Skip to site navigation (Press enter)

[webkit-changes] [91395] trunk

commit-queue Wed, 20 Jul 2011 13:30:33 -0700

Title: [91395] trunk

Revision: 91395
Author: commit-qu...@webkit.org
Date: 2011-07-20 13:30:28 -0700 (Wed, 20 Jul 2011)

Log Message

WebKit crashes on selection when documentElement is removed.
https://bugs.webkit.org/show_bug.cgi?id=63908


Source/WebCore:

This patch adds NULL pointer validation for documentElement
in WebCore::startOfDocument

Patch by Kulanthaivel Palanichamy <kulanthai...@codeaurora.org> on 2011-07-20
Reviewed by Eric Seidel.

Test: editing/selection/selection-empty-documentElement.html

* editing/visible_units.cpp:
(WebCore::startOfDocument):

LayoutTests:

Patch by Kulanthaivel Palanichamy <kulanthai...@codeaurora.org> on 2011-07-20
Reviewed by Eric Seidel.

* editing/selection/selection-empty-documentElement-expected.txt: Added.
* editing/selection/selection-empty-documentElement.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/editing/visible_units.cpp

Added Paths

trunk/LayoutTests/editing/selection/selection-empty-documentElement-expected.txt
trunk/LayoutTests/editing/selection/selection-empty-documentElement.html

Diff

Modified: trunk/LayoutTests/ChangeLog (91394 => 91395)


--- trunk/LayoutTests/ChangeLog	2011-07-20 20:25:15 UTC (rev 91394)
+++ trunk/LayoutTests/ChangeLog	2011-07-20 20:30:28 UTC (rev 91395)
@@ -1,3 +1,13 @@
+2011-07-20  Kulanthaivel Palanichamy  <kulanthai...@codeaurora.org>
+
+        WebKit crashes on selection when documentElement is removed.
+        https://bugs.webkit.org/show_bug.cgi?id=63908
+
+        Reviewed by Eric Seidel.
+
+        * editing/selection/selection-empty-documentElement-expected.txt: Added.
+        * editing/selection/selection-empty-documentElement.html: Added.
+
 2011-07-20  Tony Chang  <t...@chromium.org>
 
         Stale pointer due to floats not removed (flexible box display)

Added: trunk/LayoutTests/editing/selection/selection-empty-documentElement-expected.txt (0 => 91395)


--- trunk/LayoutTests/editing/selection/selection-empty-documentElement-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/editing/selection/selection-empty-documentElement-expected.txt	2011-07-20 20:30:28 UTC (rev 91395)
@@ -0,0 +1,3 @@
+Test for bug https://bugs.webkit.org/show_bug.cgi?id=63908
+
+This test shouldn't crash

Added: trunk/LayoutTests/editing/selection/selection-empty-documentElement.html (0 => 91395)


--- trunk/LayoutTests/editing/selection/selection-empty-documentElement.html	                        (rev 0)
+++ trunk/LayoutTests/editing/selection/selection-empty-documentElement.html	2011-07-20 20:30:28 UTC (rev 91395)
@@ -0,0 +1,26 @@
+<html>
+<head>
+<script>
+function runTest() {
+    if (window.layoutTestController)
+        layoutTestController.dumpAsText();
+
+    var oSelection = window.getSelection();
+    var de = document.documentElement;
+    document.removeChild(document.documentElement);
+    oSelection.modify("move","backward","documentboundary");
+
+    var html = document.createElement('html');
+    var body = document.createElement('body');
+    body.innerHTML="<p>Test for bug <a href="" test shouldn\'t crash</p>";
+    html.appendChild(body);
+    document.appendChild(html);
+}
+</script>
+</head>
+<body>
+<script>
+runTest();
+</script>
+</body>
+</html>
\ No newline at end of file

Modified: trunk/Source/WebCore/ChangeLog (91394 => 91395)


--- trunk/Source/WebCore/ChangeLog	2011-07-20 20:25:15 UTC (rev 91394)
+++ trunk/Source/WebCore/ChangeLog	2011-07-20 20:30:28 UTC (rev 91395)
@@ -1,3 +1,18 @@
+2011-07-20  Kulanthaivel Palanichamy  <kulanthai...@codeaurora.org>
+
+        WebKit crashes on selection when documentElement is removed.
+        https://bugs.webkit.org/show_bug.cgi?id=63908
+
+        This patch adds NULL pointer validation for documentElement
+        in WebCore::startOfDocument
+
+        Reviewed by Eric Seidel.
+
+        Test: editing/selection/selection-empty-documentElement.html
+
+        * editing/visible_units.cpp:
+        (WebCore::startOfDocument):
+
 2011-07-20  Mike Reed  <r...@google.com>
 
         [skia] use nocheck version of pixel packer when caller already has premultiplied data

Modified: trunk/Source/WebCore/editing/visible_units.cpp (91394 => 91395)


--- trunk/Source/WebCore/editing/visible_units.cpp	2011-07-20 20:25:15 UTC (rev 91394)
+++ trunk/Source/WebCore/editing/visible_units.cpp	2011-07-20 20:30:28 UTC (rev 91395)
@@ -989,7 +989,7 @@
 
 VisiblePosition startOfDocument(const Node* node)
 {
-    if (!node)
+    if (!node || !node->document() || !node->document()->documentElement())
         return VisiblePosition();
     
     return VisiblePosition(firstPositionInNode(node->document()->documentElement()), DOWNSTREAM);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes