Title: [191608] trunk
- Revision
- 191608
- Author
- [email protected]
- Date
- 2015-10-26 16:05:54 -0700 (Mon, 26 Oct 2015)
Log Message
Null dereference loading Blink layout test editing/execCommand/insert-image-changing-visibility-crash.html
https://bugs.webkit.org/show_bug.cgi?id=150208
<rdar://problem/23137109>
Patch by Jiewen Tan <[email protected]> on 2015-10-26
Reviewed by Chris Dumez.
Source/WebCore:
This is a merge from Blink r168502:
https://codereview.chromium.org/183893018
Test: editing/execCommand/insert-image-changing-visibility-crash.html
* editing/ReplaceSelectionCommand.cpp:
(WebCore::ReplaceSelectionCommand::doApply):
We should check again the visibility of the inserted position again since
the replacement might change the visibility.
LayoutTests:
* editing/execCommand/insert-image-changing-visibility-crash-expected.txt: Added.
* editing/execCommand/insert-image-changing-visibility-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (191607 => 191608)
--- trunk/LayoutTests/ChangeLog 2015-10-26 22:58:39 UTC (rev 191607)
+++ trunk/LayoutTests/ChangeLog 2015-10-26 23:05:54 UTC (rev 191608)
@@ -1,5 +1,16 @@
2015-10-26 Jiewen Tan <[email protected]>
+ Null dereference loading Blink layout test editing/execCommand/insert-image-changing-visibility-crash.html
+ https://bugs.webkit.org/show_bug.cgi?id=150208
+ <rdar://problem/23137109>
+
+ Reviewed by Chris Dumez.
+
+ * editing/execCommand/insert-image-changing-visibility-crash-expected.txt: Added.
+ * editing/execCommand/insert-image-changing-visibility-crash.html: Added.
+
+2015-10-26 Jiewen Tan <[email protected]>
+
Null dereference loading Blink layout test editing/execCommand/insert-ordered-list-crash.html
https://bugs.webkit.org/show_bug.cgi?id=150209
<rdar://problem/23137198>
Added: trunk/LayoutTests/editing/execCommand/insert-image-changing-visibility-crash-expected.txt (0 => 191608)
--- trunk/LayoutTests/editing/execCommand/insert-image-changing-visibility-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/editing/execCommand/insert-image-changing-visibility-crash-expected.txt 2015-10-26 23:05:54 UTC (rev 191608)
@@ -0,0 +1 @@
+Passes if it does not crash.
Added: trunk/LayoutTests/editing/execCommand/insert-image-changing-visibility-crash.html (0 => 191608)
--- trunk/LayoutTests/editing/execCommand/insert-image-changing-visibility-crash.html (rev 0)
+++ trunk/LayoutTests/editing/execCommand/insert-image-changing-visibility-crash.html 2015-10-26 23:05:54 UTC (rev 191608)
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html>
+<head>
+<style>
+table {
+ visibility: collapse;
+}
+
+*:only-child {
+ visibility: visible;
+}
+</style>
+</head>
+<body contenteditable="true">
+<script>
+window._onload_ = function () {
+ var table = document.getElementById('table');
+ table.insertAdjacentHTML('afterbegin', '<svg></svg><div><div id=\'div\'>text</div>');
+
+ var div = document.getElementById('div');
+ var selection = window.getSelection();
+ selection.collapse(div.firstChild, 0);
+ document.execCommand('InsertImage', false, 'about:blank');
+
+ document.write("Passes if it does not crash.");
+};
+
+if (window.testRunner)
+ testRunner.dumpAsText();
+</script>
+<table id="table" ></table>
+<div></div>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (191607 => 191608)
--- trunk/Source/WebCore/ChangeLog 2015-10-26 22:58:39 UTC (rev 191607)
+++ trunk/Source/WebCore/ChangeLog 2015-10-26 23:05:54 UTC (rev 191608)
@@ -1,5 +1,23 @@
2015-10-26 Jiewen Tan <[email protected]>
+ Null dereference loading Blink layout test editing/execCommand/insert-image-changing-visibility-crash.html
+ https://bugs.webkit.org/show_bug.cgi?id=150208
+ <rdar://problem/23137109>
+
+ Reviewed by Chris Dumez.
+
+ This is a merge from Blink r168502:
+ https://codereview.chromium.org/183893018
+
+ Test: editing/execCommand/insert-image-changing-visibility-crash.html
+
+ * editing/ReplaceSelectionCommand.cpp:
+ (WebCore::ReplaceSelectionCommand::doApply):
+ We should check again the visibility of the inserted position again since
+ the replacement might change the visibility.
+
+2015-10-26 Jiewen Tan <[email protected]>
+
Null dereference loading Blink layout test editing/execCommand/insert-ordered-list-crash.html
https://bugs.webkit.org/show_bug.cgi?id=150209
<rdar://problem/23137198>
Modified: trunk/Source/WebCore/editing/ReplaceSelectionCommand.cpp (191607 => 191608)
--- trunk/Source/WebCore/editing/ReplaceSelectionCommand.cpp 2015-10-26 22:58:39 UTC (rev 191607)
+++ trunk/Source/WebCore/editing/ReplaceSelectionCommand.cpp 2015-10-26 23:05:54 UTC (rev 191608)
@@ -1143,7 +1143,7 @@
// We inserted before the insertionBlock to prevent nesting, and the content before the insertionBlock wasn't in its own block and
// didn't have a br after it, so the inserted content ended up in the same paragraph.
- if (insertionBlock && insertionPos.deprecatedNode() == insertionBlock->parentNode() && (unsigned)insertionPos.deprecatedEditingOffset() < insertionBlock->computeNodeIndex() && !isStartOfParagraph(startOfInsertedContent))
+ if (!startOfInsertedContent.isNull() && insertionBlock && insertionPos.deprecatedNode() == insertionBlock->parentNode() && (unsigned)insertionPos.deprecatedEditingOffset() < insertionBlock->computeNodeIndex() && !isStartOfParagraph(startOfInsertedContent))
insertNodeAt(createBreakElement(document()), startOfInsertedContent.deepEquivalent());
if (endBR && (plainTextFragment || shouldRemoveEndBR(endBR.get(), originalVisPosBeforeEndBR))) {
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
