Changeset 221128 in webkit


Ignore:
Timestamp:
Aug 23, 2017, 9:12:55 PM (8 years ago)
Author:
Wenson Hsieh
Message:

DeleteSelectionCommand should be robust when starting and ending editable positions cannot be found
https://bugs.webkit.org/show_bug.cgi?id=175914
<rdar://problem/29792688>

Reviewed by Ryosuke Niwa.

Source/WebCore:

DeleteSelectionCommand can cause a null dereference if editable start and end positions are not found. This can
happen when attempting to delete after selecting the contents within a canvas or output element with read-write
-webkit-user-modify style. To fix this, we make the initialization step of the DeleteSelectionCommand robust
when editable start and end positions are missing.

Test: editing/execCommand/forward-delete-read-write-canvas.html

  • editing/DeleteSelectionCommand.cpp:

(WebCore::DeleteSelectionCommand::initializePositionData):

Make this initialization helper indicate failure via a bool return value. DeleteSelectionCommand::doApply bails
early if initializePositionData returned false.

(WebCore::DeleteSelectionCommand::doApply):

  • editing/DeleteSelectionCommand.h:

LayoutTests:

Adds a new LayoutTest. This test passes if WebKit successfully loaded the page.

  • editing/execCommand/forward-delete-read-write-canvas-expected.txt: Added.
  • editing/execCommand/forward-delete-read-write-canvas.html: Added.
Location:
trunk
Files:
2 added
4 edited

Legend:

Unmodified
Added
Removed

  • TabularUnified trunk/LayoutTests/ChangeLog

    r221115 r221128  
     12017-08-23  Wenson Hsieh  <wenson_hsieh@apple.com>
     2
     3        DeleteSelectionCommand should be robust when starting and ending editable positions cannot be found
     4        https://bugs.webkit.org/show_bug.cgi?id=175914
     5        <rdar://problem/29792688>
     6
     7        Reviewed by Ryosuke Niwa.
     8
     9        Adds a new LayoutTest. This test passes if WebKit successfully loaded the page.
     10
     11        * editing/execCommand/forward-delete-read-write-canvas-expected.txt: Added.
     12        * editing/execCommand/forward-delete-read-write-canvas.html: Added.
     13
    1142017-08-23  Matt Lewis  <jlewis3@apple.com>
    215

  • TabularUnified trunk/Source/WebCore/ChangeLog

    r221123 r221128  
     12017-08-23  Wenson Hsieh  <wenson_hsieh@apple.com>
     2
     3        DeleteSelectionCommand should be robust when starting and ending editable positions cannot be found
     4        https://bugs.webkit.org/show_bug.cgi?id=175914
     5        <rdar://problem/29792688>
     6
     7        Reviewed by Ryosuke Niwa.
     8
     9        DeleteSelectionCommand can cause a null dereference if editable start and end positions are not found. This can
     10        happen when attempting to delete after selecting the contents within a canvas or output element with `read-write`
     11        `-webkit-user-modify` style. To fix this, we make the initialization step of the DeleteSelectionCommand robust
     12        when editable start and end positions are missing.
     13
     14        Test: editing/execCommand/forward-delete-read-write-canvas.html
     15
     16        * editing/DeleteSelectionCommand.cpp:
     17        (WebCore::DeleteSelectionCommand::initializePositionData):
     18
     19        Make this initialization helper indicate failure via a bool return value. DeleteSelectionCommand::doApply bails
     20        early if initializePositionData returned false.
     21
     22        (WebCore::DeleteSelectionCommand::doApply):
     23        * editing/DeleteSelectionCommand.h:
     24
    1252017-08-23  Youenn Fablet  <youenn@apple.com>
    226

  • TabularUnified trunk/Source/WebCore/editing/DeleteSelectionCommand.cpp

    r216233 r221128  
    173173}
    174174   
    175 void DeleteSelectionCommand::initializePositionData()
     175bool DeleteSelectionCommand::initializePositionData()
    176176{
    177177    Position start, end;
     
    182182    if (!isEditablePosition(end, ContentIsEditable))
    183183        end = lastEditablePositionBeforePositionInRoot(end, highestEditableRoot(start));
     184
     185    if (start.isNull() || end.isNull())
     186        return false;
    184187
    185188    m_upstreamStart = start.upstream();
     
    273276    m_startBlock = enclosingNodeOfType(m_downstreamStart.parentAnchoredEquivalent(), &isBlock, CanCrossEditingBoundary);
    274277    m_endBlock = enclosingNodeOfType(m_upstreamEnd.parentAnchoredEquivalent(), &isBlock, CanCrossEditingBoundary);
     278
     279    return true;
    275280}
    276281
     
    858863   
    859864    // set up our state
    860     initializePositionData();
     865    if (!initializePositionData())
     866        return;
    861867
    862868    // Delete any text that may hinder our ability to fixup whitespace after the delete

  • TabularUnified trunk/Source/WebCore/editing/DeleteSelectionCommand.h

    r216233 r221128  
    5555    void initializeStartEnd(Position&, Position&);
    5656    void setStartingSelectionOnSmartDelete(const Position&, const Position&);
    57     void initializePositionData();
     57    bool initializePositionData();
    5858    void saveTypingStyleState();
    5959    void insertPlaceholderForAncestorBlockContent();
Note: See TracChangeset for help on using the changeset viewer.