Title: [175809] trunk
- Revision
- 175809
- Author
- o...@webkit.org
- Date
- 2014-11-10 08:20:43 -0800 (Mon, 10 Nov 2014)
Log Message
Crash in WebCore::Node::getFlag
https://bugs.webkit.org/show_bug.cgi?id=137961
Reviewed by Antti Koivisto.
Source/WebCore:
* editing/ApplyStyleCommand.cpp:
(WebCore::ApplyStyleCommand::applyBlockStyle): Null pointer check added.
LayoutTests:
* editing/execCommand/crash-137961-expected.txt: Added.
* editing/execCommand/crash-137961.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (175808 => 175809)
--- trunk/LayoutTests/ChangeLog 2014-11-10 15:37:29 UTC (rev 175808)
+++ trunk/LayoutTests/ChangeLog 2014-11-10 16:20:43 UTC (rev 175809)
@@ -1,3 +1,13 @@
+2014-11-10 Csaba Osztrogonác <o...@webkit.org>
+
+ Crash in WebCore::Node::getFlag
+ https://bugs.webkit.org/show_bug.cgi?id=137961
+
+ Reviewed by Antti Koivisto.
+
+ * editing/execCommand/crash-137961-expected.txt: Added.
+ * editing/execCommand/crash-137961.html: Added.
+
2014-11-10 Mihnea Ovidenie <mih...@adobe.com>
ASSERTION FAILED: !object || !object->parent()->isRuby() || is<RenderRubyRun>(*object) || (object->isInline() && (object->isBeforeContent() || object->isAfterContent())) || (object->isAnonymous() && ... ) in WebCore::isAnonymousRubyInlineBlock
Added: trunk/LayoutTests/editing/execCommand/crash-137961-expected.txt (0 => 175809)
--- trunk/LayoutTests/editing/execCommand/crash-137961-expected.txt (rev 0)
+++ trunk/LayoutTests/editing/execCommand/crash-137961-expected.txt 2014-11-10 16:20:43 UTC (rev 175809)
@@ -0,0 +1,3 @@
+Test for bug Crash in WebCore::Node::getFlag
+
+This test passes if it doesn't crash.
Added: trunk/LayoutTests/editing/execCommand/crash-137961.html (0 => 175809)
--- trunk/LayoutTests/editing/execCommand/crash-137961.html (rev 0)
+++ trunk/LayoutTests/editing/execCommand/crash-137961.html 2014-11-10 16:20:43 UTC (rev 175809)
@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<html contenteditable>
+<head>
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+
+function test() {
+ document.execCommand("selectAll", false, null);
+ document.execCommand("createlink", true, "http://www.example.com");
+ document.execCommand("removeFormat", false, null);
+ document.write("<p>Test for bug <a href="" in WebCore::Node::getFlag</a></p>");
+ document.write("<p>This test passes if it doesn't crash.</p>");
+}
+</script>
+<style>
+* {
+ display:table-row-group;
+}
+</style>
+</head>
+<body _onload_='test();' hidden>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (175808 => 175809)
--- trunk/Source/WebCore/ChangeLog 2014-11-10 15:37:29 UTC (rev 175808)
+++ trunk/Source/WebCore/ChangeLog 2014-11-10 16:20:43 UTC (rev 175809)
@@ -1,3 +1,13 @@
+2014-11-10 Csaba Osztrogonác <o...@webkit.org>
+
+ Crash in WebCore::Node::getFlag
+ https://bugs.webkit.org/show_bug.cgi?id=137961
+
+ Reviewed by Antti Koivisto.
+
+ * editing/ApplyStyleCommand.cpp:
+ (WebCore::ApplyStyleCommand::applyBlockStyle): Null pointer check added.
+
2014-11-10 Mihnea Ovidenie <mih...@adobe.com>
ASSERTION FAILED: !object || !object->parent()->isRuby() || is<RenderRubyRun>(*object) || (object->isInline() && (object->isBeforeContent() || object->isAfterContent())) || (object->isAnonymous() && ... ) in WebCore::isAnonymousRubyInlineBlock
Modified: trunk/Source/WebCore/editing/ApplyStyleCommand.cpp (175808 => 175809)
--- trunk/Source/WebCore/editing/ApplyStyleCommand.cpp 2014-11-10 15:37:29 UTC (rev 175808)
+++ trunk/Source/WebCore/editing/ApplyStyleCommand.cpp 2014-11-10 16:20:43 UTC (rev 175809)
@@ -257,6 +257,9 @@
// addBlockStyleIfNeeded may moveParagraphs, which can remove these endpoints.
// Calculate start and end indices from the start of the tree that they're in.
Node* scope = highestEditableRoot(visibleStart.deepEquivalent());
+ if (!scope)
+ return;
+
RefPtr<Range> startRange = Range::create(document(), firstPositionInNode(scope), visibleStart.deepEquivalent().parentAnchoredEquivalent());
RefPtr<Range> endRange = Range::create(document(), firstPositionInNode(scope), visibleEnd.deepEquivalent().parentAnchoredEquivalent());
int startIndex = TextIterator::rangeLength(startRange.get(), true);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
