Changeset 122139 in webkit
- Timestamp:
- Jul 9, 2012 12:36:57 PM (12 years ago)
- Location:
- trunk
- Files:
-
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r122132 r122139 1 2012-07-09 Leandro Gracia Gil <leandrogracia@chromium.org> 2 3 SurroundingText should not advance character iterators if they are at end. 4 https://bugs.webkit.org/show_bug.cgi?id=90560 5 6 Reviewed by Ryosuke Niwa. 7 8 Add a new test case where character iterators are already at end when 9 trying to advance. This was caught by Chromium's address sanitizer 10 here: http://code.google.com/p/chromium/issues/detail?id=135705 11 12 * platform/chromium/editing/surrounding-text/surrounding-text-expected.txt: 13 * platform/chromium/editing/surrounding-text/surrounding-text.html: 14 1 15 2012-07-09 Rafael Weinstein <rafaelw@chromium.org> 2 16 -
trunk/LayoutTests/platform/chromium/editing/surrounding-text/surrounding-text-expected.txt
r121933 r122139 16 16 PASS surroundingText('<option>.</option>12345<button id="here">test</button><option>.</option>', 0, 100) is "" 17 17 PASS surroundingText('<option>.</option>12345<button>te<span id="here">st</span></button><option>.</option>', 0, 100) is "" 18 PASS surroundingText('<p id="here">.</p>', 0, 2) is "." 18 19 PASS successfullyParsed is true 19 20 -
trunk/LayoutTests/platform/chromium/editing/surrounding-text/surrounding-text.html
r122077 r122139 41 41 shouldBeEqualToString('surroundingText(\'<option>.</option>12345<button id="here">test</button><option>.</option>\', 0, 100)', ''); 42 42 shouldBeEqualToString('surroundingText(\'<option>.</option>12345<button>te<span id="here">st</span></button><option>.</option>\', 0, 100)', ''); 43 shouldBeEqualToString('surroundingText(\'<p id="here">.</p>\', 0, 2)', '.'); 43 44 44 45 document.body.removeChild(document.getElementById('test')); -
trunk/Source/WebCore/ChangeLog
r122134 r122139 1 2012-07-09 Leandro Gracia Gil <leandrogracia@chromium.org> 2 3 SurroundingText should not advance character iterators if they are at end. 4 https://bugs.webkit.org/show_bug.cgi?id=90560 5 6 Reviewed by Ryosuke Niwa. 7 8 CharacterIterator and BackwardsCharacterIterator try to advance their 9 internal TextIterator without checking if they already are at end. 10 This can cause crashes in TextIterator::advance. 11 12 Test: platform/chromium/editing/surrounding-text/surrounding-text.html 13 14 * editing/SurroundingText.cpp: 15 (WebCore::SurroundingText::SurroundingText): 16 (WebCore::SurroundingText::rangeFromContentOffsets): 17 1 18 2012-07-09 Sudarsana Nagineni <sudarsana.nagineni@linux.intel.com> 2 19 -
trunk/Source/WebCore/editing/SurroundingText.cpp
r121933 r122139 44 44 : m_positionOffsetInContent(0) 45 45 { 46 if (visiblePosition.isNull()) 47 return; 48 46 49 const unsigned halfMaxLength = maxLength / 2; 47 50 CharacterIterator forwardIterator(makeRange(visiblePosition, endOfDocument(visiblePosition)).get(), TextIteratorStopsOnFormControls); 48 forwardIterator.advance(maxLength - halfMaxLength); 51 if (!forwardIterator.atEnd()) 52 forwardIterator.advance(maxLength - halfMaxLength); 49 53 50 54 Position position = visiblePosition.deepEquivalent().parentAnchoredEquivalent(); 51 55 Document* document = position.document(); 52 if (!Range::create(document, position, forwardIterator.range()->startPosition())->text().length()) 56 RefPtr<Range> forwardRange = forwardIterator.range(); 57 if (!forwardRange || !Range::create(document, position, forwardRange->startPosition())->text().length()) { 58 ASSERT(forwardRange); 53 59 return; 60 } 54 61 55 62 BackwardsCharacterIterator backwardsIterator(makeRange(startOfDocument(visiblePosition), visiblePosition).get(), TextIteratorStopsOnFormControls); 56 backwardsIterator.advance(halfMaxLength); 63 if (!backwardsIterator.atEnd()) 64 backwardsIterator.advance(halfMaxLength); 57 65 58 m_positionOffsetInContent = Range::create(document, backwardsIterator.range()->endPosition(), position)->text().length(); 59 m_contentRange = Range::create(document, backwardsIterator.range()->endPosition(), forwardIterator.range()->startPosition()); 66 RefPtr<Range> backwardsRange = backwardsIterator.range(); 67 if (!backwardsRange) { 68 ASSERT(backwardsRange); 69 return; 70 } 71 72 m_positionOffsetInContent = Range::create(document, backwardsRange->endPosition(), position)->text().length(); 73 m_contentRange = Range::create(document, backwardsRange->endPosition(), forwardRange->startPosition()); 74 ASSERT(m_contentRange); 60 75 } 61 76 … … 66 81 67 82 CharacterIterator iterator(m_contentRange.get()); 83 84 ASSERT(!iterator.atEnd()); 68 85 iterator.advance(startOffsetInContent); 69 86 87 ASSERT(iterator.range()); 70 88 Position start = iterator.range()->startPosition(); 89 90 ASSERT(!iterator.atEnd()); 71 91 iterator.advance(endOffsetInContent - startOffsetInContent); 92 93 ASSERT(iterator.range()); 72 94 Position end = iterator.range()->startPosition(); 95 73 96 return Range::create(start.document(), start, end); 74 97 } -
trunk/Source/WebKit/chromium/ChangeLog
r122120 r122139 1 2012-07-09 Leandro Gracia Gil <leandrogracia@chromium.org> 2 3 SurroundingText should not advance character iterators if they are at end. 4 https://bugs.webkit.org/show_bug.cgi?id=90560 5 6 Reviewed by Ryosuke Niwa. 7 8 Moving the check for null visible positions to WebCore as it makes no 9 sense to be in a platform-specific code. 10 11 * src/WebSurroundingText.cpp: 12 (WebKit::WebSurroundingText::initialize): 13 1 14 2012-07-09 Dana Jansens <danakj@chromium.org> 2 15 -
trunk/Source/WebKit/chromium/src/WebSurroundingText.cpp
r115877 r122139 47 47 return; 48 48 49 VisiblePosition visiblePosition(node->renderer()->positionForPoint(static_cast<IntPoint>(hitTestInfo.localPoint()))); 50 if (visiblePosition.isNull()) 51 return; 52 53 m_private.reset(new SurroundingText(visiblePosition, maxLength)); 49 m_private.reset(new SurroundingText(VisiblePosition(node->renderer()->positionForPoint(static_cast<IntPoint>(hitTestInfo.localPoint()))), maxLength)); 54 50 } 55 51
Note: See TracChangeset
for help on using the changeset viewer.