Changeset 88685 in webkit


Ignore:
Timestamp:
Jun 13, 2011 1:46:24 PM (13 years ago)
Author:
rniwa@webkit.org
Message:

2011-06-13 Ryosuke Niwa <rniwa@webkit.org>

Reviewed by Dan Bernstein.

REGRESSION (r81518): Crash in makeRange() when invoking the dictionary panel over a file input
https://bugs.webkit.org/show_bug.cgi?id=62544

Fixed the crash by adding null pointer checks.

No new tests since there's no way to open dictionary panel.

  • dom/Position.cpp: (WebCore::Position::parentAnchoredEquivalent):
  • editing/VisiblePosition.cpp: (WebCore::makeRange):
  • page/Frame.cpp: (WebCore::Frame::rangeForPoint):
Location:
trunk/Source/WebCore
Files:
4 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r88682 r88685  
     12011-06-13  Ryosuke Niwa  <rniwa@webkit.org>
     2
     3        Reviewed by Dan Bernstein.
     4
     5        REGRESSION (r81518): Crash in makeRange() when invoking the dictionary panel over a file input
     6        https://bugs.webkit.org/show_bug.cgi?id=62544
     7
     8        Fixed the crash by adding null pointer checks.
     9
     10        No new tests since there's no way to open dictionary panel.
     11
     12        * dom/Position.cpp:
     13        (WebCore::Position::parentAnchoredEquivalent):
     14        * editing/VisiblePosition.cpp:
     15        (WebCore::makeRange):
     16        * page/Frame.cpp:
     17        (WebCore::Frame::rangeForPoint):
     18
    1192011-06-13  Adam Barth  <abarth@webkit.org>
    220

  • trunk/Source/WebCore/dom/Position.cpp

    r88476 r88685  
    175175    }
    176176    if (!m_anchorNode->offsetInCharacters() && (m_anchorType == PositionIsAfterAnchor || static_cast<unsigned>(m_offset) == m_anchorNode->childNodeCount())
    177         && (editingIgnoresContent(m_anchorNode.get()) || isTableElement(m_anchorNode.get()))) {
     177        && (editingIgnoresContent(m_anchorNode.get()) || isTableElement(m_anchorNode.get()))
     178        && containerNode()) {
    178179        return positionInParentAfterNode(m_anchorNode.get());
    179180    }

  • trunk/Source/WebCore/editing/VisiblePosition.cpp

    r84919 r88685  
    633633    Position s = start.deepEquivalent().parentAnchoredEquivalent();
    634634    Position e = end.deepEquivalent().parentAnchoredEquivalent();
     635    if (s.isNull() || e.isNull())
     636        return 0;
     637
    635638    return Range::create(s.containerNode()->document(), s.containerNode(), s.offsetInContainerNode(), e.containerNode(), e.offsetInContainerNode());
    636639}

  • trunk/Source/WebCore/page/Frame.cpp

    r86601 r88685  
    899899
    900900    VisiblePosition next = position.next();
    901     if (next.isNotNull()) {
    902         RefPtr<Range> nextCharacterRange = makeRange(position, next);
     901    if (RefPtr<Range> nextCharacterRange = makeRange(position, next)) {
    903902        IntRect rect = editor()->firstRectForRange(nextCharacterRange.get());
    904903        if (rect.contains(framePoint))
Note: See TracChangeset for help on using the changeset viewer.