Changeset 275652 in webkit
- Timestamp:
- Apr 7, 2021 10:21:10 PM (3 years ago)
- Location:
- trunk
- Files:
-
- 2 added
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/LayoutTests/ChangeLog
r275621 r275652 1 2021-04-07 Julian Gonzalez <julian_a_gonzalez@apple.com> 2 3 Nullptr dereference in ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline 4 https://bugs.webkit.org/show_bug.cgi?id=224259 5 6 Reviewed by Ryosuke Niwa. 7 8 Add a test to catch the editing crash fixed here; thanks to Tuomas Karkkainen 9 for its basic structure. 10 11 * editing/inserting/insert-display-contents-crash-expected.txt: Added. 12 * editing/inserting/insert-display-contents-crash.html: Added. 13 1 14 2021-04-07 Robert Jenner <jenner@apple.com> 2 15 -
trunk/Source/WebCore/ChangeLog
r275651 r275652 1 2021-04-07 Julian Gonzalez <julian_a_gonzalez@apple.com> 2 3 Nullptr dereference in ReplaceSelectionCommand::removeRedundantStylesAndKeepStyleSpanInline 4 https://bugs.webkit.org/show_bug.cgi?id=224259 5 6 Reviewed by Ryosuke Niwa. 7 8 When pruning after removing the end <br> in ReplaceSelectionCommand::doApply(), make sure 9 that insertedNodes is updated properly (given that we may be removing an ancestor 10 of the start or end of insertedNodes). 11 12 Test: editing/inserting/insert-display-contents-crash.html 13 14 * editing/ReplaceSelectionCommand.cpp: 15 (WebCore::ReplaceSelectionCommand::InsertedNodes::willRemovePossibleAncestorNode): 16 (WebCore::ReplaceSelectionCommand::InsertedNodes::willRemoveNode): 17 (WebCore::ReplaceSelectionCommand::doApply): 18 * editing/ReplaceSelectionCommand.h: 19 1 20 2021-04-07 Jean-Yves Avenard <jya@apple.com> 2 21 -
trunk/Source/WebCore/editing/ReplaceSelectionCommand.cpp
r275410 r275652 401 401 } 402 402 403 inline void ReplaceSelectionCommand::InsertedNodes::willRemovePossibleAncestorNode(Node* node) 404 { 405 bool containsFirstNode = node->contains(m_firstNodeInserted.get()); 406 bool containsLastNode = node->contains(m_lastNodeInserted.get()); 407 if (containsFirstNode && containsLastNode) { 408 m_firstNodeInserted = nullptr; 409 m_lastNodeInserted = nullptr; 410 return; 411 } 412 413 if (containsLastNode) 414 m_lastNodeInserted = NodeTraversal::previousSkippingChildren(*node); 415 else if (containsFirstNode) 416 m_firstNodeInserted = NodeTraversal::nextSkippingChildren(*node); 417 418 if (!m_lastNodeInserted) 419 m_lastNodeInserted = m_firstNodeInserted; 420 else if (!m_firstNodeInserted) 421 m_firstNodeInserted = m_lastNodeInserted; 422 else if (m_firstNodeInserted->isDescendantOf(m_lastNodeInserted.get())) 423 std::swap(m_firstNodeInserted, m_lastNodeInserted); 424 } 425 403 426 inline void ReplaceSelectionCommand::InsertedNodes::willRemoveNode(Node* node) 404 427 { 428 ASSERT(!m_firstNodeInserted || !m_firstNodeInserted->isDescendantOf(node)); 429 ASSERT(!m_lastNodeInserted || !m_lastNodeInserted->isDescendantOf(node)); 430 405 431 if (m_firstNodeInserted == node && m_lastNodeInserted == node) { 406 432 m_firstNodeInserted = nullptr; … … 1304 1330 document().updateLayoutIgnorePendingStylesheets(); 1305 1331 if (auto nodeToRemove = makeRefPtr(highestNodeToRemoveInPruning(parent.get()))) { 1306 insertedNodes.willRemove Node(nodeToRemove.get());1332 insertedNodes.willRemovePossibleAncestorNode(nodeToRemove.get()); 1307 1333 removeNode(*nodeToRemove); 1308 1334 } 1309 1335 } 1336 1337 if (insertedNodes.isEmpty()) 1338 return; 1310 1339 1311 1340 makeInsertedContentRoundTrippableWithHTMLTreeBuilder(insertedNodes); -
trunk/Source/WebCore/editing/ReplaceSelectionCommand.h
r265176 r275652 69 69 void respondToNodeInsertion(Node*); 70 70 void willRemoveNodePreservingChildren(Node*); 71 void willRemovePossibleAncestorNode(Node*); 71 72 void willRemoveNode(Node*); 72 73 void didReplaceNode(Node*, Node* newNode);
Note: See TracChangeset
for help on using the changeset viewer.