
+
+        This is a speculative fix that adds a null check before referencing the range. 
+        In both places where the check has been added the range returned by the call 
+        that should create it could be null. 
+
+        * WebProcess/WebPage/WebPage.cpp: 
+        (WebKit::WebPage::editorState):
+
 2015-04-21  Babak Shafiei  <[email protected]>
 
         Merge r182285

Modified: branches/safari-600.1.4.16-branch/Source/WebKit2/WebProcess/WebPage/WebPage.cpp (183085 => 183086)


--- branches/safari-600.1.4.16-branch/Source/WebKit2/WebProcess/WebPage/WebPage.cpp	2015-04-22 00:13:54 UTC (rev 183085)
+++ branches/safari-600.1.4.16-branch/Source/WebKit2/WebProcess/WebPage/WebPage.cpp	2015-04-22 00:14:34 UTC (rev 183086)
@@ -720,14 +720,16 @@
     if (frame.editor().hasComposition()) {
         RefPtr<Range> compositionRange = frame.editor().compositionRange();
         Vector<WebCore::SelectionRect> compositionRects;
-        compositionRange->collectSelectionRects(compositionRects);
-        if (compositionRects.size())
-            result.firstMarkedRect = compositionRects[0].rect();
-        if (compositionRects.size() > 1)
-            result.lastMarkedRect = compositionRects.last().rect();
-        else
-            result.lastMarkedRect = result.firstMarkedRect;
-        result.markedText = plainTextReplacingNoBreakSpace(compositionRange.get());
+        if (compositionRange) {
+            compositionRange->collectSelectionRects(compositionRects);
+            if (compositionRects.size())
+                result.firstMarkedRect = compositionRects[0].rect();
+            if (compositionRects.size() > 1)
+                result.lastMarkedRect = compositionRects.last().rect();
+            else
+                result.lastMarkedRect = result.firstMarkedRect;
+            result.markedText = plainTextReplacingNoBreakSpace(compositionRange.get());
+        }
     }
     FrameView* view = frame.view();
     if (selection.isCaret()) {
@@ -745,15 +747,19 @@
         result.caretRectAtStart = view->contentsToRootView(VisiblePosition(selection.start()).absoluteCaretBounds());
         result.caretRectAtEnd = view->contentsToRootView(VisiblePosition(selection.end()).absoluteCaretBounds());
         RefPtr<Range> selectedRange = selection.toNormalizedRange();
-        selectedRange->collectSelectionRects(result.selectionRects);
-        convertSelectionRectsToRootView(view, result.selectionRects);
-        String selectedText = plainTextReplacingNoBreakSpace(selectedRange.get(), TextIteratorDefaultBehavior, true);
+        String selectedText;
+        if (selectedRange) {
+            selectedRange->collectSelectionRects(result.selectionRects);
+            convertSelectionRectsToRootView(view, result.selectionRects);
+            selectedText = plainTextReplacingNoBreakSpace(selectedRange.get(), TextIteratorDefaultBehavior, true);
+            result.selectedTextLength = selectedText.length();
+            const int maxSelectedTextLength = 200;
+            if (selectedText.length() <= maxSelectedTextLength)
+                result.wordAtSelection = selectedText;
+        }
+
         // FIXME: We should disallow replace when the string contains only CJ characters.
         result.isReplaceAllowed = result.isContentEditable && !result.isInPasswordField && !selectedText.containsOnlyWhitespace();
-        result.selectedTextLength = selectedText.length();
-        const int maxSelectedTextLength = 200;
-        if (selectedText.length() <= maxSelectedTextLength)
-            result.wordAtSelection = selectedText;
     }
     if (!selection.isNone()) {
         Node* nodeToRemove;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to