[webkit-changes] [173788] trunk/Source/WebKit2

Fri, 19 Sep 2014 20:08:55 -0700

Title: [173788] trunk/Source/WebKit2
Revision
173788
Author
[email protected]
Date
2014-09-19 20:07:59 -0700 (Fri, 19 Sep 2014)

Log Message

WebContent crash in WebKit::WebPage::expandedRangeFromHandle
https://bugs.webkit.org/show_bug.cgi?id=136969

Reviewed by David Kilzer.

The crash was caused by m_currentBlockSelection and frame.selection().selection().toNormalizedRange()
both being null and the subsequent lines of code assuming currentRange to be not null.

Replace the assertion by an early exit since the range could be null here.

In the future, we should figure out if there are other things we need to do in addition
to checking the nullity when this race condition is hit.

* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::computeExpandAndShrinkThresholdsForHandle):

Modified Paths

Diff

Modified: trunk/Source/WebKit2/ChangeLog (173787 => 173788)


--- trunk/Source/WebKit2/ChangeLog	2014-09-20 03:01:44 UTC (rev 173787)
+++ trunk/Source/WebKit2/ChangeLog	2014-09-20 03:07:59 UTC (rev 173788)
@@ -1,3 +1,21 @@
+2014-09-19  Ryosuke Niwa  <[email protected]>
+
+        WebContent crash in WebKit::WebPage::expandedRangeFromHandle
+        https://bugs.webkit.org/show_bug.cgi?id=136969
+
+        Reviewed by David Kilzer.
+
+        The crash was caused by m_currentBlockSelection and frame.selection().selection().toNormalizedRange()
+        both being null and the subsequent lines of code assuming currentRange to be not null.
+
+        Replace the assertion by an early exit since the range could be null here.
+
+        In the future, we should figure out if there are other things we need to do in addition
+        to checking the nullity when this race condition is hit.
+
+        * WebProcess/WebPage/ios/WebPageIOS.mm:
+        (WebKit::WebPage::computeExpandAndShrinkThresholdsForHandle):
+
 2014-09-19  Dean Jackson  <[email protected]>
 
         Multithreaded WebGL is a bad idea - remove it

Modified: trunk/Source/WebKit2/WebProcess/WebPage/ios/WebPageIOS.mm (173787 => 173788)


--- trunk/Source/WebKit2/WebProcess/WebPage/ios/WebPageIOS.mm	2014-09-20 03:01:44 UTC (rev 173787)
+++ trunk/Source/WebKit2/WebProcess/WebPage/ios/WebPageIOS.mm	2014-09-20 03:07:59 UTC (rev 173788)
@@ -1330,8 +1330,12 @@
 {
     Frame& frame = m_page->focusController().focusedOrMainFrame();
     RefPtr<Range> currentRange = m_currentBlockSelection ? m_currentBlockSelection.get() : frame.selection().selection().toNormalizedRange();
-    ASSERT(currentRange);
 
+    // FIXME: This used to be an assertion but there appears to be some race condition under which we get a null range.
+    // Should we do other things in addition to the null check here?
+    if (!currentRange)
+        return;
+
     RefPtr<Range> expandedRange = expandedRangeFromHandle(currentRange.get(), handlePosition);
     SelectionFlags flags;
     RefPtr<Range> contractedRange = contractedRangeFromHandle(currentRange.get(), handlePosition, flags);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to