[webkit-changes] [137642] trunk/Source/WebCore

Thu, 13 Dec 2012 12:55:10 -0800

Title: [137642] trunk/Source/WebCore
Revision
137642
Author
rn...@webkit.org
Date
2012-12-13 12:56:56 -0800 (Thu, 13 Dec 2012)

Log Message

REGRESSION(r137406): NodeTraversal changes causing large renderer crash
https://bugs.webkit.org/show_bug.cgi?id=104937

Reviewed by Antti Koivisto.

Add a null pointer check to exit early since ElementTraversal::next assumes a non-null pointer.

No new tests since I don't think this function is ever exposed to any ES5 bindings.

* editing/FrameSelection.cpp:
(WebCore::scanForForm):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (137641 => 137642)


--- trunk/Source/WebCore/ChangeLog	2012-12-13 20:54:57 UTC (rev 137641)
+++ trunk/Source/WebCore/ChangeLog	2012-12-13 20:56:56 UTC (rev 137642)
@@ -1,3 +1,17 @@
+2012-12-13  Ryosuke Niwa  <rn...@webkit.org>
+
+        REGRESSION(r137406): NodeTraversal changes causing large renderer crash
+        https://bugs.webkit.org/show_bug.cgi?id=104937
+
+        Reviewed by Antti Koivisto.
+
+        Add a null pointer check to exit early since ElementTraversal::next assumes a non-null pointer.
+
+        No new tests since I don't think this function is ever exposed to any ES5 bindings.
+
+        * editing/FrameSelection.cpp:
+        (WebCore::scanForForm):
+
 2012-12-13  David Grogan  <dgro...@chromium.org>
 
         IndexedDB: Improve error messages

Modified: trunk/Source/WebCore/editing/FrameSelection.cpp (137641 => 137642)


--- trunk/Source/WebCore/editing/FrameSelection.cpp	2012-12-13 20:54:57 UTC (rev 137641)
+++ trunk/Source/WebCore/editing/FrameSelection.cpp	2012-12-13 20:56:56 UTC (rev 137642)
@@ -1953,7 +1953,9 @@
 // Scans logically forward from "start", including any child frames.
 static HTMLFormElement* scanForForm(Node* start)
 {
-    Element* element = start && start->isElementNode() ? toElement(start) : ElementTraversal::next(start);
+    if (!start)
+        return 0;
+    Element* element = start->isElementNode() ? toElement(start) : ElementTraversal::next(start);
     for (; element; element = ElementTraversal::next(element)) {
         if (element->hasTagName(formTag))
             return static_cast<HTMLFormElement*>(element);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to