[webkit-changes] [259939] trunk

Sat, 11 Apr 2020 20:13:46 -0700

Title: [259939] trunk
Revision
259939
Author
shihchieh_...@apple.com
Date
2020-04-11 20:13:17 -0700 (Sat, 11 Apr 2020)

Log Message

Infinite loop in InsertListCommand::doApply()
https://bugs.webkit.org/show_bug.cgi?id=210354
<rdar://problem/61427778>

Reviewed by Darin Adler.

Source/WebCore:

Function startOfNextParagraph may return an empty position. Added null check to exit the while loop
and stop looking for next paragraph.

Test: editing/inserting/insert-list-end-of-table.html

* editing/InsertListCommand.cpp:
(WebCore::InsertListCommand::doApply):

LayoutTests:

Added a regression test for the crash.

* editing/inserting/insert-list-end-of-table-expected.txt: Added.
* editing/inserting/insert-list-end-of-table.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (259938 => 259939)


--- trunk/LayoutTests/ChangeLog	2020-04-12 00:43:53 UTC (rev 259938)
+++ trunk/LayoutTests/ChangeLog	2020-04-12 03:13:17 UTC (rev 259939)
@@ -1,3 +1,16 @@
+2020-04-11  Jack Lee  <shihchieh_...@apple.com>
+
+        Infinite loop in InsertListCommand::doApply()
+        https://bugs.webkit.org/show_bug.cgi?id=210354
+        <rdar://problem/61427778>
+
+        Reviewed by Darin Adler.
+
+        Added a regression test for the crash.
+
+        * editing/inserting/insert-list-end-of-table-expected.txt: Added.
+        * editing/inserting/insert-list-end-of-table.html: Added.
+
 2020-04-11  Simon Fraser  <simon.fra...@apple.com>
 
         [Async overflow] Can't scroll overflow:scroll in sideways-scrollable RTL document

Added: trunk/LayoutTests/editing/inserting/insert-list-end-of-table-expected.txt (0 => 259939)


--- trunk/LayoutTests/editing/inserting/insert-list-end-of-table-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/editing/inserting/insert-list-end-of-table-expected.txt	2020-04-12 03:13:17 UTC (rev 259939)
@@ -0,0 +1 @@
+Tests inserting list at the end of a table. The test passes if WebKit doesn't crash or hit an assertion.

Added: trunk/LayoutTests/editing/inserting/insert-list-end-of-table.html (0 => 259939)


--- trunk/LayoutTests/editing/inserting/insert-list-end-of-table.html	                        (rev 0)
+++ trunk/LayoutTests/editing/inserting/insert-list-end-of-table.html	2020-04-12 03:13:17 UTC (rev 259939)
@@ -0,0 +1,18 @@
+<script>
+    if (window.testRunner) {
+        testRunner.dumpAsText();
+        testRunner.waitUntilDone();
+    }
+
+    window._onload_ = () => {
+        window.getSelection().setBaseAndExtent(TH,1,SPAN,0);
+        document.execCommand("insertUnorderedList", false);
+
+        requestAnimationFrame(function () {
+            document.body.innerHTML = "<p> Tests inserting list at the end of a table. The test passes if WebKit doesn't crash or hit an assertion.</p>";
+            if (window.testRunner)
+                testRunner.notifyDone();
+        });
+    }
+</script>
+<body contenteditable="true"><table><select></select><th id=TH>a</th><span id=SPAN></span></table></body>

Modified: trunk/Source/WebCore/ChangeLog (259938 => 259939)


--- trunk/Source/WebCore/ChangeLog	2020-04-12 00:43:53 UTC (rev 259938)
+++ trunk/Source/WebCore/ChangeLog	2020-04-12 03:13:17 UTC (rev 259939)
@@ -1,3 +1,19 @@
+2020-04-11  Jack Lee  <shihchieh_...@apple.com>
+
+        Infinite loop in InsertListCommand::doApply()
+        https://bugs.webkit.org/show_bug.cgi?id=210354
+        <rdar://problem/61427778>
+
+        Reviewed by Darin Adler.
+
+        Function startOfNextParagraph may return an empty position. Added null check to exit the while loop
+        and stop looking for next paragraph.
+
+        Test: editing/inserting/insert-list-end-of-table.html
+
+        * editing/InsertListCommand.cpp:
+        (WebCore::InsertListCommand::doApply):
+
 2020-04-11  Wenson Hsieh  <wenson_hs...@apple.com>
 
         [macOS] [WK1] Touch Bar flashes when typing in Vietnamese in Mail

Modified: trunk/Source/WebCore/editing/InsertListCommand.cpp (259938 => 259939)


--- trunk/Source/WebCore/editing/InsertListCommand.cpp	2020-04-12 00:43:53 UTC (rev 259938)
+++ trunk/Source/WebCore/editing/InsertListCommand.cpp	2020-04-12 03:13:17 UTC (rev 259939)
@@ -145,7 +145,7 @@
 
                 RefPtr<Range> currentSelection = endingSelection().firstRange();
                 VisiblePosition startOfCurrentParagraph = startOfSelection;
-                while (!inSameParagraph(startOfCurrentParagraph, startOfLastParagraph, CanCrossEditingBoundary)) {
+                while (!startOfCurrentParagraph.isNull() && !inSameParagraph(startOfCurrentParagraph, startOfLastParagraph, CanCrossEditingBoundary)) {
                     // doApply() may operate on and remove the last paragraph of the selection from the document
                     // if it's in the same list item as startOfCurrentParagraph. Return early to avoid an
                     // infinite loop and because there is no more work to be done.

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to