[webkit-changes] [272008] trunk

Thu, 28 Jan 2021 02:59:05 -0800

Title: [272008] trunk
Revision
272008
Author
commit-qu...@webkit.org
Date
2021-01-28 02:58:23 -0800 (Thu, 28 Jan 2021)

Log Message

Crash from CompositeEditCommand::moveParagraphs() using Position instead of VisiblePosition
https://bugs.webkit.org/show_bug.cgi?id=220955

Patch by Julian Gonzalez <julian_a_gonza...@apple.com> on 2021-01-28
Reviewed by Ryosuke Niwa.

Source/WebCore:

If the start or end VisiblePositions inside InsertListCommand::moveParagraphs()
are null, then makeSimpleRange(start, end) will not return a usable SimpleRange.
Bail out early in this case, similar to bug 220630.

Test: editing/inserting/paragraph-outdent-animationframe-crash.html

* editing/CompositeEditCommand.cpp:
(WebCore::CompositeEditCommand::moveParagraphs):

LayoutTests:

Add a test to verify that the crash here is resolved
using requestAnimationFrame(). Thanks to Ryosuke Niwa
for cleaning this up and making it reliable.

* editing/inserting/paragraph-outdent-animationframe-crash-expected.txt: Added.
* editing/inserting/paragraph-outdent-animationframe-crash.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (272007 => 272008)


--- trunk/LayoutTests/ChangeLog	2021-01-28 10:20:15 UTC (rev 272007)
+++ trunk/LayoutTests/ChangeLog	2021-01-28 10:58:23 UTC (rev 272008)
@@ -1,3 +1,17 @@
+2021-01-28  Julian Gonzalez  <julian_a_gonza...@apple.com>
+
+        Crash from CompositeEditCommand::moveParagraphs() using Position instead of VisiblePosition
+        https://bugs.webkit.org/show_bug.cgi?id=220955
+
+        Reviewed by Ryosuke Niwa.
+
+        Add a test to verify that the crash here is resolved
+        using requestAnimationFrame(). Thanks to Ryosuke Niwa
+        for cleaning this up and making it reliable.
+
+        * editing/inserting/paragraph-outdent-animationframe-crash-expected.txt: Added.
+        * editing/inserting/paragraph-outdent-animationframe-crash.html: Added.
+
 2021-01-28  Manuel Rego Casasnovas  <r...@igalia.com>
 
         [selectors] Update :focus-visible tests from WPT

Added: trunk/LayoutTests/editing/inserting/paragraph-outdent-animationframe-crash-expected.txt (0 => 272008)


--- trunk/LayoutTests/editing/inserting/paragraph-outdent-animationframe-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/editing/inserting/paragraph-outdent-animationframe-crash-expected.txt	2021-01-28 10:58:23 UTC (rev 272008)
@@ -0,0 +1,3 @@
+This tests that we do not crash while outdenting paragraphs. PASS
+
+

Added: trunk/LayoutTests/editing/inserting/paragraph-outdent-animationframe-crash.html (0 => 272008)


--- trunk/LayoutTests/editing/inserting/paragraph-outdent-animationframe-crash.html	                        (rev 0)
+++ trunk/LayoutTests/editing/inserting/paragraph-outdent-animationframe-crash.html	2021-01-28 10:58:23 UTC (rev 272008)
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+function runTest() {
+    if (window.testRunner)
+        testRunner.dumpAsText();
+    iframe.contentWindow._onpagehide_ = () => {
+        document.execCommand("indent", false);
+        document.execCommand("selectAll", false);
+    };
+    document.execCommand("selectAll", false);
+    document.execCommand("outdent", false);
+}
+</script>
+</head>
+<body _onload_="runTest()" contenteditable>
+    This tests that we do not crash while outdenting paragraphs.
+    PASS
+    <ol>
+        <li>
+            <iframe id="iframe"></iframe>
+        </li>
+    </ol>
+</body>
+</html>
\ No newline at end of file

Modified: trunk/Source/WebCore/ChangeLog (272007 => 272008)


--- trunk/Source/WebCore/ChangeLog	2021-01-28 10:20:15 UTC (rev 272007)
+++ trunk/Source/WebCore/ChangeLog	2021-01-28 10:58:23 UTC (rev 272008)
@@ -1,3 +1,19 @@
+2021-01-28  Julian Gonzalez  <julian_a_gonza...@apple.com>
+
+        Crash from CompositeEditCommand::moveParagraphs() using Position instead of VisiblePosition
+        https://bugs.webkit.org/show_bug.cgi?id=220955
+
+        Reviewed by Ryosuke Niwa.
+
+        If the start or end VisiblePositions inside InsertListCommand::moveParagraphs()
+        are null, then makeSimpleRange(start, end) will not return a usable SimpleRange.
+        Bail out early in this case, similar to bug 220630.
+
+        Test: editing/inserting/paragraph-outdent-animationframe-crash.html
+
+        * editing/CompositeEditCommand.cpp:
+        (WebCore::CompositeEditCommand::moveParagraphs):
+
 2021-01-27  Antoine Quint  <grao...@webkit.org>
 
         REGRESSION(r268615): images flicker on apple.com/ios/ios-14

Modified: trunk/Source/WebCore/editing/CompositeEditCommand.cpp (272007 => 272008)


--- trunk/Source/WebCore/editing/CompositeEditCommand.cpp	2021-01-28 10:20:15 UTC (rev 272007)
+++ trunk/Source/WebCore/editing/CompositeEditCommand.cpp	2021-01-28 10:58:23 UTC (rev 272008)
@@ -1411,9 +1411,12 @@
 
     // We upstream() the end and downstream() the start so that we don't include collapsed whitespace in the move.
     // When we paste a fragment, spaces after the end and before the start are treated as though they were rendered.
-    auto start = startOfParagraphToMove.deepEquivalent().downstream();
-    auto end = endOfParagraphToMove.deepEquivalent().upstream();
+    VisiblePosition start = startOfParagraphToMove.deepEquivalent().downstream();
+    VisiblePosition end = endOfParagraphToMove.deepEquivalent().upstream();
 
+    if (start.isNull() || end.isNull())
+        return;
+
     // FIXME: Serializing and re-parsing is an inefficient way to preserve style.
     RefPtr<DocumentFragment> fragment;
     if (startOfParagraphToMove != endOfParagraphToMove)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to