[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
tkent at chromium.org
tkent at chromium.org
Wed Dec 22 11:52:35 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit c0f3675c99ec6591e30aa1ae443b42bd75aad0a3
Author: tkent at chromium.org <tkent at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Tue Aug 10 09:26:25 2010 +0000
Fix crashes by SelectionController::modify().
https://bugs.webkit.org/show_bug.cgi?id=43032
Reviewed by Darin Adler.
WebCore:
Test: editing/selection/selection-modify-crash.html
* editing/visible_units.cpp:
(WebCore::endOfDocument): Add NULL-check for document()->documentElement().
LayoutTests:
* editing/selection/selection-modify-crash-expected.txt: Added.
* editing/selection/selection-modify-crash.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@65061 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 08fb27b..67f91f2 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,13 @@
+2010-08-10 Kent Tamura <tkent at chromium.org>
+
+ Reviewed by Darin Adler.
+
+ Fix crashes by SelectionController::modify().
+ https://bugs.webkit.org/show_bug.cgi?id=43032
+
+ * editing/selection/selection-modify-crash-expected.txt: Added.
+ * editing/selection/selection-modify-crash.html: Added.
+
2010-08-09 Eric Seidel <eric at webkit.org>
Reviewed by Adam Barth.
diff --git a/LayoutTests/editing/selection/5136696-expected.txt b/LayoutTests/editing/selection/selection-modify-crash-expected.txt
similarity index 100%
copy from LayoutTests/editing/selection/5136696-expected.txt
copy to LayoutTests/editing/selection/selection-modify-crash-expected.txt
diff --git a/LayoutTests/editing/selection/selection-modify-crash.html b/LayoutTests/editing/selection/selection-modify-crash.html
new file mode 100644
index 0000000..f5ebc84
--- /dev/null
+++ b/LayoutTests/editing/selection/selection-modify-crash.html
@@ -0,0 +1,34 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function test()
+{
+ var htmlElement = document.firstChild;
+ // Create a range.
+ var staleRange = document.createRange();
+
+ // Delete document.body:
+ var range = document.createRange();
+ range.setEndAfter(htmlElement);
+ range.deleteContents();
+
+ var selection = window.getSelection();
+ selection.addRange(staleRange);
+ selection.modify("extend", "forward", "documentboundary"); // WebKit crashed here.
+
+ // Recreate the HTML element to show 'PASS'.
+ document.appendChild(document.createElement('html'));
+ document.firstChild.innerHTML = '<body>PASS</body>';
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+</script>
+</head>
+<body onload="test()">
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index e6b600a..88259f7 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,15 @@
+2010-08-10 Kent Tamura <tkent at chromium.org>
+
+ Reviewed by Darin Adler.
+
+ Fix crashes by SelectionController::modify().
+ https://bugs.webkit.org/show_bug.cgi?id=43032
+
+ Test: editing/selection/selection-modify-crash.html
+
+ * editing/visible_units.cpp:
+ (WebCore::endOfDocument): Add NULL-check for document()->documentElement().
+
2010-08-10 Dirk Schulze <krit at webkit.org>
Reviewed by Nikolas Zimmermann.
diff --git a/WebCore/editing/visible_units.cpp b/WebCore/editing/visible_units.cpp
index 4fce2d9..f84fec0 100644
--- a/WebCore/editing/visible_units.cpp
+++ b/WebCore/editing/visible_units.cpp
@@ -1001,7 +1001,7 @@ VisiblePosition startOfDocument(const VisiblePosition &c)
VisiblePosition endOfDocument(const Node* node)
{
- if (!node || !node->document())
+ if (!node || !node->document() || !node->document()->documentElement())
return VisiblePosition();
Element* doc = node->document()->documentElement();
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list