[SCM] WebKit Debian packaging branch, webkit-1.2, updated. 1.2.5-1500-gb65db3c
Huzaifa Sidhpurwala
huzaifas at redhat.com
Tue Jan 11 11:41:49 UTC 2011
The following commit has been merged in the webkit-1.2 branch:
commit ecaba470bee172df60160e332a2347c8cc4d522a
Author: Huzaifa Sidhpurwala <huzaifas at redhat.com>
Date: Wed Dec 1 09:22:38 2010 +0530
Backport crash fix by Huzaifa Sidhpurwala <huzaifas at redhat.com>
Orginal author: rniwa at webkit.org
Crash in CompositeEditCommand::splitTreeToNode
https://bugs.webkit.org/show_bug.cgi?id=48349
Reviewed by Kent Tamura.
WebCore:
The bug was caused by indentIntoBlockquote's passing null pointer to splitTreeToNode.
Fixed the crash by adding early exits.
Test: editing/execCommand/indent-node-to-split-to-crash.html
* editing/CompositeEditCommand.cpp:
(WebCore::CompositeEditCommand::splitTreeToNode):
* editing/IndentOutdentCommand.cpp:
(WebCore::IndentOutdentCommand::indentIntoBlockquote):
LayoutTests:
Added a test to ensure WebKit does not crash when indenting.
* editing/execCommand/indent-node-to-split-to-crash-expected.txt: Added.
* editing/execCommand/indent-node-to-split-to-crash.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@70594 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/editing/execCommand/indent-node-to-split-to-crash-expected.txt b/LayoutTests/editing/execCommand/indent-node-to-split-to-crash-expected.txt
new file mode 100644
index 0000000..d952cd2
--- /dev/null
+++ b/LayoutTests/editing/execCommand/indent-node-to-split-to-crash-expected.txt
@@ -0,0 +1,2 @@
+This test ensures WebKit does not crash when indenting.
+PASS
diff --git a/LayoutTests/editing/execCommand/indent-node-to-split-to-crash.html b/LayoutTests/editing/execCommand/indent-node-to-split-to-crash.html
new file mode 100644
index 0000000..407dcb0
--- /dev/null
+++ b/LayoutTests/editing/execCommand/indent-node-to-split-to-crash.html
@@ -0,0 +1,32 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script type="text/JavaScript">
+
+function runTest() {
+ document.execCommand('usecss', null, 'false');
+
+ var div = document.getElementById('a');
+ var range = document.createRange();
+ var sNode = div.childNodes[0];
+ var eNode = div.childNodes[3];
+ range.setStart(sNode, NaN);
+ range.setEnd(eNode, NaN);
+ getSelection().removeAllRanges();
+ getSelection().addRange(range);
+
+ document.execCommand('indent', null, true);
+
+ document.body.innerHTML = 'This test ensures WebKit does not crash when intending.<br>PASS';
+
+ layoutTestController.notifyDone();
+}
+
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+
+</script>
+</head>
+<body onload="runTest()"><div contenteditable="" id="a"><div><br><div contenteditable="false"><table></table></div></div><blockquote><input></blockquote><br></br></div></body></html>
diff --git a/WebCore/editing/CompositeEditCommand.cpp b/WebCore/editing/CompositeEditCommand.cpp
index fff76a6..b4c097f 100644
--- a/WebCore/editing/CompositeEditCommand.cpp
+++ b/WebCore/editing/CompositeEditCommand.cpp
@@ -1180,6 +1180,8 @@ PassRefPtr<Node> CompositeEditCommand::splitTreeToNode(Node* start, Node* end, b
RefPtr<Node> node;
for (node = start; node && node->parent() != end; node = node->parent()) {
+ if (!node->parent()->isElementNode())
+ break;
VisiblePosition positionInParent(Position(node->parent(), 0), DOWNSTREAM);
VisiblePosition positionInNode(Position(node, 0), DOWNSTREAM);
if (positionInParent != positionInNode)
diff --git a/WebCore/editing/IndentOutdentCommand.cpp b/WebCore/editing/IndentOutdentCommand.cpp
index 9830ca0..e2bf8cc 100644
--- a/WebCore/editing/IndentOutdentCommand.cpp
+++ b/WebCore/editing/IndentOutdentCommand.cpp
@@ -113,6 +113,9 @@ void IndentOutdentCommand::indentIntoBlockquote(const VisiblePosition& endOfCurr
else
nodeToSplitTo = editableRootForPosition(start);
+ if (!nodeToSplitTo)
+ return;
+
RefPtr<Node> outerBlock = (start.node() == nodeToSplitTo) ? start.node() : splitTreeToNode(start.node(), nodeToSplitTo);
if (!targetBlockquote) {
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list