Skip to site navigation (Press enter)

[webkit-changes] [186752] branches/safari-601.1-branch/Source

bshafiei Sun, 12 Jul 2015 23:47:24 -0700

Title: [186752] branches/safari-601.1-branch/Source

Revision: 186752
Author: [email protected]
Date: 2015-07-12 23:47:05 -0700 (Sun, 12 Jul 2015)

Log Message

Merged r186684.  rdar://problem/21501819


Modified Paths

branches/safari-601.1-branch/Source/WebCore/ChangeLog
branches/safari-601.1-branch/Source/WebCore/page/Frame.cpp
branches/safari-601.1-branch/Source/WebCore/page/Frame.h
branches/safari-601.1-branch/Source/WebKit2/ChangeLog
branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/WebPage.h
branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/ios/WebPageIOS.mm

Diff

Modified: branches/safari-601.1-branch/Source/WebCore/ChangeLog (186751 => 186752)


--- branches/safari-601.1-branch/Source/WebCore/ChangeLog	2015-07-13 06:45:40 UTC (rev 186751)
+++ branches/safari-601.1-branch/Source/WebCore/ChangeLog	2015-07-13 06:47:05 UTC (rev 186752)
@@ -1,5 +1,25 @@
 2015-07-12  Babak Shafiei  <[email protected]>
 
+        Merge r186684.
+
+    2015-07-10  Zalan Bujtas  <[email protected]>
+
+            Crash at WebCore::WebPage::innerFrameQuad.
+            https://bugs.webkit.org/show_bug.cgi?id=146843
+            rdar://problem/21501819
+
+            Reviewed by Andreas Kling.
+
+            We may end up with a null rootEditableElement() after calling Document::updateLayout().
+
+            Speculative fix. Not reproducible.
+
+            * page/Frame.cpp: Some const cleanup.
+            (WebCore::Frame::visiblePositionForPoint):
+            * page/Frame.h:
+
+2015-07-12  Babak Shafiei  <[email protected]>
+
         Merge r186683.
 
     2015-07-10  Brady Eidson  <[email protected]>

Modified: branches/safari-601.1-branch/Source/WebCore/page/Frame.cpp (186751 => 186752)


--- branches/safari-601.1-branch/Source/WebCore/page/Frame.cpp	2015-07-13 06:45:40 UTC (rev 186751)
+++ branches/safari-601.1-branch/Source/WebCore/page/Frame.cpp	2015-07-13 06:47:05 UTC (rev 186752)
@@ -816,7 +816,7 @@
     return document() ? document()->displayStringModifiedByEncoding(str) : str;
 }
 
-VisiblePosition Frame::visiblePositionForPoint(const IntPoint& framePoint)
+VisiblePosition Frame::visiblePositionForPoint(const IntPoint& framePoint) const
 {
     HitTestResult result = eventHandler().hitTestResultAtPoint(framePoint, HitTestRequest::ReadOnly | HitTestRequest::Active);
     Node* node = result.innerNonSharedNode();

Modified: branches/safari-601.1-branch/Source/WebCore/page/Frame.h (186751 => 186752)


--- branches/safari-601.1-branch/Source/WebCore/page/Frame.h	2015-07-13 06:45:40 UTC (rev 186751)
+++ branches/safari-601.1-branch/Source/WebCore/page/Frame.h	2015-07-13 06:47:05 UTC (rev 186752)
@@ -223,7 +223,7 @@
 
         WEBCORE_EXPORT String displayStringModifiedByEncoding(const String&) const;
 
-        WEBCORE_EXPORT VisiblePosition visiblePositionForPoint(const IntPoint& framePoint);
+        WEBCORE_EXPORT VisiblePosition visiblePositionForPoint(const IntPoint& framePoint) const;
         Document* documentAtPoint(const IntPoint& windowPoint);
         WEBCORE_EXPORT RefPtr<Range> rangeForPoint(const IntPoint& framePoint);

Modified: branches/safari-601.1-branch/Source/WebKit2/ChangeLog (186751 => 186752)


--- branches/safari-601.1-branch/Source/WebKit2/ChangeLog	2015-07-13 06:45:40 UTC (rev 186751)
+++ branches/safari-601.1-branch/Source/WebKit2/ChangeLog	2015-07-13 06:47:05 UTC (rev 186752)
@@ -1,5 +1,33 @@
 2015-07-12  Babak Shafiei  <[email protected]>
 
+        Merge r186684.
+
+    2015-07-10  Zalan Bujtas  <[email protected]>
+
+            Crash at WebCore::WebPage::innerFrameQuad.
+            https://bugs.webkit.org/show_bug.cgi?id=146843
+            rdar://problem/21501819
+
+            Reviewed by Andreas Kling.
+
+            We may end up with a null rootEditableElement() after calling Document::updateLayout().
+
+            Speculative fix. Not reproducible.
+
+            * WebProcess/WebPage/WebPage.h: Some const cleanup.
+            * WebProcess/WebPage/ios/WebPageIOS.mm:
+            (WebKit::innerFrameQuad): null check assistedNode.rootEditableElement()
+            (WebKit::constrainPoint):
+            (WebKit::WebPage::selectWithGesture):
+            (WebKit::WebPage::visiblePositionInFocusedNodeForPoint):
+            (WebKit::WebPage::selectPositionAtPoint):
+            (WebKit::WebPage::selectPositionAtBoundaryWithDirection):
+            (WebKit::WebPage::selectTextWithGranularityAtPoint):
+            (WebKit::WebPage::updateSelectionWithExtentPoint):
+            (WebKit::WebPage::getPositionInformation):
+
+2015-07-12  Babak Shafiei  <[email protected]>
+
         Merge r186678.
 
     2015-07-09  Jon Honeycutt  <[email protected]>

Modified: branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/WebPage.h (186751 => 186752)


--- branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/WebPage.h	2015-07-13 06:45:40 UTC (rev 186751)
+++ branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/WebPage.h	2015-07-13 06:47:05 UTC (rev 186752)
@@ -927,7 +927,7 @@
     void completeSyntheticClick(WebCore::Node* nodeRespondingToClick, const WebCore::FloatPoint& location);
     void sendTapHighlightForNodeIfNecessary(uint64_t requestID, WebCore::Node*);
     void resetTextAutosizingBeforeLayoutIfNeeded(const WebCore::FloatSize& oldSize, const WebCore::FloatSize& newSize);
-    WebCore::VisiblePosition visiblePositionInFocusedNodeForPoint(WebCore::Frame&, const WebCore::IntPoint&);
+    WebCore::VisiblePosition visiblePositionInFocusedNodeForPoint(const WebCore::Frame&, const WebCore::IntPoint&);
     void volatilityTimerFired();
 #endif
 #if !PLATFORM(COCOA)

Modified: branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/ios/WebPageIOS.mm (186751 => 186752)


--- branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/ios/WebPageIOS.mm	2015-07-13 06:45:40 UTC (rev 186751)
+++ branches/safari-601.1-branch/Source/WebKit2/WebProcess/WebPage/ios/WebPageIOS.mm	2015-07-13 06:47:05 UTC (rev 186752)
@@ -793,14 +793,14 @@
     send(Messages::WebPageProxy::DisableInspectorNodeSearch());
 }
 
-static FloatQuad innerFrameQuad(Frame* frame, Node* assistedNode)
+static FloatQuad innerFrameQuad(const Frame& frame, const Node& assistedNode)
 {
-    frame->document()->updateLayoutIgnorePendingStylesheets();
-    RenderObject* renderer;
-    if (assistedNode->hasTagName(HTMLNames::textareaTag) || assistedNode->hasTagName(HTMLNames::inputTag) || assistedNode->hasTagName(HTMLNames::selectTag))
-        renderer = assistedNode->renderer();
-    else
-        renderer = assistedNode->rootEditableElement()->renderer();
+    frame.document()->updateLayoutIgnorePendingStylesheets();
+    RenderElement* renderer = nullptr;
+    if (assistedNode.hasTagName(HTMLNames::textareaTag) || assistedNode.hasTagName(HTMLNames::inputTag) || assistedNode.hasTagName(HTMLNames::selectTag))
+        renderer = downcast<RenderElement>(assistedNode.renderer());
+    else if (Element* rootEditableElement = assistedNode.rootEditableElement())
+        renderer = rootEditableElement->renderer();
     
     if (!renderer)
         return FloatQuad();
@@ -815,9 +815,9 @@
     return FloatQuad(boundingBox);
 }
 
-static IntPoint constrainPoint(const IntPoint& point, Frame* frame, Node* assistedNode)
+static IntPoint constrainPoint(const IntPoint& point, const Frame& frame, const Node& assistedNode)
 {
-    ASSERT(!assistedNode || &assistedNode->document() == frame->document());
+    ASSERT(&assistedNode.document() == frame.document());
     const int DEFAULT_CONSTRAIN_INSET = 2;
     IntRect innerFrame = innerFrameQuad(frame, assistedNode).enclosingBoundingBox();
     IntPoint constrainedPoint = point;
@@ -951,7 +951,7 @@
 
 void WebPage::selectWithGesture(const IntPoint& point, uint32_t granularity, uint32_t gestureType, uint32_t gestureState, uint64_t callbackID)
 {
-    Frame& frame = m_page->focusController().focusedOrMainFrame();
+    const Frame& frame = m_page->focusController().focusedOrMainFrame();
     VisiblePosition position = visiblePositionInFocusedNodeForPoint(frame, point);
 
     if (position.isNull()) {
@@ -1690,16 +1690,16 @@
     send(Messages::WebPageProxy::VoidCallback(callbackID));
 }
 
-VisiblePosition WebPage::visiblePositionInFocusedNodeForPoint(Frame& frame, const IntPoint& point)
+VisiblePosition WebPage::visiblePositionInFocusedNodeForPoint(const Frame& frame, const IntPoint& point)
 {
     IntPoint adjustedPoint(frame.view()->rootViewToContents(point));
-    IntPoint constrainedPoint = m_assistedNode ? constrainPoint(adjustedPoint, &frame, m_assistedNode.get()) : adjustedPoint;
+    IntPoint constrainedPoint = m_assistedNode ? constrainPoint(adjustedPoint, frame, *m_assistedNode) : adjustedPoint;
     return frame.visiblePositionForPoint(constrainedPoint);
 }
 
 void WebPage::selectPositionAtPoint(const WebCore::IntPoint& point, uint64_t callbackID)
 {
-    Frame& frame = m_page->focusController().focusedOrMainFrame();
+    const Frame& frame = m_page->focusController().focusedOrMainFrame();
     VisiblePosition position = visiblePositionInFocusedNodeForPoint(frame, point);
     
     if (position.isNotNull())
@@ -1709,7 +1709,7 @@
 
 void WebPage::selectPositionAtBoundaryWithDirection(const WebCore::IntPoint& point, uint32_t granularity, uint32_t direction, uint64_t callbackID)
 {
-    Frame& frame = m_page->focusController().focusedOrMainFrame();
+    const Frame& frame = m_page->focusController().focusedOrMainFrame();
     VisiblePosition position = visiblePositionInFocusedNodeForPoint(frame, point);
 
     if (position.isNotNull()) {
@@ -1736,7 +1736,7 @@
 
 void WebPage::selectTextWithGranularityAtPoint(const WebCore::IntPoint& point, uint32_t granularity, uint64_t callbackID)
 {
-    Frame& frame = m_page->focusController().focusedOrMainFrame();
+    const Frame& frame = m_page->focusController().focusedOrMainFrame();
     VisiblePosition position = visiblePositionInFocusedNodeForPoint(frame, point);
 
     RefPtr<Range> range;
@@ -1769,7 +1769,7 @@
     
 void WebPage::updateSelectionWithExtentPoint(const WebCore::IntPoint& point, uint64_t callbackID)
 {
-    Frame& frame = m_page->focusController().focusedOrMainFrame();
+    const Frame& frame = m_page->focusController().focusedOrMainFrame();
     VisiblePosition position = visiblePositionInFocusedNodeForPoint(frame, point);
 
     if (position.isNull()) {
@@ -2113,13 +2113,13 @@
     info.point = point;
     info.nodeAtPositionIsAssistedNode = (hitNode == m_assistedNode);
     if (m_assistedNode) {
-        Frame& frame = m_page->focusController().focusedOrMainFrame();
+        const Frame& frame = m_page->focusController().focusedOrMainFrame();
         if (frame.editor().hasComposition()) {
             const uint32_t kHitAreaWidth = 66;
             const uint32_t kHitAreaHeight = 66;
             FrameView& view = *frame.view();
             IntPoint adjustedPoint(view.rootViewToContents(point));
-            IntPoint constrainedPoint = m_assistedNode ? constrainPoint(adjustedPoint, &frame, m_assistedNode.get()) : adjustedPoint;
+            IntPoint constrainedPoint = m_assistedNode ? constrainPoint(adjustedPoint, frame, *m_assistedNode) : adjustedPoint;
             VisiblePosition position = frame.visiblePositionForPoint(constrainedPoint);
 
             RefPtr<Range> compositionRange = frame.editor().compositionRange();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes