Title: [287952] trunk/Source/WebCore
- Revision
- 287952
- Author
- commit-qu...@webkit.org
- Date
- 2022-01-12 14:49:05 -0800 (Wed, 12 Jan 2022)
Log Message
Verify startNode is prior to the beyondEnd node
https://bugs.webkit.org/show_bug.cgi?id=230712
Patch by Brandon Stewart <brandonstew...@apple.com> on 2022-01-12
Reviewed by Wenson Hsieh.
Verify that the startNode is prior to the beyondEnd. If this condition is not met,
this will lead to undesirable situations when traversing through the nodes.
* editing/ApplyStyleCommand.cpp:
(WebCore::ApplyStyleCommand::applyRelativeFontStyleChange):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (287951 => 287952)
--- trunk/Source/WebCore/ChangeLog 2022-01-12 22:37:24 UTC (rev 287951)
+++ trunk/Source/WebCore/ChangeLog 2022-01-12 22:49:05 UTC (rev 287952)
@@ -1,3 +1,16 @@
+2022-01-12 Brandon Stewart <brandonstew...@apple.com>
+
+ Verify startNode is prior to the beyondEnd node
+ https://bugs.webkit.org/show_bug.cgi?id=230712
+
+ Reviewed by Wenson Hsieh.
+
+ Verify that the startNode is prior to the beyondEnd. If this condition is not met,
+ this will lead to undesirable situations when traversing through the nodes.
+
+ * editing/ApplyStyleCommand.cpp:
+ (WebCore::ApplyStyleCommand::applyRelativeFontStyleChange):
+
2022-01-12 Fujii Hironori <hironori.fu...@sony.com>
[MediaFoundation] Invalidate only the videa area using MediaPlayer::repaint(), not the whole FrameView
Modified: trunk/Source/WebCore/editing/ApplyStyleCommand.cpp (287951 => 287952)
--- trunk/Source/WebCore/editing/ApplyStyleCommand.cpp 2022-01-12 22:37:24 UTC (rev 287951)
+++ trunk/Source/WebCore/editing/ApplyStyleCommand.cpp 2022-01-12 22:49:05 UTC (rev 287952)
@@ -304,6 +304,9 @@
if (end < start)
std::swap(start, end);
+ if (start.treeScope() != end.treeScope())
+ return;
+
// Join up any adjacent text nodes.
if (is<Text>(start.deprecatedNode())) {
joinChildTextNodes(start.deprecatedNode()->parentNode(), start, end);
@@ -344,7 +347,7 @@
// Calculate loop end point.
// If the end node is before the start node (can only happen if the end node is
- // an ancestor of the start node), we gather nodes up to the next sibling of the end node
+ // an ancestor of the start node), we gather nodes up to the next sibling of the end node.
RefPtr<Node> beyondEnd;
ASSERT(start.deprecatedNode());
ASSERT(end.deprecatedNode());
@@ -356,10 +359,17 @@
start = start.upstream(); // Move upstream to ensure we do not add redundant spans.
RefPtr startNode { start.deprecatedNode() };
- // Make sure we're not already at the end or the next NodeTraversal::next() will traverse past it.
- if (startNode == beyondEnd)
+ if (!startNode)
return;
-
+
+ // Ensure the startNode is not at or past the beyondEnd when node traversal
+ // is performed in the following loops below.
+ if (beyondEnd) {
+ auto treeOrderPos = treeOrder(*startNode, *beyondEnd);
+ if (is_gt(treeOrderPos) || is_eq(treeOrderPos))
+ return;
+ }
+
if (is<Text>(*startNode) && start.deprecatedEditingOffset() >= caretMaxOffset(*startNode)) {
// Move out of text node if range does not include its characters.
startNode = NodeTraversal::next(*startNode);
@@ -371,7 +381,7 @@
// This ensures that changes to one node won't effect another.
HashMap<Ref<Node>, float> startingFontSizes;
for (auto node = startNode; node != beyondEnd; node = NodeTraversal::next(*node)) {
- ASSERT(node);
+ RELEASE_ASSERT(node);
startingFontSizes.set(*node, computedFontSize(node.get()));
}
@@ -381,7 +391,8 @@
RefPtr<Node> lastStyledNode;
bool reachedEnd = false;
for (auto node = startNode; node != beyondEnd && !reachedEnd; node = NodeTraversal::next(*node)) {
- ASSERT(node);
+ RELEASE_ASSERT(node);
+
RefPtr<HTMLElement> element;
if (is<HTMLElement>(*node)) {
// Only work on fully selected nodes.
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
