Changeset 84320 in webkit


Ignore:
Timestamp:
Apr 19, 2011 5:23:51 PM (13 years ago)
Author:
rniwa@webkit.org
Message:

2011-04-19 Ryosuke Niwa <rniwa@webkit.org>

Reviewed by Ojan Vafai.

REGRESSION(r83967): Crash in selectionExtentRespectingEditingBoundary
https://bugs.webkit.org/show_bug.cgi?id=58910

The crash was caused by selectionExtentRespectingEditingBoundary's incorrectly assuming that
targetNode always have renderer when there selection has an editable root and the target node
is outside of the editable root.


Fixed the bug by adding an early exit when the target node is null.

No new tests are added since we don't have a reduction for this crash.

  • page/EventHandler.cpp: (WebCore::selectionExtentRespectingEditingBoundary):
Location:
trunk/Source/WebCore
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r84319 r84320  
     12011-04-19  Ryosuke Niwa  <rniwa@webkit.org>
     2
     3        Reviewed by Ojan Vafai.
     4
     5        REGRESSION(r83967): Crash in selectionExtentRespectingEditingBoundary
     6        https://bugs.webkit.org/show_bug.cgi?id=58910
     7
     8        The crash was caused by selectionExtentRespectingEditingBoundary's incorrectly assuming that
     9        targetNode always have renderer when there selection has an editable root and the target node
     10        is outside of the editable root.
     11       
     12        Fixed the bug by adding an early exit when the target node is null.
     13
     14        No new tests are added since we don't have a reduction for this crash.
     15
     16        * page/EventHandler.cpp:
     17        (WebCore::selectionExtentRespectingEditingBoundary):
     18
    1192011-04-19  Geoffrey Garen  <ggaren@apple.com>
    220

  • trunk/Source/WebCore/page/EventHandler.cpp

    r84217 r84320  
    627627    IntPoint selectionEndPoint = localPoint;
    628628    Element* editableElement = selection.rootEditableElement();
    629     Node* selectionEndNode = targetNode;
     629
     630    if (!targetNode->renderer())
     631        return VisiblePosition();
    630632
    631633    if (editableElement && !editableElement->contains(targetNode)) {
    632         selectionEndNode = editableElement;
    633 
    634         if (!selectionEndNode->renderer())
     634        if (!editableElement->renderer())
    635635            return VisiblePosition();
    636636
    637637        FloatPoint absolutePoint = targetNode->renderer()->localToAbsolute(FloatPoint(selectionEndPoint));
    638         selectionEndPoint = roundedIntPoint(selectionEndNode->renderer()->absoluteToLocal(absolutePoint));
    639     }
    640 
    641     if (!selectionEndNode->renderer())
    642         return VisiblePosition();
    643 
    644     return selectionEndNode->renderer()->positionForPoint(selectionEndPoint);
     638        selectionEndPoint = roundedIntPoint(editableElement->renderer()->absoluteToLocal(absolutePoint));
     639        targetNode = editableElement;
     640    }
     641
     642    return targetNode->renderer()->positionForPoint(selectionEndPoint);
    645643}
    646644
Note: See TracChangeset for help on using the changeset viewer.