Changeset 259624 in webkit


Ignore:
Timestamp:
Apr 6, 2020 11:29:24 PM (4 years ago)
Author:
Jack Lee
Message:

Nullptr crash in CompositeEditCommand::splitTreeToNode when inserting image in anchor element that has uneditable parent
https://bugs.webkit.org/show_bug.cgi?id=210004
<rdar://problem/61206583>

Reviewed by Ryosuke Niwa.

Source/WebCore:

RemoveNodePreservingChildren can fail and leave the children dangling if the parent of the node
is uneditable. Added editability check for the to-be-removed node.

Test: editing/inserting/insert-img-anchor-uneditable-parent.html

  • editing/RemoveNodePreservingChildrenCommand.cpp:

(WebCore::RemoveNodePreservingChildrenCommand::doApply):

LayoutTests:

Added a regression test for the crash.

  • editing/inserting/insert-img-anchor-uneditable-parent-expected.txt: Added.
  • editing/inserting/insert-img-anchor-uneditable-parent.html: Added.
Location:
trunk
Files:
2 added
3 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r259623 r259624  
     12020-04-06  Jack Lee  <shihchieh_lee@apple.com>
     2
     3        Nullptr crash in CompositeEditCommand::splitTreeToNode when inserting image in anchor element that has uneditable parent
     4        https://bugs.webkit.org/show_bug.cgi?id=210004
     5        <rdar://problem/61206583>
     6
     7        Reviewed by Ryosuke Niwa.
     8
     9        Added a regression test for the crash.
     10
     11        * editing/inserting/insert-img-anchor-uneditable-parent-expected.txt: Added.
     12        * editing/inserting/insert-img-anchor-uneditable-parent.html: Added.
     13
    1142020-04-06  Lauro Moura  <lmoura@igalia.com>
    215
  • trunk/Source/WebCore/ChangeLog

    r259620 r259624  
     12020-04-06  Jack Lee  <shihchieh_lee@apple.com>
     2
     3        Nullptr crash in CompositeEditCommand::splitTreeToNode when inserting image in anchor element that has uneditable parent
     4        https://bugs.webkit.org/show_bug.cgi?id=210004
     5        <rdar://problem/61206583>
     6
     7        Reviewed by Ryosuke Niwa.
     8
     9        RemoveNodePreservingChildren can fail and leave the children dangling if the parent of the node
     10        is uneditable. Added editability check for the to-be-removed node.
     11
     12        Test: editing/inserting/insert-img-anchor-uneditable-parent.html
     13
     14        * editing/RemoveNodePreservingChildrenCommand.cpp:
     15        (WebCore::RemoveNodePreservingChildrenCommand::doApply):
     16
    1172020-04-06  David Kilzer  <ddkilzer@apple.com>
    218
  • trunk/Source/WebCore/editing/RemoveNodePreservingChildrenCommand.cpp

    r216233 r259624  
    4242{
    4343    Vector<Ref<Node>> children;
     44    auto parent = makeRefPtr(m_node->parentNode());
     45    if (!parent || (m_shouldAssumeContentIsAlwaysEditable == DoNotAssumeContentIsAlwaysEditable && !isEditableNode(*parent)))
     46        return;
     47
    4448    for (Node* child = m_node->firstChild(); child; child = child->nextSibling())
    4549        children.append(*child);
Note: See TracChangeset for help on using the changeset viewer.