Skip to site navigation (Press enter)

[webkit-changes] [204814] releases/WebKitGTK/webkit-2.12

carlosgc Tue, 23 Aug 2016 04:43:31 -0700

Title: [204814] releases/WebKitGTK/webkit-2.12

Revision: 204814
Author: [email protected]
Date: 2016-08-23 04:42:38 -0700 (Tue, 23 Aug 2016)

Log Message

[GTK] Null Node dereference in FrameSelection::notifyAccessibilityForSelectionChange of FrameSelectionAtk.cpp
https://bugs.webkit.org/show_bug.cgi?id=159411


Patch by Fujii Hironori <[email protected]> on 2016-07-04
Reviewed by Carlos Garcia Campos.

Source/WebCore:

Tests:
    editing/selection/selection-in-iframe-removed-crash.html

* editing/atk/FrameSelectionAtk.cpp:
(WebCore::FrameSelection::notifyAccessibilityForSelectionChange):
Added a null check for the return value of containerNode().

LayoutTests:

* platform/gtk/TestExpectations: Removed a crash expectation of
editing/selection/selection-in-iframe-removed-crash.html.

Modified Paths

releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog
releases/WebKitGTK/webkit-2.12/LayoutTests/platform/gtk/TestExpectations
releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog
releases/WebKitGTK/webkit-2.12/Source/WebCore/editing/atk/FrameSelectionAtk.cpp

Diff

Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog (204813 => 204814)


--- releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog	2016-08-23 11:42:04 UTC (rev 204813)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog	2016-08-23 11:42:38 UTC (rev 204814)
@@ -1,3 +1,13 @@
+2016-07-04  Fujii Hironori  <[email protected]>
+
+        [GTK] Null Node dereference in FrameSelection::notifyAccessibilityForSelectionChange of FrameSelectionAtk.cpp
+        https://bugs.webkit.org/show_bug.cgi?id=159411
+
+        Reviewed by Carlos Garcia Campos.
+
+        * platform/gtk/TestExpectations: Removed a crash expectation of
+        editing/selection/selection-in-iframe-removed-crash.html.
+
 2016-07-14  Brent Fulgham  <[email protected]>
 
         editing/spelling/spellcheck-async.html sometimes crashes with GuardMalloc

Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/platform/gtk/TestExpectations (204813 => 204814)


--- releases/WebKitGTK/webkit-2.12/LayoutTests/platform/gtk/TestExpectations	2016-08-23 11:42:04 UTC (rev 204813)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/platform/gtk/TestExpectations	2016-08-23 11:42:38 UTC (rev 204814)
@@ -696,8 +696,6 @@
 webkit.org/b/110695 http/tests/security/cross-origin-local-storage.html [ Crash Pass ]
 webkit.org/b/110695 http/tests/security/cross-origin-plugin-allowed.html [ Crash Pass ]
 
-webkit.org/b/111451 [ Debug ] editing/selection/selection-in-iframe-removed-crash.html [ Crash Pass ]
-
 webkit.org/b/111902 [ Debug ] http/tests/security/XFrameOptions/x-frame-options-deny-multiple-clients.html [ Crash ]
 
 webkit.org/b/118422 [ Debug ] http/tests/security/XFrameOptions/x-frame-options-cached.html [ Crash Pass ]

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog (204813 => 204814)


--- releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog	2016-08-23 11:42:04 UTC (rev 204813)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog	2016-08-23 11:42:38 UTC (rev 204814)
@@ -1,3 +1,17 @@
+2016-07-04  Fujii Hironori  <[email protected]>
+
+        [GTK] Null Node dereference in FrameSelection::notifyAccessibilityForSelectionChange of FrameSelectionAtk.cpp
+        https://bugs.webkit.org/show_bug.cgi?id=159411
+
+        Reviewed by Carlos Garcia Campos.
+
+        Tests:
+            editing/selection/selection-in-iframe-removed-crash.html
+
+        * editing/atk/FrameSelectionAtk.cpp:
+        (WebCore::FrameSelection::notifyAccessibilityForSelectionChange):
+        Added a null check for the return value of containerNode().
+
 2016-07-14  Brent Fulgham  <[email protected]>
 
         editing/spelling/spellcheck-async.html sometimes crashes with GuardMalloc

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/editing/atk/FrameSelectionAtk.cpp (204813 => 204814)


--- releases/WebKitGTK/webkit-2.12/Source/WebCore/editing/atk/FrameSelectionAtk.cpp	2016-08-23 11:42:04 UTC (rev 204813)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/editing/atk/FrameSelectionAtk.cpp	2016-08-23 11:42:38 UTC (rev 204814)
@@ -94,12 +94,15 @@
     if (!m_selection.start().isNotNull() || !m_selection.end().isNotNull())
         return;
 
-    RenderObject* focusedNode = m_selection.end().containerNode()->renderer();
+    Node* focusedNode = m_selection.end().containerNode();
+    if (!focusedNode)
+        return;
+
     AXObjectCache* cache = m_frame->document()->existingAXObjectCache();
     if (!cache)
         return;
 
-    AccessibilityObject* accessibilityObject = cache->getOrCreate(focusedNode);
+    AccessibilityObject* accessibilityObject = cache->getOrCreate(focusedNode->renderer());
     if (!accessibilityObject)
         return;

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes