Changeset 91077 in webkit

Timestamp:

Jul 15, 2011 10:23:54 AM (13 years ago)

Author:

xji@chromium.org

Message:

--webkit-visual-word crash on mixed editability
​https://bugs.webkit.org/show_bug.cgi?id=61978

--webkit-visual-word crashes (VisiblePosition.getInlineBoxAndOffset could return null box)
​https://bugs.webkit.org/show_bug.cgi?id=62814

Reviewed by Ryosuke Niwa.

Source/WebCore:

Replace previousWordPosition/nextWordPosition with previousBoundary/nextBoundary which do
not honor editable bounary. Honor editable boundary as the last stage of leftWordPosition
and rightWordPosition.

Check previousBoundary/nextBoundary against NULL. Have a static function to encapsulate the
usage of getInlineBoxAndOffset and check the visible position is not NULL before passing to
getInlineBoxAndOffset. Check the box returned from getInlineBoxAndOffset is not NULL before
accessing.

Test: editing/selection/move-by-word-visually-null-box.html

• editing/visible_units.cpp:

(WebCore::positionIsInBox):
(WebCore::previousWordBreakInBoxInsideBlockWithSameDirectionality):
(WebCore::lastWordBreakInBox):
(WebCore::positionIsVisuallyOrderedInBoxInBlockWithDifferentDirectionality):
(WebCore::nextWordBreakInBoxInsideBlockWithDifferentDirectionality):
(WebCore::positionIsInsideBox):
(WebCore::leftWordPositionAcrossBoundary):
(WebCore::rightWordPositionAcrossBoundary):
(WebCore::leftWordPosition):
(WebCore::rightWordPosition):

LayoutTests:

Add a standalone test for testing getInlineBoxAndOffset returning null box.

• editing/selection/move-by-word-visually-null-box-expected.txt: Added.
• editing/selection/move-by-word-visually-null-box.html: Added.
• editing/selection/move-by-word-visually-others-expected.txt:
• editing/selection/move-by-word-visually-others.html:

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/editing/selection/move-by-word-visually-null-box-expected.txt (added)
• LayoutTests/editing/selection/move-by-word-visually-null-box.html (added)
• LayoutTests/editing/selection/move-by-word-visually-others-expected.txt (modified) (1 diff)
• LayoutTests/editing/selection/move-by-word-visually-others.html (modified) (1 diff)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/editing/visible_units.cpp (modified) (10 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2011-07-15  Xiaomei Ji  <xji@chromium.org>
+
+        --webkit-visual-word crash on mixed editability
+        https://bugs.webkit.org/show_bug.cgi?id=61978
+
+        --webkit-visual-word crashes (VisiblePosition.getInlineBoxAndOffset could return null box)
+        https://bugs.webkit.org/show_bug.cgi?id=62814
+
+        Reviewed by Ryosuke Niwa.
+
+        Add a standalone test for testing getInlineBoxAndOffset returning null box.
+
+        * editing/selection/move-by-word-visually-null-box-expected.txt: Added.
+        * editing/selection/move-by-word-visually-null-box.html: Added.
+        * editing/selection/move-by-word-visually-others-expected.txt:
+        * editing/selection/move-by-word-visually-others.html:
+
 2011-07-15  Stephen White  <senorblanco@chromium.org>
 

trunk/LayoutTests/editing/selection/move-by-word-visually-others-expected.txt

@@ -222 +222 @@
 Move left by one word
 "䤫䡱暘倎厘    疂崝烵     abc def"[24, 21, 17, 11, 10, 9, 4, 3, 2, 1, 0]
+Test 44, LTR:
+Move right by one word
+"abc def "[0, 4]
+Move left by one word
+" hij opq"[8, 5, 1]
+Test 45, LTR:
+Move right by one word
+"\n00"[3]
+Move left by one word
+"\n00"[3, 1]
 

trunk/LayoutTests/editing/selection/move-by-word-visually-others.html

@@ -89 +89 @@
 <div style="white-space:pre" contenteditable dir=ltr class="test_move_by_word" title="0 1 2 3 4 9 10 11 17 21|24 21 17 11 10 9 4 3 2 1 0">人一氧喝大    笑抬的     abc def</div>
 
+<!-- mixed editability -->
+<div dir=ltr class="test_move_by_word" title="0 4|8 5 1">abc def <span contenteditable> inside span </span> hij opq</div>
+
+<div dir=ltr contenteditable></div>
+00<base dir=ltr class="test_move_by_word" title="3|3 1">
+
 </div>
 <pre id="console"></pre>

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2011-07-15  Xiaomei Ji  <xji@chromium.org>
+
+        --webkit-visual-word crash on mixed editability
+        https://bugs.webkit.org/show_bug.cgi?id=61978
+
+        --webkit-visual-word crashes (VisiblePosition.getInlineBoxAndOffset could return null box)
+        https://bugs.webkit.org/show_bug.cgi?id=62814
+
+        Reviewed by Ryosuke Niwa.
+
+        Replace previousWordPosition/nextWordPosition with previousBoundary/nextBoundary which do
+        not honor editable bounary. Honor editable boundary as the last stage of leftWordPosition
+        and rightWordPosition.
+
+        Check previousBoundary/nextBoundary against NULL.  Have a static function to encapsulate the
+        usage of getInlineBoxAndOffset and check the visible position is not NULL before passing to 
+        getInlineBoxAndOffset. Check the box returned from getInlineBoxAndOffset is not NULL before
+        accessing.
+
+        Test: editing/selection/move-by-word-visually-null-box.html
+
+        * editing/visible_units.cpp:
+        (WebCore::positionIsInBox):
+        (WebCore::previousWordBreakInBoxInsideBlockWithSameDirectionality):
+        (WebCore::lastWordBreakInBox):
+        (WebCore::positionIsVisuallyOrderedInBoxInBlockWithDifferentDirectionality):
+        (WebCore::nextWordBreakInBoxInsideBlockWithDifferentDirectionality):
+        (WebCore::positionIsInsideBox):
+        (WebCore::leftWordPositionAcrossBoundary):
+        (WebCore::rightWordPositionAcrossBoundary):
+        (WebCore::leftWordPosition):
+        (WebCore::rightWordPosition):
+
 2011-07-15  Pratik Solanki  <psolanki@apple.com>
 

trunk/Source/WebCore/editing/visible_units.cpp

@@ -1174 +1174 @@
 static const int invalidOffset = -1;
 
+static bool positionIsInBox(const VisiblePosition& wordBreak, const InlineBox* box, int& offsetOfWordBreak)
+{
+    if (wordBreak.isNull())
+        return false;
+
+    InlineBox* boxOfWordBreak;
+    wordBreak.getInlineBoxAndOffset(boxOfWordBreak, offsetOfWordBreak);
+    return box == boxOfWordBreak;
+}
+
 static VisiblePosition previousWordBreakInBoxInsideBlockWithSameDirectionality(const InlineBox* box, const VisiblePosition& previousWordBreak, int& offsetOfWordBreak)
 {
@@ -1202 +1212 @@
             || (!box->isLeftToRightDirection() && box->prevLeafChild())) {
     
-            VisiblePosition positionAfterWord = nextWordPosition(wordBreak);
-            VisiblePosition positionBeforeWord = previousWordPosition(positionAfterWord);
-        
-            InlineBox* boxContainingPreviousWordBreak;
-            positionBeforeWord.getInlineBoxAndOffset(boxContainingPreviousWordBreak, offsetOfWordBreak);
-        
-            if (boxContainingPreviousWordBreak == box)
-                return positionBeforeWord;
+            VisiblePosition positionAfterWord = nextBoundary(wordBreak, nextWordPositionBoundary);
+            if (positionAfterWord.isNotNull()) {
+                VisiblePosition positionBeforeWord = previousBoundary(positionAfterWord, previousWordPositionBoundary);
+            
+                if (positionIsInBox(positionBeforeWord, box, offsetOfWordBreak))
+                    return positionBeforeWord;
+            }
         }
     }
   
-    wordBreak = previousWordPosition(wordBreak);
+    wordBreak = previousBoundary(wordBreak, previousWordPositionBoundary);
     if (previousWordBreak == wordBreak)
         return VisiblePosition();
 
-    InlineBox* boxContainingPreviousWordBreak;
-    wordBreak.getInlineBoxAndOffset(boxContainingPreviousWordBreak, offsetOfWordBreak);
-    if (boxContainingPreviousWordBreak != box)
-        return VisiblePosition();
-    return wordBreak;
+    return positionIsInBox(wordBreak, box, offsetOfWordBreak) ? wordBreak : VisiblePosition();
 }
 
@@ -1288 +1293 @@
         return VisiblePosition();            
 
-    VisiblePosition wordBreak = nextWordPosition(boundaryPosition);
-    if (wordBreak != boundaryPosition)
-        wordBreak = previousWordPosition(wordBreak);
-
-    InlineBox* boxOfWordBreak;
-    wordBreak.getInlineBoxAndOffset(boxOfWordBreak, offsetOfWordBreak);
-    if (boxOfWordBreak == box)
-        return wordBreak;
-    return VisiblePosition();    
+    VisiblePosition wordBreak = nextBoundary(boundaryPosition, nextWordPositionBoundary);
+    if (wordBreak.isNull())
+        wordBreak = boundaryPosition;
+    else if (wordBreak != boundaryPosition)
+        wordBreak = previousBoundary(wordBreak, previousWordPositionBoundary);
+
+    return positionIsInBox(wordBreak, box, offsetOfWordBreak) ? wordBreak : VisiblePosition();    
 }
 
@@ -1302 +1305 @@
 {
     int previousOffset = offsetOfWordBreak;
-    InlineBox* boxOfWordBreak;
-    wordBreak.getInlineBoxAndOffset(boxOfWordBreak, offsetOfWordBreak);
-    if (boxOfWordBreak == box && (previousOffset == invalidOffset || previousOffset < offsetOfWordBreak))
-        return true;
-    return false;
+    return positionIsInBox(wordBreak, box, offsetOfWordBreak)
+        && (previousOffset == invalidOffset || previousOffset < offsetOfWordBreak);
 }
     
@@ -1322 +1322 @@
     bool hasSeenWordBreakInThisBox = previousWordBreak.isNotNull();
     VisiblePosition wordBreak = hasSeenWordBreakInThisBox ? previousWordBreak : Position(box->renderer()->node(), box->caretMinOffset(), Position::PositionIsOffsetInAnchor);
-    wordBreak = nextWordPosition(wordBreak);
+    wordBreak = nextBoundary(wordBreak, nextWordPositionBoundary);
   
     // Given RTL box "ABC DEF" either follows a LTR box or is the first visual box in an LTR block as an example,
@@ -1513 +1513 @@
 static bool positionIsInsideBox(const VisiblePosition& wordBreak, const InlineBox* box)
 {
-    InlineBox* boxOfWordBreak;
     int offsetOfWordBreak;
-    wordBreak.getInlineBoxAndOffset(boxOfWordBreak, offsetOfWordBreak);
-    return box == boxOfWordBreak && offsetOfWordBreak != box->caretMaxOffset() && offsetOfWordBreak != box->caretMinOffset();
-}
-
-VisiblePosition leftWordPosition(const VisiblePosition& visiblePosition)
+    return positionIsInBox(wordBreak, box, offsetOfWordBreak)
+        && offsetOfWordBreak != box->caretMaxOffset() && offsetOfWordBreak != box->caretMinOffset();
+}
+
+static VisiblePosition leftWordPositionAcrossBoundary(const VisiblePosition& visiblePosition)
 {
     InlineBox* box;
     int offset;
     visiblePosition.getInlineBoxAndOffset(box, offset);
+
+    if (!box)
+        return VisiblePosition();
+
     TextDirection blockDirection = directionOfEnclosingBlock(visiblePosition.deepEquivalent());
     
@@ -1538 +1541 @@
     if (blockDirection == LTR) {
         if (box->direction() == blockDirection)
-            wordBreak = previousWordPosition(visiblePosition);
+            wordBreak = previousBoundary(visiblePosition, previousWordPositionBoundary);
         else
-            wordBreak = nextWordPosition(visiblePosition);
+            wordBreak = nextBoundary(visiblePosition, nextWordPositionBoundary);
     }
     if (wordBreak.isNotNull() && positionIsInsideBox(wordBreak, box))
@@ -1556 +1559 @@
 }
 
-VisiblePosition rightWordPosition(const VisiblePosition& visiblePosition)
+static VisiblePosition rightWordPositionAcrossBoundary(const VisiblePosition& visiblePosition)
 {
     InlineBox* box;
     int offset;
     visiblePosition.getInlineBoxAndOffset(box, offset);
+
+    if (!box)
+        return VisiblePosition();
+
     TextDirection blockDirection = directionOfEnclosingBlock(visiblePosition.deepEquivalent());
     
@@ -1571 +1578 @@
     if (blockDirection == RTL) {
         if (box->direction() == blockDirection)
-            wordBreak = previousWordPosition(visiblePosition);
+            wordBreak = previousBoundary(visiblePosition, previousWordPositionBoundary);
         else
-            wordBreak = nextWordPosition(visiblePosition);
+            wordBreak = nextBoundary(visiblePosition, nextWordPositionBoundary);
     }
     if (wordBreak.isNotNull() && positionIsInsideBox(wordBreak, box))
@@ -1589 +1596 @@
 }
 
-}
+VisiblePosition leftWordPosition(const VisiblePosition& visiblePosition)
+{
+    if (visiblePosition.isNull())
+        return VisiblePosition();
+
+    VisiblePosition leftWordBreak = leftWordPositionAcrossBoundary(visiblePosition);
+    return visiblePosition.honorEditableBoundaryAtOrBefore(leftWordBreak);
+}
+
+VisiblePosition rightWordPosition(const VisiblePosition& visiblePosition)
+{
+    if (visiblePosition.isNull())
+        return VisiblePosition();
+
+    VisiblePosition rightWordBreak = rightWordPositionAcrossBoundary(visiblePosition);
+    return visiblePosition.honorEditableBoundaryAtOrBefore(rightWordBreak);
+}
+
+}