Changeset 262631 in webkit


Ignore:
Timestamp:
Jun 5, 2020, 10:36:26 AM (5 years ago)
Author:
Alan Coon
Message:

Cherry-pick r262587. rdar://problem/64034630

Source/WebCore:
REGRESSION:(r262398) Text manipulation crashes when content is added
https://bugs.webkit.org/show_bug.cgi?id=212785

Reviewed by Ryosuke Niwa.

r262398 accidentally removed the bound check on array index and was not caught by existing tests.

Test: TextManipulation.CompleteTextManipulationFailWhenContentIsAdded

  • editing/TextManipulationController.cpp: (WebCore::TextManipulationController::replace):

Tools:
REGRESSION: (r262398) Text manipulation crashes when content is added
https://bugs.webkit.org/show_bug.cgi?id=212785

Reviewed by Ryosuke Niwa.

  • TestWebKitAPI/Tests/WebKitCocoa/TextManipulation.mm: (TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@262587 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Location:
branches/safari-610.1.15-branch
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • branches/safari-610.1.15-branch/Source/WebCore/ChangeLog

    r262578 r262631  
     12020-06-05  Alan Coon  <alancoon@apple.com>
     2
     3        Cherry-pick r262587. rdar://problem/64034630
     4
     5    Source/WebCore:
     6    REGRESSION:(r262398) Text manipulation crashes when content is added
     7    https://bugs.webkit.org/show_bug.cgi?id=212785
     8   
     9    Reviewed by Ryosuke Niwa.
     10   
     11    r262398 accidentally removed the bound check on array index and was not caught by existing tests.
     12   
     13    Test: TextManipulation.CompleteTextManipulationFailWhenContentIsAdded
     14   
     15    * editing/TextManipulationController.cpp:
     16    (WebCore::TextManipulationController::replace):
     17   
     18    Tools:
     19    REGRESSION: (r262398) Text manipulation crashes when content is added
     20    https://bugs.webkit.org/show_bug.cgi?id=212785
     21   
     22    Reviewed by Ryosuke Niwa.
     23   
     24    * TestWebKitAPI/Tests/WebKitCocoa/TextManipulation.mm:
     25    (TestWebKitAPI::TEST):
     26   
     27   
     28    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@262587 268f45cc-cd09-0410-ab3c-d52691b4dbfc
     29
     30    2020-06-04  Sihui Liu  <sihui_liu@apple.com>
     31
     32            REGRESSION:(r262398) Text manipulation crashes when content is added
     33            https://bugs.webkit.org/show_bug.cgi?id=212785
     34
     35            Reviewed by Ryosuke Niwa.
     36
     37            r262398 accidentally removed the bound check on array index and was not caught by existing tests.
     38
     39            Test: TextManipulation.CompleteTextManipulationFailWhenContentIsAdded
     40
     41            * editing/TextManipulationController.cpp:
     42            (WebCore::TextManipulationController::replace):
     43
    1442020-06-04  Alan Coon  <alancoon@apple.com>
    245

  • branches/safari-610.1.15-branch/Source/WebCore/editing/TextManipulationController.cpp

    r262447 r262631  
    640640
    641641        Vector<ManipulationToken> tokensInCurrentNode;
    642         if (content.isReplacedContent)
     642        if (content.isReplacedContent) {
     643            if (currentTokenIndex >= item.tokens.size())
     644                return ManipulationFailureType::ContentChanged;
     645
    643646            tokensInCurrentNode.append(item.tokens[currentTokenIndex]);
    644         else
     647        } else
    645648            tokensInCurrentNode = parse(content.text, content.node.get()).tokens;
    646649
     
    649652        });
    650653        for (auto& token : tokensInCurrentNode) {
    651             if (currentTokenIndex > item.tokens.size())
     654            if (currentTokenIndex >= item.tokens.size())
    652655                return ManipulationFailureType::ContentChanged;
    653656

  • branches/safari-610.1.15-branch/Tools/ChangeLog

    r262447 r262631  
     12020-06-05  Alan Coon  <alancoon@apple.com>
     2
     3        Cherry-pick r262587. rdar://problem/64034630
     4
     5    Source/WebCore:
     6    REGRESSION:(r262398) Text manipulation crashes when content is added
     7    https://bugs.webkit.org/show_bug.cgi?id=212785
     8   
     9    Reviewed by Ryosuke Niwa.
     10   
     11    r262398 accidentally removed the bound check on array index and was not caught by existing tests.
     12   
     13    Test: TextManipulation.CompleteTextManipulationFailWhenContentIsAdded
     14   
     15    * editing/TextManipulationController.cpp:
     16    (WebCore::TextManipulationController::replace):
     17   
     18    Tools:
     19    REGRESSION: (r262398) Text manipulation crashes when content is added
     20    https://bugs.webkit.org/show_bug.cgi?id=212785
     21   
     22    Reviewed by Ryosuke Niwa.
     23   
     24    * TestWebKitAPI/Tests/WebKitCocoa/TextManipulation.mm:
     25    (TestWebKitAPI::TEST):
     26   
     27   
     28    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@262587 268f45cc-cd09-0410-ab3c-d52691b4dbfc
     29
     30    2020-06-04  Sihui Liu  <sihui_liu@apple.com>
     31
     32            REGRESSION: (r262398) Text manipulation crashes when content is added
     33            https://bugs.webkit.org/show_bug.cgi?id=212785
     34
     35            Reviewed by Ryosuke Niwa.
     36
     37            * TestWebKitAPI/Tests/WebKitCocoa/TextManipulation.mm:
     38            (TestWebKitAPI::TEST):
     39
    1402020-06-02  Alan Coon  <alancoon@apple.com>
    241

  • branches/safari-610.1.15-branch/Tools/TestWebKitAPI/Tests/WebKitCocoa/TextManipulation.mm

    r262447 r262631  
    17811781}
    17821782
     1783TEST(TextManipulation, CompleteTextManipulationFailWhenContentIsAdded)
     1784{
     1785    auto delegate = adoptNS([[TextManipulationDelegate alloc] init]);
     1786    auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:NSMakeRect(0, 0, 400, 400)]);
     1787    [webView _setTextManipulationDelegate:delegate.get()];
     1788
     1789    [webView synchronouslyLoadHTMLString:@"<!DOCTYPE html><html><body><p>hello, world</p></body></html>"];
     1790
     1791    done = false;
     1792    [webView _startTextManipulationsWithConfiguration:nil completion:^{
     1793        done = true;
     1794    }];
     1795    TestWebKitAPI::Util::run(&done);
     1796
     1797    auto *items = [delegate items];
     1798    EXPECT_EQ(items.count, 1UL);
     1799    EXPECT_EQ(items[0].tokens.count, 1UL);
     1800    EXPECT_STREQ("hello, world", items[0].tokens[0].content.UTF8String);
     1801
     1802    done = false;
     1803    delegate.get().itemCallback = ^(_WKTextManipulationItem *item) {
     1804        if (items.count == 2)
     1805            done = true;
     1806    };
     1807    [webView stringByEvaluatingJavaScript:@"document.querySelector('p').innerHTML = 'hello, world &#10; bye';"
     1808        "document.body.appendChild(document.createElement('div')).innerHTML = 'end'"];
     1809    TestWebKitAPI::Util::run(&done);
     1810
     1811    done = false;
     1812    __block auto item = createItem(items[0].identifier, {{ items[0].tokens[0].identifier, @"Hello, World" }});
     1813    [webView _completeTextManipulationForItems:@[item.get()] completion:^(NSArray<NSError *> *errors) {
     1814        EXPECT_EQ(errors.count, 1UL);
     1815        EXPECT_EQ(errors.firstObject.domain, _WKTextManipulationItemErrorDomain);
     1816        EXPECT_EQ(errors.firstObject.code, _WKTextManipulationItemErrorContentChanged);
     1817        EXPECT_EQ(errors.firstObject.userInfo[_WKTextManipulationItemErrorItemKey], item.get());
     1818        done = true;
     1819    }];
     1820    TestWebKitAPI::Util::run(&done);
     1821
     1822    EXPECT_WK_STREQ("<p>hello, world \n bye</p><div>end</div>", [webView stringByEvaluatingJavaScript:@"document.body.innerHTML"]);
     1823}
     1824
    17831825TEST(TextManipulation, CompleteTextManipulationFailWhenDocumentHasBeenNavigatedAway)
    17841826{
Note: See TracChangeset for help on using the changeset viewer.