Title: [224296] trunk/Source/WebCore
Revision
224296
Author
rn...@webkit.org
Date
2017-11-01 14:26:33 -0700 (Wed, 01 Nov 2017)

Log Message

innerText->renderBox() can be null in HTMLTextFormControlElement::setSelectionRange
https://bugs.webkit.org/show_bug.cgi?id=179103

Reviewed by Antti Koivisto.

Added a missing null check.

Unfortunately, no new tests since we don't have a working reproduction for trunk code.

* html/HTMLTextFormControlElement.cpp:
(WebCore::HTMLTextFormControlElement::setSelectionRange): Added a null check.

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (224295 => 224296)


--- trunk/Source/WebCore/ChangeLog	2017-11-01 21:23:52 UTC (rev 224295)
+++ trunk/Source/WebCore/ChangeLog	2017-11-01 21:26:33 UTC (rev 224296)
@@ -1,3 +1,17 @@
+2017-11-01  Ryosuke Niwa  <rn...@webkit.org>
+
+        innerText->renderBox() can be null in HTMLTextFormControlElement::setSelectionRange
+        https://bugs.webkit.org/show_bug.cgi?id=179103
+
+        Reviewed by Antti Koivisto.
+
+        Added a missing null check.
+
+        Unfortunately, no new tests since we don't have a working reproduction for trunk code.
+
+        * html/HTMLTextFormControlElement.cpp:
+        (WebCore::HTMLTextFormControlElement::setSelectionRange): Added a null check.
+
 2017-11-01  Brady Eidson  <beid...@apple.com>
 
         Plumbing for handling SW scripts failing to evaluate

Modified: trunk/Source/WebCore/html/HTMLTextFormControlElement.cpp (224295 => 224296)


--- trunk/Source/WebCore/html/HTMLTextFormControlElement.cpp	2017-11-01 21:23:52 UTC (rev 224295)
+++ trunk/Source/WebCore/html/HTMLTextFormControlElement.cpp	2017-11-01 21:26:33 UTC (rev 224296)
@@ -293,7 +293,7 @@
     auto innerText = innerTextElement();
     bool hasFocus = document().focusedElement() == this;
     if (!hasFocus && innerText) {
-        // FIXME: Removing this synchronous layout requires fixing <https://webkit.org/b/128797>
+        // FIXME: Removing this synchronous layout requires fixing setSelectionWithoutUpdatingAppearance not needing up-to-date style.
         document().updateLayoutIgnorePendingStylesheets();
 
         // Double-check the state of innerTextElement after the layout.
@@ -301,7 +301,7 @@
         auto* rendererTextControl = renderer();
 
         if (innerText && rendererTextControl) {
-            if (rendererTextControl->style().visibility() == HIDDEN || !innerText->renderBox()->height()) {
+            if (rendererTextControl->style().visibility() == HIDDEN || !innerText->renderBox() || !innerText->renderBox()->height()) {
                 cacheSelection(start, end, direction);
                 return;
             }
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to