Changeset 70594 in webkit


Ignore:
Timestamp:
Oct 26, 2010, 5:49:45 PM (14 years ago)
Author:
rniwa@webkit.org
Message:

Crash in CompositeEditCommand::splitTreeToNode
https://bugs.webkit.org/show_bug.cgi?id=48349

Reviewed by Kent Tamura.

WebCore:

The bug was caused by indentIntoBlockquote's passing null pointer to splitTreeToNode.
Fixed the crash by adding early exits.

Test: editing/execCommand/indent-node-to-split-to-crash.html

  • editing/CompositeEditCommand.cpp:

(WebCore::CompositeEditCommand::splitTreeToNode):

  • editing/IndentOutdentCommand.cpp:

(WebCore::IndentOutdentCommand::indentIntoBlockquote):

LayoutTests:

Added a test to ensure WebKit does not crash when indenting.

  • editing/execCommand/indent-node-to-split-to-crash-expected.txt: Added.
  • editing/execCommand/indent-node-to-split-to-crash.html: Added.
Location:
trunk
Files:
2 added
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r70593 r70594  
     12010-10-26  Ryosuke Niwa  <rniwa@webkit.org>
     2
     3        Reviewed by Kent Tamura.
     4
     5        Crash in CompositeEditCommand::splitTreeToNode
     6        https://bugs.webkit.org/show_bug.cgi?id=48349
     7
     8        Added a test to ensure WebKit does not crash when indenting.
     9
     10        * editing/execCommand/indent-node-to-split-to-crash-expected.txt: Added.
     11        * editing/execCommand/indent-node-to-split-to-crash.html: Added.
     12
    1132010-10-26  Ryosuke Niwa  <rniwa@webkit.org>
    214
  • trunk/WebCore/ChangeLog

    r70593 r70594  
     12010-10-26  Ryosuke Niwa  <rniwa@webkit.org>
     2
     3        Reviewed by Kent Tamura.
     4
     5        Crash in CompositeEditCommand::splitTreeToNode
     6        https://bugs.webkit.org/show_bug.cgi?id=48349
     7
     8        The bug was caused by indentIntoBlockquote's passing null pointer to splitTreeToNode.
     9        Fixed the crash by adding early exits.
     10
     11        Test: editing/execCommand/indent-node-to-split-to-crash.html
     12
     13        * editing/CompositeEditCommand.cpp:
     14        (WebCore::CompositeEditCommand::splitTreeToNode):
     15        * editing/IndentOutdentCommand.cpp:
     16        (WebCore::IndentOutdentCommand::indentIntoBlockquote):
     17
    1182010-10-26  Ryosuke Niwa  <rniwa@webkit.org>
    219
  • trunk/WebCore/editing/CompositeEditCommand.cpp

    r69868 r70594  
    11851185    RefPtr<Node> node;
    11861186    for (node = start; node && node->parent() != end; node = node->parent()) {
     1187        if (!node->parent()->isElementNode())
     1188            break;
    11871189        VisiblePosition positionInParent(Position(node->parent(), 0), DOWNSTREAM);
    11881190        VisiblePosition positionInNode(Position(node, 0), DOWNSTREAM);
  • trunk/WebCore/editing/IndentOutdentCommand.cpp

    r69868 r70594  
    9999    else
    100100        nodeToSplitTo = editableRootForPosition(start);
     101
     102    if (!nodeToSplitTo)
     103        return;
    101104
    102105    RefPtr<Node> outerBlock = (start.node() == nodeToSplitTo) ? start.node() : splitTreeToNode(start.node(), nodeToSplitTo);
Note: See TracChangeset for help on using the changeset viewer.