[SCM] WebKit Debian packaging branch, debian/experimental, updated. upstream/1.3.3-9427-gc2be6fc
rniwa at webkit.org
rniwa at webkit.org
Wed Dec 22 15:12:04 UTC 2010
The following commit has been merged in the debian/experimental branch:
commit 2683322b290696740e31cd0a87fb522bf41a9f90
Author: rniwa at webkit.org <rniwa at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Oct 28 23:07:49 2010 +0000
2010-10-28 Ryosuke Niwa <rniwa at webkit.org>
Reviewed by Tony Chang.
chrome.dll!WebCore::Node::shadowAncestorNode ReadAV at NULL (98643190851b5662363449cc7303d8a5)
https://bugs.webkit.org/show_bug.cgi?id=47888
The crash was caused by the while loop in ApplyStyleCommand::fixRangeAndApplyInlineStyle
not considering the case where startNode is the root editable element.
Fixed the bug by not entering the loop when startNode is the editable root.
Test: editing/style/fix-range-from-root-editable-crash.html
* editing/ApplyStyleCommand.cpp:
(WebCore::ApplyStyleCommand::fixRangeAndApplyInlineStyle):
2010-10-28 Ryosuke Niwa <rniwa at webkit.org>
Reviewed by Tony Chang.
chrome.dll!WebCore::Node::shadowAncestorNode ReadAV at NULL (98643190851b5662363449cc7303d8a5)
https://bugs.webkit.org/show_bug.cgi?id=47888
Added a test to ensure ApplyStyleCommand::fixRangeAndApplyInlineStyle doesn't crash
when startNode is body and it is, therefore, the editable root.
Note that the test does not reproduce the crash when DOCTYPE is added.
* editing/style/fix-range-from-root-editable-crash-expected.txt: Added.
* editing/style/fix-range-from-root-editable-crash.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@70821 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 5b64745..04cfa57 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,18 @@
+2010-10-28 Ryosuke Niwa <rniwa at webkit.org>
+
+ Reviewed by Tony Chang.
+
+ chrome.dll!WebCore::Node::shadowAncestorNode ReadAV at NULL (98643190851b5662363449cc7303d8a5)
+ https://bugs.webkit.org/show_bug.cgi?id=47888
+
+ Added a test to ensure ApplyStyleCommand::fixRangeAndApplyInlineStyle doesn't crash
+ when startNode is body and it is, therefore, the editable root.
+
+ Note that the test does not reproduce the crash when DOCTYPE is added.
+
+ * editing/style/fix-range-from-root-editable-crash-expected.txt: Added.
+ * editing/style/fix-range-from-root-editable-crash.html: Added.
+
2010-10-28 Adrienne Walker <enne at google.com>
Reviewed by Kenneth Russell.
diff --git a/LayoutTests/editing/style/fix-range-from-root-editable-crash-expected.txt b/LayoutTests/editing/style/fix-range-from-root-editable-crash-expected.txt
new file mode 100644
index 0000000..85dc8e0
--- /dev/null
+++ b/LayoutTests/editing/style/fix-range-from-root-editable-crash-expected.txt
@@ -0,0 +1,2 @@
+This tests ApplyStyleCommand::fixRangeAndApplyInlineStyle does not crash when startNode is body.
+PASS
diff --git a/LayoutTests/editing/style/fix-range-from-root-editable-crash.html b/LayoutTests/editing/style/fix-range-from-root-editable-crash.html
new file mode 100644
index 0000000..635f6fd
--- /dev/null
+++ b/LayoutTests/editing/style/fix-range-from-root-editable-crash.html
@@ -0,0 +1,20 @@
+<html>
+<head>
+<script>
+
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+function go() {
+ document.designMode = "on";
+ document.execCommand("SelectAll", false, null);
+ document.execCommand("strikethrough", false, null);
+ document.body.innerHTML = 'This tests ApplyStyleCommand::fixRangeAndApplyInlineStyle does not crash when startNode is body.<br>PASS';
+ layoutTestController.notifyDone();
+}
+</script>
+</head>
+<body onload="go()"><div><img></div></body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 45710ca..d2041cf 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,19 @@
+2010-10-28 Ryosuke Niwa <rniwa at webkit.org>
+
+ Reviewed by Tony Chang.
+
+ chrome.dll!WebCore::Node::shadowAncestorNode ReadAV at NULL (98643190851b5662363449cc7303d8a5)
+ https://bugs.webkit.org/show_bug.cgi?id=47888
+
+ The crash was caused by the while loop in ApplyStyleCommand::fixRangeAndApplyInlineStyle
+ not considering the case where startNode is the root editable element.
+ Fixed the bug by not entering the loop when startNode is the editable root.
+
+ Test: editing/style/fix-range-from-root-editable-crash.html
+
+ * editing/ApplyStyleCommand.cpp:
+ (WebCore::ApplyStyleCommand::fixRangeAndApplyInlineStyle):
+
2010-10-28 Noam Rosenthal <noam.rosenthal at nokia.com>
Reviewed by Ariya Hidayat.
diff --git a/WebCore/editing/ApplyStyleCommand.cpp b/WebCore/editing/ApplyStyleCommand.cpp
index 9187eb6..8862da7 100644
--- a/WebCore/editing/ApplyStyleCommand.cpp
+++ b/WebCore/editing/ApplyStyleCommand.cpp
@@ -1123,8 +1123,10 @@ void ApplyStyleCommand::fixRangeAndApplyInlineStyle(CSSMutableStyleDeclaration*
// to generate <font color="blue" size="4">hello</font> instead of <font color="blue"><font size="4">hello</font></font>
RefPtr<Range> range = Range::create(startNode->document(), start, end);
Element* editableRoot = startNode->rootEditableElement();
- while (editableRoot && startNode->parentNode() != editableRoot && isNodeVisiblyContainedWithin(startNode->parentNode(), range.get()))
- startNode = startNode->parentNode();
+ if (startNode != editableRoot) {
+ while (editableRoot && startNode->parentNode() != editableRoot && isNodeVisiblyContainedWithin(startNode->parentNode(), range.get()))
+ startNode = startNode->parentNode();
+ }
applyInlineStyleToNodeRange(style, startNode, pastEndNode);
}
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list