Title: [199807] trunk/Source/WebCore
- Revision
- 199807
- Author
- [email protected]
- Date
- 2016-04-20 22:02:23 -0700 (Wed, 20 Apr 2016)
Log Message
Crash under WebCore::TextIterator::subrange()
https://bugs.webkit.org/show_bug.cgi?id=156809
<rdar://problem/21102730>
Reviewed by Ryosuke Niwa.
TextIterator::rangeFromLocationAndLength() may return null. However, we
failed to do a null check before calling TextIterator::subrange() with
that range.
No new tests, do not know how to reproduce.
* editing/AlternativeTextController.cpp:
(WebCore::AlternativeTextController::applyAlternativeTextToRange):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (199806 => 199807)
--- trunk/Source/WebCore/ChangeLog 2016-04-21 05:01:42 UTC (rev 199806)
+++ trunk/Source/WebCore/ChangeLog 2016-04-21 05:02:23 UTC (rev 199807)
@@ -1,3 +1,20 @@
+2016-04-20 Chris Dumez <[email protected]>
+
+ Crash under WebCore::TextIterator::subrange()
+ https://bugs.webkit.org/show_bug.cgi?id=156809
+ <rdar://problem/21102730>
+
+ Reviewed by Ryosuke Niwa.
+
+ TextIterator::rangeFromLocationAndLength() may return null. However, we
+ failed to do a null check before calling TextIterator::subrange() with
+ that range.
+
+ No new tests, do not know how to reproduce.
+
+ * editing/AlternativeTextController.cpp:
+ (WebCore::AlternativeTextController::applyAlternativeTextToRange):
+
2016-04-20 Brady Eidson <[email protected]>
Modern IDB (Workers): Remove IDBRequest/IDBOpenDBRequest's requirement to get an IDBServerConnection around.
Modified: trunk/Source/WebCore/editing/AlternativeTextController.cpp (199806 => 199807)
--- trunk/Source/WebCore/editing/AlternativeTextController.cpp 2016-04-21 05:01:42 UTC (rev 199806)
+++ trunk/Source/WebCore/editing/AlternativeTextController.cpp 2016-04-21 05:02:23 UTC (rev 199807)
@@ -273,6 +273,8 @@
applyCommand(SpellingCorrectionCommand::create(rangeWithAlternative.ptr(), alternative));
// Recalculate pragraphRangeContainingCorrection, since SpellingCorrectionCommand modified the DOM, such that the original paragraphRangeContainingCorrection is no longer valid. Radar: 10305315 Bugzilla: 89526
paragraphRangeContainingCorrection = TextIterator::rangeFromLocationAndLength(&rootNode, paragraphStartIndex, correctionStartOffsetInParagraph + alternative.length());
+ if (!paragraphRangeContainingCorrection)
+ return;
setEnd(paragraphRangeContainingCorrection.get(), m_frame.selection().selection().start());
RefPtr<Range> replacementRange = TextIterator::subrange(paragraphRangeContainingCorrection.get(), correctionStartOffsetInParagraph, alternative.length());
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
