Skip to site navigation (Press enter)

[webkit-changes] [200028] releases/WebKitGTK/webkit-2.12/Source/WebCore

carlosgc Mon, 25 Apr 2016 08:57:53 -0700

Title: [200028] releases/WebKitGTK/webkit-2.12/Source/WebCore

Revision: 200028
Author: [email protected]
Date: 2016-04-25 08:57:34 -0700 (Mon, 25 Apr 2016)

Log Message

Merge r199807 - Crash under WebCore::TextIterator::subrange()
https://bugs.webkit.org/show_bug.cgi?id=156809
<rdar://problem/21102730>


Reviewed by Ryosuke Niwa.

TextIterator::rangeFromLocationAndLength() may return null. However, we
failed to do a null check before calling TextIterator::subrange() with
that range.

No new tests, do not know how to reproduce.

* editing/AlternativeTextController.cpp:
(WebCore::AlternativeTextController::applyAlternativeTextToRange):

Modified Paths

releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.12/Source/WebCore/editing/AlternativeTextController.cpp

Diff

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog (200027 => 200028)


--- releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog	2016-04-25 15:55:51 UTC (rev 200027)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog	2016-04-25 15:57:34 UTC (rev 200028)
@@ -1,5 +1,22 @@
 2016-04-20  Chris Dumez  <[email protected]>
 
+        Crash under WebCore::TextIterator::subrange()
+        https://bugs.webkit.org/show_bug.cgi?id=156809
+        <rdar://problem/21102730>
+
+        Reviewed by Ryosuke Niwa.
+
+        TextIterator::rangeFromLocationAndLength() may return null. However, we
+        failed to do a null check before calling TextIterator::subrange() with
+        that range.
+
+        No new tests, do not know how to reproduce.
+
+        * editing/AlternativeTextController.cpp:
+        (WebCore::AlternativeTextController::applyAlternativeTextToRange):
+
+2016-04-20  Chris Dumez  <[email protected]>
+
         Potential overflow in RenderLayer::hitTestList()
         https://bugs.webkit.org/show_bug.cgi?id=156804

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/editing/AlternativeTextController.cpp (200027 => 200028)


--- releases/WebKitGTK/webkit-2.12/Source/WebCore/editing/AlternativeTextController.cpp	2016-04-25 15:55:51 UTC (rev 200027)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/editing/AlternativeTextController.cpp	2016-04-25 15:57:34 UTC (rev 200028)
@@ -273,6 +273,8 @@
     applyCommand(SpellingCorrectionCommand::create(rangeWithAlternative.ptr(), alternative));
     // Recalculate pragraphRangeContainingCorrection, since SpellingCorrectionCommand modified the DOM, such that the original paragraphRangeContainingCorrection is no longer valid. Radar: 10305315 Bugzilla: 89526
     paragraphRangeContainingCorrection = TextIterator::rangeFromLocationAndLength(&rootNode, paragraphStartIndex, correctionStartOffsetInParagraph + alternative.length());
+    if (!paragraphRangeContainingCorrection)
+        return;
     
     setEnd(paragraphRangeContainingCorrection.get(), m_frame.selection().selection().start());
     RefPtr<Range> replacementRange = TextIterator::subrange(paragraphRangeContainingCorrection.get(), correctionStartOffsetInParagraph, alternative.length());

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes