Changeset 192170 in webkit
- Timestamp:
- Nov 9, 2015 12:11:30 PM (9 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 7 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r192169 r192170 1 2015-11-09 Jiewen Tan <jiewen_tan@apple.com> 2 3 Null dereference loading Blink layout test editing/inserting/insert-html-crash-01.html 4 https://bugs.webkit.org/show_bug.cgi?id=149298 5 <rdar://problem/22746918> 6 7 Reviewed by Ryosuke Niwa. 8 9 This test case is from Blink r153982: 10 https://codereview.chromium.org/16053005 11 12 * editing/inserting/insert-html-crash-01-expected.txt: Added. 13 * editing/inserting/insert-html-crash-01.html: Added. 14 1 15 2015-11-09 Myles C. Maxfield <mmaxfield@apple.com> 2 16 -
trunk/Source/WebCore/ChangeLog
r192169 r192170 1 2015-11-09 Jiewen Tan <jiewen_tan@apple.com> 2 3 Null dereference loading Blink layout test editing/inserting/insert-html-crash-01.html 4 https://bugs.webkit.org/show_bug.cgi?id=149298 5 <rdar://problem/22746918> 6 7 Reviewed by Ryosuke Niwa. 8 9 The test crashes in the method WebCore::CompositeEditCommand::moveParagraphs() because 10 the other method WebCore::CompositeEditCommand::cleanupAfterDeletion() accidentally 11 deletes the destination node. In WebCore::CompositeEditCommand::cleanupAfterDeletion(), 12 it fails to determine that caretAfterDelete equals to destination as Position::operator==, 13 which is called in VisiblePosition::operator==, only checks the equality of tuple 14 <Anchor Node, Anchor Type, Offset>. It is insufficient as a single position can be 15 represented by multiple tuples. Therefore, this change adds Position::equals() to fortify 16 the equal checking of two positions by considering combinations of different tuple 17 representations. 18 19 Furthermore, it adds VisiblePosition::equals() which considers affinity and call 20 Position::equals() while comparing two visible positions. 21 22 Test: editing/inserting/insert-html-crash-01.html 23 24 * dom/Position.cpp: 25 (WebCore::Position::equals): 26 * dom/Position.h: 27 * editing/CompositeEditCommand.cpp: 28 (WebCore::CompositeEditCommand::cleanupAfterDeletion): 29 Replace operator== with VisiblePosition::equals() to tackle the test case. 30 * editing/VisiblePosition.cpp: 31 (WebCore::VisiblePosition::equals): 32 * editing/VisiblePosition.h: 33 1 34 2015-11-09 Myles C. Maxfield <mmaxfield@apple.com> 2 35 -
trunk/Source/WebCore/dom/Position.cpp
r191738 r192170 1454 1454 #endif 1455 1455 1456 bool Position::equals(const Position& other) const 1457 { 1458 if (!m_anchorNode) 1459 return !m_anchorNode == !other.m_anchorNode; 1460 if (!other.m_anchorNode) 1461 return false; 1462 1463 switch (anchorType()) { 1464 case PositionIsBeforeChildren: 1465 ASSERT(!m_anchorNode->isTextNode()); 1466 switch (other.anchorType()) { 1467 case PositionIsBeforeChildren: 1468 ASSERT(!other.m_anchorNode->isTextNode()); 1469 return m_anchorNode == other.m_anchorNode; 1470 case PositionIsAfterChildren: 1471 ASSERT(!other.m_anchorNode->isTextNode()); 1472 return m_anchorNode == other.m_anchorNode && !m_anchorNode->hasChildNodes(); 1473 case PositionIsOffsetInAnchor: 1474 return m_anchorNode == other.m_anchorNode && !other.m_offset; 1475 case PositionIsBeforeAnchor: 1476 return m_anchorNode->firstChild() == other.m_anchorNode; 1477 case PositionIsAfterAnchor: 1478 return false; 1479 } 1480 break; 1481 case PositionIsAfterChildren: 1482 ASSERT(!m_anchorNode->isTextNode()); 1483 switch (other.anchorType()) { 1484 case PositionIsBeforeChildren: 1485 ASSERT(!other.m_anchorNode->isTextNode()); 1486 return m_anchorNode == other.m_anchorNode && !m_anchorNode->hasChildNodes(); 1487 case PositionIsAfterChildren: 1488 ASSERT(!other.m_anchorNode->isTextNode()); 1489 return m_anchorNode == other.m_anchorNode; 1490 case PositionIsOffsetInAnchor: 1491 return m_anchorNode == other.m_anchorNode && m_anchorNode->countChildNodes() == static_cast<unsigned>(m_offset); 1492 case PositionIsBeforeAnchor: 1493 return false; 1494 case PositionIsAfterAnchor: 1495 return m_anchorNode->lastChild() == other.m_anchorNode; 1496 } 1497 break; 1498 case PositionIsOffsetInAnchor: 1499 switch (other.anchorType()) { 1500 case PositionIsBeforeChildren: 1501 ASSERT(!other.m_anchorNode->isTextNode()); 1502 return m_anchorNode == other.m_anchorNode && !m_offset; 1503 case PositionIsAfterChildren: 1504 ASSERT(!other.m_anchorNode->isTextNode()); 1505 return m_anchorNode == other.m_anchorNode && m_offset == static_cast<int>(other.m_anchorNode->countChildNodes()); 1506 case PositionIsOffsetInAnchor: 1507 return m_anchorNode == other.m_anchorNode && m_offset == other.m_offset; 1508 case PositionIsBeforeAnchor: 1509 return m_anchorNode->traverseToChildAt(m_offset) == other.m_anchorNode; 1510 case PositionIsAfterAnchor: 1511 return m_offset && m_anchorNode->traverseToChildAt(m_offset - 1) == other.m_anchorNode; 1512 } 1513 break; 1514 case PositionIsBeforeAnchor: 1515 switch (other.anchorType()) { 1516 case PositionIsBeforeChildren: 1517 ASSERT(!other.m_anchorNode->isTextNode()); 1518 return m_anchorNode == other.m_anchorNode->firstChild(); 1519 case PositionIsAfterChildren: 1520 ASSERT(!other.m_anchorNode->isTextNode()); 1521 return false; 1522 case PositionIsOffsetInAnchor: 1523 return m_anchorNode == other.m_anchorNode->traverseToChildAt(other.m_offset); 1524 case PositionIsBeforeAnchor: 1525 return m_anchorNode == other.m_anchorNode; 1526 case PositionIsAfterAnchor: 1527 return m_anchorNode->previousSibling() == other.m_anchorNode; 1528 } 1529 break; 1530 case PositionIsAfterAnchor: 1531 switch (other.anchorType()) { 1532 case PositionIsBeforeChildren: 1533 ASSERT(!other.m_anchorNode->isTextNode()); 1534 return false; 1535 case PositionIsAfterChildren: 1536 ASSERT(!other.m_anchorNode->isTextNode()); 1537 return m_anchorNode == other.m_anchorNode->lastChild(); 1538 case PositionIsOffsetInAnchor: 1539 return other.m_offset && m_anchorNode == other.m_anchorNode->traverseToChildAt(other.m_offset - 1); 1540 case PositionIsBeforeAnchor: 1541 return m_anchorNode->nextSibling() == other.m_anchorNode; 1542 case PositionIsAfterAnchor: 1543 return m_anchorNode == other.m_anchorNode; 1544 } 1545 break; 1546 } 1547 1548 ASSERT_NOT_REACHED(); 1549 return false; 1550 } 1551 1456 1552 } // namespace WebCore 1457 1553 -
trunk/Source/WebCore/dom/Position.h
r191955 r192170 208 208 void showTreeForThis() const; 209 209 #endif 210 210 211 // This is a tentative enhancement of operator== to account for different position types. 212 // FIXME: Combine this function with operator== 213 bool equals(const Position&) const; 211 214 private: 212 215 WEBCORE_EXPORT int offsetForPositionAfterAnchor() const; -
trunk/Source/WebCore/editing/CompositeEditCommand.cpp
r191671 r192170 1121 1121 { 1122 1122 VisiblePosition caretAfterDelete = endingSelection().visibleStart(); 1123 if ( caretAfterDelete != destination&& isStartOfParagraph(caretAfterDelete) && isEndOfParagraph(caretAfterDelete)) {1123 if (!caretAfterDelete.equals(destination) && isStartOfParagraph(caretAfterDelete) && isEndOfParagraph(caretAfterDelete)) { 1124 1124 // Note: We want the rightmost candidate. 1125 1125 Position position = caretAfterDelete.deepEquivalent().downstream(); -
trunk/Source/WebCore/editing/VisiblePosition.cpp
r191671 r192170 744 744 } 745 745 746 bool VisiblePosition::equals(const VisiblePosition& other) const 747 { 748 return m_affinity == other.m_affinity && m_deepPosition.equals(other.m_deepPosition); 749 } 750 746 751 } // namespace WebCore 747 752 -
trunk/Source/WebCore/editing/VisiblePosition.h
r182207 r192170 101 101 WEBCORE_EXPORT int lineDirectionPointForBlockDirectionNavigation() const; 102 102 103 // This is a tentative enhancement of operator== to account for affinity. 104 // FIXME: Combine this function with operator== 105 bool equals(const VisiblePosition&) const; 106 103 107 #if ENABLE(TREE_DEBUGGING) 104 108 void debugPosition(const char* msg = "") const;
Note: See TracChangeset
for help on using the changeset viewer.