Changeset 190835 in webkit


Ignore:
Timestamp:
Oct 9, 2015 7:53:53 PM (9 years ago)
Author:
Alan Bujtas
Message:

Check if start and end positions are still valid after updating them through VisibleSelection.
https://bugs.webkit.org/show_bug.cgi?id=149982

Reviewed by Ryosuke Niwa.

This patch is required to be able to clean up anonymous tables structure.
In certain edge cases, start/end positions could become nullptr after various text splitting
operations.

Covered by editing/execCommand/crash-137961.html

  • editing/ApplyStyleCommand.cpp:

(WebCore::ApplyStyleCommand::applyRelativeFontStyleChange):
(WebCore::ApplyStyleCommand::applyInlineStyle):

Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r190834 r190835  
     12015-10-09  Zalan Bujtas  <zalan@apple.com>
     2
     3        Check if start and end positions are still valid after updating them through VisibleSelection.
     4        https://bugs.webkit.org/show_bug.cgi?id=149982
     5
     6        Reviewed by Ryosuke Niwa.
     7
     8        This patch is required to be able to clean up anonymous tables structure.
     9        In certain edge cases, start/end positions could become nullptr after various text splitting
     10        operations.
     11
     12        Covered by editing/execCommand/crash-137961.html
     13
     14        * editing/ApplyStyleCommand.cpp:
     15        (WebCore::ApplyStyleCommand::applyRelativeFontStyleChange):
     16        (WebCore::ApplyStyleCommand::applyInlineStyle):
     17
    1182015-10-09  Simon Fraser  <simon.fraser@apple.com>
    219

  • trunk/Source/WebCore/editing/ApplyStyleCommand.cpp

    r190634 r190835  
    340340    }
    341341
     342    if (start.isNull() || end.isNull())
     343        return;
     344
    342345    if (isValidCaretPositionInTextNode(end)) {
    343346        splitTextAtEnd(start, end);
     
    345348        end = endPosition();
    346349    }
     350
     351    if (start.isNull() || end.isNull())
     352        return;
    347353
    348354    // Calculate loop end point.
     
    587593    }
    588594
     595    if (start.isNull() || end.isNull())
     596        return;
     597
    589598    // split the end node and containing element if the selection ends inside of it
    590599    bool splitEnd = isValidCaretPositionInTextNode(end);
     
    598607        endDummySpanAncestor = dummySpanAncestorForNode(end.deprecatedNode());
    599608    }
     609
     610    if (start.isNull() || end.isNull())
     611        return;
    600612
    601613    // Remove style from the selection.
     
    650662        end = endPosition();
    651663    }
     664
     665    if (start.isNull() || end.isNull())
     666        return;
    652667
    653668    // update document layout once before running the rest of the function
Note: See TracChangeset for help on using the changeset viewer.