Changeset 121921 in webkit
- Timestamp:
- Jul 5, 2012 1:03:40 PM (12 years ago)
- Location:
- trunk
- Files:
-
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r121913 r121921 1 2012-07-05 Leandro Gracia Gil <leandrogracia@chromium.org> 2 3 Character iterators should not advance if they are at end 4 https://bugs.webkit.org/show_bug.cgi?id=90560 5 6 Reviewed by Ryosuke Niwa. 7 8 Add a new test case where character iterators are already at end when 9 trying to advance. This was caught by Chromium's address sanitizer 10 here: http://code.google.com/p/chromium/issues/detail?id=135705 11 12 * platform/chromium/editing/surrounding-text/surrounding-text-expected.txt: 13 * platform/chromium/editing/surrounding-text/surrounding-text.html: 14 1 15 2012-07-05 Alexey Proskuryakov <ap@apple.com> 2 16 -
trunk/LayoutTests/platform/chromium/editing/surrounding-text/surrounding-text-expected.txt
r121713 r121921 16 16 PASS surroundingText('<option>.</option>12345<button id="here">test</button><option>.</option>', 0, 100) is "" 17 17 PASS surroundingText('<option>.</option>12345<button>te<span id="here">st</span></button><option>.</option>', 0, 100) is "" 18 PASS surroundingText('<p id="here">.', 0, 2) is "." 18 19 PASS successfullyParsed is true 19 20 -
trunk/LayoutTests/platform/chromium/editing/surrounding-text/surrounding-text.html
r121713 r121921 41 41 shouldBeEqualToString('surroundingText(\'<option>.</option>12345<button id="here">test</button><option>.</option>\', 0, 100)', ''); 42 42 shouldBeEqualToString('surroundingText(\'<option>.</option>12345<button>te<span id="here">st</span></button><option>.</option>\', 0, 100)', ''); 43 shouldBeEqualToString('surroundingText(\'<p id="here">.\', 0, 2)', '.'); 43 44 44 45 document.body.removeChild(document.getElementById('test')); -
trunk/Source/WebCore/ChangeLog
r121920 r121921 1 2012-07-05 Leandro Gracia Gil <leandrogracia@chromium.org> 2 3 Character iterators should not advance if they are at end 4 https://bugs.webkit.org/show_bug.cgi?id=90560 5 6 Reviewed by Ryosuke Niwa. 7 8 CharacterIterator and BackwardsCharacterIterator try to advance their 9 internal TextIterator without checking if they already are at end. 10 This can cause crashes in TextIterator::advance. 11 12 Test: platform/chromium/editing/surrounding-text/surrounding-text.html 13 14 * editing/SurroundingText.cpp: 15 (WebCore::SurroundingText::SurroundingText): 16 * editing/TextIterator.cpp: 17 (WebCore::CharacterIterator::advance): 18 (WebCore::BackwardsCharacterIterator::advance): 19 1 20 2012-07-05 John Mellor <johnme@chromium.org> 2 21 -
trunk/Source/WebCore/editing/SurroundingText.cpp
r112389 r121921 46 46 const unsigned halfMaxLength = maxLength / 2; 47 47 CharacterIterator forwardIterator(makeRange(visiblePosition, endOfDocument(visiblePosition)).get(), TextIteratorStopsOnFormControls); 48 forwardIterator.advance(maxLength - halfMaxLength); 48 if (!forwardIterator.atEnd()) 49 forwardIterator.advance(maxLength - halfMaxLength); 49 50 50 51 Position position = visiblePosition.deepEquivalent().parentAnchoredEquivalent(); … … 54 55 55 56 BackwardsCharacterIterator backwardsIterator(makeRange(startOfDocument(visiblePosition), visiblePosition).get(), TextIteratorStopsOnFormControls); 56 backwardsIterator.advance(halfMaxLength); 57 if (!backwardsIterator.atEnd()) 58 backwardsIterator.advance(halfMaxLength); 57 59 58 60 m_positionOffsetInContent = Range::create(document, backwardsIterator.range()->endPosition(), position)->text().length(); -
trunk/Source/WebCore/editing/TextIterator.cpp
r121123 r121921 1407 1407 void CharacterIterator::advance(int count) 1408 1408 { 1409 ASSERT(!atEnd()); 1410 1409 1411 if (count <= 0) { 1410 1412 ASSERT(count == 0); … … 1515 1517 void BackwardsCharacterIterator::advance(int count) 1516 1518 { 1519 ASSERT(!atEnd()); 1520 1517 1521 if (count <= 0) { 1518 1522 ASSERT(!count);
Note: See TracChangeset
for help on using the changeset viewer.