Changeset 202807 in webkit


Ignore:
Timestamp:
Jul 4, 2016 4:22:59 AM (8 years ago)
Author:
commit-queue@webkit.org
Message:

[GTK] Null WebCore::Range dereference in WebEditorClient::updateGlobalSelection
https://bugs.webkit.org/show_bug.cgi?id=159341

Patch by Fujii Hironori <Fujii Hironori> on 2016-07-04
Reviewed by Carlos Garcia Campos.

FrameSelection::toNormalizedRange() can return null. Null check is
needed.

Tests:

editing/input/set-value-on-input-and-delete.html
editing/selection/selection-in-iframe-removed-crash.html
imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/sizes/parse-a-sizes-attribute.html
imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-after-content-change.html
imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-not-application-textarea.html
imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-not-application.html

  • WebProcess/WebCoreSupport/gtk/WebEditorClientGtk.cpp:

(WebKit::WebEditorClient::updateGlobalSelection): Do not update
global selection if FrameSelection::toNormalizedRange() returns
null.

Location:
trunk/Source/WebKit2
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit2/ChangeLog

    r202801 r202807  
     12016-07-04  Fujii Hironori  <Hironori.Fujii@sony.com>
     2
     3        [GTK] Null WebCore::Range dereference in WebEditorClient::updateGlobalSelection
     4        https://bugs.webkit.org/show_bug.cgi?id=159341
     5
     6        Reviewed by Carlos Garcia Campos.
     7
     8        FrameSelection::toNormalizedRange() can return null. Null check is
     9        needed.
     10
     11        Tests:
     12            editing/input/set-value-on-input-and-delete.html
     13            editing/selection/selection-in-iframe-removed-crash.html
     14            imported/w3c/web-platform-tests/html/semantics/embedded-content/the-img-element/sizes/parse-a-sizes-attribute.html
     15            imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-after-content-change.html
     16            imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-not-application-textarea.html
     17            imported/w3c/web-platform-tests/html/semantics/forms/textfieldselection/selection-not-application.html
     18
     19        * WebProcess/WebCoreSupport/gtk/WebEditorClientGtk.cpp:
     20        (WebKit::WebEditorClient::updateGlobalSelection): Do not update
     21        global selection if FrameSelection::toNormalizedRange() returns
     22        null.
     23
    1242016-07-04  Fujii Hironori  <Hironori.Fujii@sony.com>
    225

  • trunk/Source/WebKit2/WebProcess/WebCoreSupport/gtk/WebEditorClientGtk.cpp

    r202105 r202807  
    166166    if (!frame->selection().isRange())
    167167        return;
     168    RefPtr<Range> range = frame->selection().toNormalizedRange();
     169    if (!range)
     170        return;
    168171
    169172    frameSettingClipboard = frame;
     
    175178    g_closure_set_marshal(callback.get(), g_cclosure_marshal_VOID__VOID);
    176179
    177     RefPtr<Range> range = frame->selection().toNormalizedRange();
    178180    PasteboardWebContent pasteboardContent;
    179181    pasteboardContent.canSmartCopyOrDelete = false;
Note: See TracChangeset for help on using the changeset viewer.