Title: [224296] trunk/Source/WebCore
- Revision
- 224296
- Author
- rn...@webkit.org
- Date
- 2017-11-01 14:26:33 -0700 (Wed, 01 Nov 2017)
Log Message
innerText->renderBox() can be null in HTMLTextFormControlElement::setSelectionRange
https://bugs.webkit.org/show_bug.cgi?id=179103
Reviewed by Antti Koivisto.
Added a missing null check.
Unfortunately, no new tests since we don't have a working reproduction for trunk code.
* html/HTMLTextFormControlElement.cpp:
(WebCore::HTMLTextFormControlElement::setSelectionRange): Added a null check.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (224295 => 224296)
--- trunk/Source/WebCore/ChangeLog 2017-11-01 21:23:52 UTC (rev 224295)
+++ trunk/Source/WebCore/ChangeLog 2017-11-01 21:26:33 UTC (rev 224296)
@@ -1,3 +1,17 @@
+2017-11-01 Ryosuke Niwa <rn...@webkit.org>
+
+ innerText->renderBox() can be null in HTMLTextFormControlElement::setSelectionRange
+ https://bugs.webkit.org/show_bug.cgi?id=179103
+
+ Reviewed by Antti Koivisto.
+
+ Added a missing null check.
+
+ Unfortunately, no new tests since we don't have a working reproduction for trunk code.
+
+ * html/HTMLTextFormControlElement.cpp:
+ (WebCore::HTMLTextFormControlElement::setSelectionRange): Added a null check.
+
2017-11-01 Brady Eidson <beid...@apple.com>
Plumbing for handling SW scripts failing to evaluate
Modified: trunk/Source/WebCore/html/HTMLTextFormControlElement.cpp (224295 => 224296)
--- trunk/Source/WebCore/html/HTMLTextFormControlElement.cpp 2017-11-01 21:23:52 UTC (rev 224295)
+++ trunk/Source/WebCore/html/HTMLTextFormControlElement.cpp 2017-11-01 21:26:33 UTC (rev 224296)
@@ -293,7 +293,7 @@
auto innerText = innerTextElement();
bool hasFocus = document().focusedElement() == this;
if (!hasFocus && innerText) {
- // FIXME: Removing this synchronous layout requires fixing <https://webkit.org/b/128797>
+ // FIXME: Removing this synchronous layout requires fixing setSelectionWithoutUpdatingAppearance not needing up-to-date style.
document().updateLayoutIgnorePendingStylesheets();
// Double-check the state of innerTextElement after the layout.
@@ -301,7 +301,7 @@
auto* rendererTextControl = renderer();
if (innerText && rendererTextControl) {
- if (rendererTextControl->style().visibility() == HIDDEN || !innerText->renderBox()->height()) {
+ if (rendererTextControl->style().visibility() == HIDDEN || !innerText->renderBox() || !innerText->renderBox()->height()) {
cacheSelection(start, end, direction);
return;
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes