Skip to site navigation (Press enter)

[webkit-changes] [191609] trunk

commit-queue Mon, 26 Oct 2015 16:08:13 -0700

Title: [191609] trunk

Revision: 191609
Author: [email protected]
Date: 2015-10-26 16:08:06 -0700 (Mon, 26 Oct 2015)

Log Message

Null dereference loading Blink layout test editing/execCommand/crash-replacing-list-by-list.html
https://bugs.webkit.org/show_bug.cgi?id=149288
<rdar://problem/22746310>


Patch by Jiewen Tan <[email protected]> on 2015-10-26
Reviewed by Chris Dumez.

Source/WebCore:

This is a merge of Blink r170821:
https://codereview.chromium.org/220233013

Test: editing/execCommand/crash-replacing-list-by-list.html

* editing/ReplaceSelectionCommand.cpp:
(WebCore::ReplaceSelectionCommand::insertAsListItems):

LayoutTests:

* editing/execCommand/crash-replacing-list-by-list-expected.txt: Added.
* editing/execCommand/crash-replacing-list-by-list.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/editing/ReplaceSelectionCommand.cpp

Added Paths

trunk/LayoutTests/editing/execCommand/crash-replacing-list-by-list-expected.txt
trunk/LayoutTests/editing/execCommand/crash-replacing-list-by-list.html

Diff

Modified: trunk/LayoutTests/ChangeLog (191608 => 191609)


--- trunk/LayoutTests/ChangeLog	2015-10-26 23:05:54 UTC (rev 191608)
+++ trunk/LayoutTests/ChangeLog	2015-10-26 23:08:06 UTC (rev 191609)
@@ -1,5 +1,16 @@
 2015-10-26  Jiewen Tan  <[email protected]>
 
+        Null dereference loading Blink layout test editing/execCommand/crash-replacing-list-by-list.html
+        https://bugs.webkit.org/show_bug.cgi?id=149288
+        <rdar://problem/22746310>
+
+        Reviewed by Chris Dumez.
+
+        * editing/execCommand/crash-replacing-list-by-list-expected.txt: Added.
+        * editing/execCommand/crash-replacing-list-by-list.html: Added.
+
+2015-10-26  Jiewen Tan  <[email protected]>
+
         Null dereference loading Blink layout test editing/execCommand/insert-image-changing-visibility-crash.html
         https://bugs.webkit.org/show_bug.cgi?id=150208
         <rdar://problem/23137109>

Added: trunk/LayoutTests/editing/execCommand/crash-replacing-list-by-list-expected.txt (0 => 191609)


--- trunk/LayoutTests/editing/execCommand/crash-replacing-list-by-list-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/editing/execCommand/crash-replacing-list-by-list-expected.txt	2015-10-26 23:08:06 UTC (rev 191609)
@@ -0,0 +1 @@
+Passes if it does not crash.

Added: trunk/LayoutTests/editing/execCommand/crash-replacing-list-by-list.html (0 => 191609)


--- trunk/LayoutTests/editing/execCommand/crash-replacing-list-by-list.html	                        (rev 0)
+++ trunk/LayoutTests/editing/execCommand/crash-replacing-list-by-list.html	2015-10-26 23:08:06 UTC (rev 191609)
@@ -0,0 +1,13 @@
+<!DOCTYPE html>
+<body>
+Passes if it does not crash.
+<div id="sample" contenteditable="true"><ol><li><br></li></ol></div>
+</body>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+var sample = document.getElementById('sample');
+getSelection().selectAllChildren(sample);
+document.execCommand('InsertHTML', false, '<ul>');
+sample.outerHTML = '';
+</script>

Modified: trunk/Source/WebCore/ChangeLog (191608 => 191609)


--- trunk/Source/WebCore/ChangeLog	2015-10-26 23:05:54 UTC (rev 191608)
+++ trunk/Source/WebCore/ChangeLog	2015-10-26 23:08:06 UTC (rev 191609)
@@ -1,5 +1,21 @@
 2015-10-26  Jiewen Tan  <[email protected]>
 
+        Null dereference loading Blink layout test editing/execCommand/crash-replacing-list-by-list.html
+        https://bugs.webkit.org/show_bug.cgi?id=149288
+        <rdar://problem/22746310>
+
+        Reviewed by Chris Dumez.
+
+        This is a merge of Blink r170821:
+        https://codereview.chromium.org/220233013
+
+        Test: editing/execCommand/crash-replacing-list-by-list.html
+
+        * editing/ReplaceSelectionCommand.cpp:
+        (WebCore::ReplaceSelectionCommand::insertAsListItems):
+
+2015-10-26  Jiewen Tan  <[email protected]>
+
         Null dereference loading Blink layout test editing/execCommand/insert-image-changing-visibility-crash.html
         https://bugs.webkit.org/show_bug.cgi?id=150208
         <rdar://problem/23137109>

Modified: trunk/Source/WebCore/editing/ReplaceSelectionCommand.cpp (191608 => 191609)


--- trunk/Source/WebCore/editing/ReplaceSelectionCommand.cpp	2015-10-26 23:05:54 UTC (rev 191608)
+++ trunk/Source/WebCore/editing/ReplaceSelectionCommand.cpp	2015-10-26 23:08:06 UTC (rev 191609)
@@ -1464,7 +1464,7 @@
         } else
             ASSERT_NOT_REACHED();
     }
-    if (isStart || isMiddle)
+    if ((isStart || isMiddle) && lastNode->previousSibling())
         lastNode = lastNode->previousSibling();
     return lastNode;
 }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes