Changeset 256764 in webkit

Timestamp:

Feb 17, 2020 1:13:03 PM (4 years ago)

Author:

commit-queue@webkit.org

Message:

Null Ptr Deref @ WebCore::Node::Treescope
​https://bugs.webkit.org/show_bug.cgi?id=207748

Patch by Pinki Gyanchandani <​pgyanchandani@apple.com> on 2020-02-17
Reviewed by Darin Adler.

Source/WebCore:

Added a check for isTextField after updateLayoutIgnorePendingStylesheets as that could cause modification of input element type.

Test: editing/selection/ignore-selection-range-on-input-style-change.html

• html/HTMLTextFormControlElement.cpp:

(WebCore::HTMLTextFormControlElement::setSelectionRange):

LayoutTests:

Added a regression test provided by Ryosuke Niwa to verify the fix.

• editing/selection/ignore-selection-range-on-input-style-change-expected.txt: Added.
• editing/selection/ignore-selection-range-on-input-style-change.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/editing/selection/ignore-selection-range-on-input-style-change-expected.txt (added)
• LayoutTests/editing/selection/ignore-selection-range-on-input-style-change.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/html/HTMLTextFormControlElement.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2020-02-17  Pinki Gyanchandani  <pgyanchandani@apple.com>
+
+        Null Ptr Deref @ WebCore::Node::Treescope
+        https://bugs.webkit.org/show_bug.cgi?id=207748
+
+        Reviewed by Darin Adler.
+
+        Added a regression test provided by Ryosuke Niwa to verify the fix.
+
+        * editing/selection/ignore-selection-range-on-input-style-change-expected.txt: Added.
+        * editing/selection/ignore-selection-range-on-input-style-change.html: Added.
+
 2020-02-17  Zalan Bujtas  <zalan@apple.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2020-02-17  Pinki Gyanchandani  <pgyanchandani@apple.com>
+
+        Null Ptr Deref @ WebCore::Node::Treescope
+        https://bugs.webkit.org/show_bug.cgi?id=207748
+
+        Reviewed by Darin Adler.
+
+        Added a check for isTextField after updateLayoutIgnorePendingStylesheets as that could cause modification of input element type.
+
+        Test: editing/selection/ignore-selection-range-on-input-style-change.html
+
+        * html/HTMLTextFormControlElement.cpp:
+        (WebCore::HTMLTextFormControlElement::setSelectionRange):
+
 2020-02-17  Youenn Fablet  <youenn@apple.com>
 

trunk/Source/WebCore/html/HTMLTextFormControlElement.cpp

@@ -304 +304 @@
         // FIXME: Removing this synchronous layout requires fixing setSelectionWithoutUpdatingAppearance not needing up-to-date style.
         document().updateLayoutIgnorePendingStylesheets();
+        
+        if (!isTextField())
+            return;
 
         // Double-check the state of innerTextElement after the layout.