[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc

inferno at chromium.org inferno at chromium.org
Wed Dec 22 11:22:19 UTC 2010 

The following commit has been merged in the debian/experimental branch:
commit 776ab18fe13749e90c2a1e7632745b1d89132582
Author: inferno at chromium.org <inferno at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Tue Jul 20 21:11:52 2010 +0000

    2010-07-20  Abhishek Arya  <inferno at chromium.org>
    
            Reviewed by David Hyatt.
    
            Check the node is a text node before doing the static cast
            for editing commands.
            https://bugs.webkit.org/show_bug.cgi?id=42655
    
            Test: editing/execCommand/editing-nontext-node-crash.xhtml
    
            * editing/DeleteSelectionCommand.cpp:
            (WebCore::DeleteSelectionCommand::fixupWhitespace):
            * editing/InsertLineBreakCommand.cpp:
            (WebCore::InsertLineBreakCommand::doApply):
            * editing/InsertParagraphSeparatorCommand.cpp:
            (WebCore::InsertParagraphSeparatorCommand::doApply):
    2010-07-20  Abhishek Arya  <inferno at chromium.org>
    
            Reviewed by David Hyatt.
    
            Tests that applying an editing command on a non text node does not
            result in crash.
            https://bugs.webkit.org/show_bug.cgi?id=42655
    
            * editing/execCommand/editing-nontext-node-crash-expected.txt: Added.
            * editing/execCommand/editing-nontext-node-crash.xhtml: Added.
    
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@63773 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index e27a3cc..7bdb89a 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,14 @@
+2010-07-20  Abhishek Arya  <inferno at chromium.org>
+
+        Reviewed by David Hyatt.
+
+        Tests that applying an editing command on a non text node does not
+        result in crash.
+        https://bugs.webkit.org/show_bug.cgi?id=42655
+
+        * editing/execCommand/editing-nontext-node-crash-expected.txt: Added.
+        * editing/execCommand/editing-nontext-node-crash.xhtml: Added.
+
 2010-07-20  Leo Yang  <leo.yang at torchmobile.com.cn>
 
         Reviewed by David Hyatt.
diff --git a/LayoutTests/editing/execCommand/editing-nontext-node-crash-expected.txt b/LayoutTests/editing/execCommand/editing-nontext-node-crash-expected.txt
new file mode 100644
index 0000000..6f4cec3
--- /dev/null
+++ b/LayoutTests/editing/execCommand/editing-nontext-node-crash-expected.txt
@@ -0,0 +1,4 @@
+This tests passes if it does not crash.
+
+PASS
+
diff --git a/LayoutTests/editing/execCommand/editing-nontext-node-crash.xhtml b/LayoutTests/editing/execCommand/editing-nontext-node-crash.xhtml
new file mode 100644
index 0000000..964b5f1
--- /dev/null
+++ b/LayoutTests/editing/execCommand/editing-nontext-node-crash.xhtml
@@ -0,0 +1,36 @@
+<html xmlns="http://www.w3.org/1999/xhtml">
+    <head> 
+        <script>//<![CDATA[
+            if (window.layoutTestController)
+                layoutTestController.dumpAsText();
+
+            var selection = window.getSelection();
+            function runEditingTest() {
+                var elem = document.getElementById("test2");
+                selection.setPosition(elem, 0);
+                for (i = 0; i < 21; i++)
+                    selection.modify("move", "forward", "character");
+                document.execCommand("Delete");
+                
+                // Test completed without crash.
+                document.getElementById("test1").removeChild(elem);
+                document.getElementById("result").innerHTML = "PASS";
+            }
+        //]]></script>                   
+    </head>  
+    <body onload="runEditingTest()">
+        <p>This tests passes if it does not crash.</p>
+        <div id="result"></div>
+        <div id="test1" contenteditable="">
+            <span id="test2">Something Something <br/>
+                <svg xmlns="http://www.w3.org/2000/svg">
+                    <html xmlns="http://www.w3.org/1999/xhtml">
+                        <body>
+                        </body>
+                    </html>
+                </svg>
+            </span>
+        </div>
+    </body>  
+</html>
+
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 5aa6bb6..7471a48 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,20 @@
+2010-07-20  Abhishek Arya  <inferno at chromium.org>
+
+        Reviewed by David Hyatt.
+
+        Check the node is a text node before doing the static cast
+        for editing commands.
+        https://bugs.webkit.org/show_bug.cgi?id=42655
+
+        Test: editing/execCommand/editing-nontext-node-crash.xhtml
+
+        * editing/DeleteSelectionCommand.cpp:
+        (WebCore::DeleteSelectionCommand::fixupWhitespace):
+        * editing/InsertLineBreakCommand.cpp:
+        (WebCore::InsertLineBreakCommand::doApply):
+        * editing/InsertParagraphSeparatorCommand.cpp:
+        (WebCore::InsertParagraphSeparatorCommand::doApply):
+
 2010-07-20  Leo Yang  <leo.yang at torchmobile.com.cn>
 
         Reviewed by David Hyatt.
diff --git a/WebCore/editing/DeleteSelectionCommand.cpp b/WebCore/editing/DeleteSelectionCommand.cpp
index 623b188..c37b0fc 100644
--- a/WebCore/editing/DeleteSelectionCommand.cpp
+++ b/WebCore/editing/DeleteSelectionCommand.cpp
@@ -537,12 +537,12 @@ void DeleteSelectionCommand::fixupWhitespace()
 {
     updateLayout();
     // FIXME: isRenderedCharacter should be removed, and we should use VisiblePosition::characterAfter and VisiblePosition::characterBefore
-    if (m_leadingWhitespace.isNotNull() && !m_leadingWhitespace.isRenderedCharacter()) {
+    if (m_leadingWhitespace.isNotNull() && !m_leadingWhitespace.isRenderedCharacter() && m_leadingWhitespace.node()->isTextNode()) {
         Text* textNode = static_cast<Text*>(m_leadingWhitespace.node());
         ASSERT(!textNode->renderer() || textNode->renderer()->style()->collapseWhiteSpace());
         replaceTextInNode(textNode, m_leadingWhitespace.deprecatedEditingOffset(), 1, nonBreakingSpaceString());
     }
-    if (m_trailingWhitespace.isNotNull() && !m_trailingWhitespace.isRenderedCharacter()) {
+    if (m_trailingWhitespace.isNotNull() && !m_trailingWhitespace.isRenderedCharacter() && m_trailingWhitespace.node()->isTextNode()) {
         Text* textNode = static_cast<Text*>(m_trailingWhitespace.node());
         ASSERT(!textNode->renderer() ||textNode->renderer()->style()->collapseWhiteSpace());
         replaceTextInNode(textNode, m_trailingWhitespace.deprecatedEditingOffset(), 1, nonBreakingSpaceString());
diff --git a/WebCore/editing/InsertLineBreakCommand.cpp b/WebCore/editing/InsertLineBreakCommand.cpp
index d805acf..f815d98 100644
--- a/WebCore/editing/InsertLineBreakCommand.cpp
+++ b/WebCore/editing/InsertLineBreakCommand.cpp
@@ -136,11 +136,8 @@ void InsertLineBreakCommand::doApply()
     } else if (pos.deprecatedEditingOffset() >= caretMaxOffset(pos.node()) || !pos.node()->isTextNode()) {
         insertNodeAt(nodeToInsert.get(), pos);
         setEndingSelection(VisibleSelection(positionInParentAfterNode(nodeToInsert.get()), DOWNSTREAM));
-    } else {
+    } else if (pos.node()->isTextNode()) {
         // Split a text node
-        ASSERT(pos.node()->isTextNode());
-        
-        // Do the split
         Text* textNode = static_cast<Text*>(pos.node());
         splitTextNode(textNode, pos.deprecatedEditingOffset());
         insertNodeBefore(nodeToInsert, textNode);
diff --git a/WebCore/editing/InsertParagraphSeparatorCommand.cpp b/WebCore/editing/InsertParagraphSeparatorCommand.cpp
index d8aa98f..a3dfa83 100644
--- a/WebCore/editing/InsertParagraphSeparatorCommand.cpp
+++ b/WebCore/editing/InsertParagraphSeparatorCommand.cpp
@@ -312,7 +312,7 @@ void InsertParagraphSeparatorCommand::doApply()
     Position leadingWhitespace = insertionPosition.leadingWhitespacePosition(VP_DEFAULT_AFFINITY);
     // FIXME: leadingWhitespacePosition is returning the position before preserved newlines for positions
     // after the preserved newline, causing the newline to be turned into a nbsp.
-    if (leadingWhitespace.isNotNull()) {
+    if (leadingWhitespace.isNotNull() && leadingWhitespace.node()->isTextNode()) {
         Text* textNode = static_cast<Text*>(leadingWhitespace.node());
         ASSERT(!textNode->renderer() || textNode->renderer()->style()->collapseWhiteSpace());
         replaceTextInNode(textNode, leadingWhitespace.deprecatedEditingOffset(), 1, nonBreakingSpaceString());
@@ -385,10 +385,10 @@ void InsertParagraphSeparatorCommand::doApply()
         insertionPosition = Position(insertionPosition.node(), 0);
         if (!insertionPosition.isRenderedCharacter()) {
             // Clear out all whitespace and insert one non-breaking space
-            ASSERT(insertionPosition.node()->isTextNode());
             ASSERT(!insertionPosition.node()->renderer() || insertionPosition.node()->renderer()->style()->collapseWhiteSpace());
             deleteInsignificantTextDownstream(insertionPosition);
-            insertTextIntoNode(static_cast<Text*>(insertionPosition.node()), 0, nonBreakingSpaceString());
+            if (insertionPosition.node()->isTextNode())
+                insertTextIntoNode(static_cast<Text*>(insertionPosition.node()), 0, nonBreakingSpaceString());
         }
     }
 

-- 
WebKit Debian packaging

More information about the Pkg-webkit-commits mailing list