Changeset 294281 in webkit


Ignore:
Timestamp:
May 16, 2022, 4:58:42 PM (3 years ago)
Author:
gnavamarino@apple.com
Message:

Crash in WebCore::InsertTextCommand::positionInsideTextNode
https://bugs.webkit.org/show_bug.cgi?id=240480

Reviewed by Ryosuke Niwa.

Calling pushAnchorElementDown in CompositeEditCommand::positionAvoidingSpecialElementBoundary can
end up removing the startPosition's container node which leaves an invalid endingSelection.

InsertTextCommand::doApply requires a real endingSelection, so we should check if this occurred and bail out.

  • editing/InsertTextCommand.cpp:

(WebCore::InsertTextCommand::doApply):

Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r294280 r294281  
     12022-05-16  Gabriel Nava Marino  <gnavamarino@apple.com>
     2
     3        Crash in WebCore::InsertTextCommand::positionInsideTextNode
     4        https://bugs.webkit.org/show_bug.cgi?id=240480
     5
     6        Reviewed by Ryosuke Niwa.
     7
     8        Calling pushAnchorElementDown in CompositeEditCommand::positionAvoidingSpecialElementBoundary can
     9        end up removing the startPosition's container node which leaves an invalid endingSelection.
     10
     11        InsertTextCommand::doApply requires a real endingSelection, so we should check if this occurred and bail out.
     12
     13        * editing/InsertTextCommand.cpp:
     14        (WebCore::InsertTextCommand::doApply):
     15
    1162022-05-16  Said Abou-Hallawa  <said@apple.com>
    217

  • trunk/Source/WebCore/editing/InsertTextCommand.cpp

    r293491 r294281  
    183183   
    184184    startPosition = positionAvoidingSpecialElementBoundary(startPosition);
    185    
     185    if (endingSelection().isNoneOrOrphaned())
     186        return;
     187
    186188    Position endPosition;
    187189   
Note: See TracChangeset for help on using the changeset viewer.