Skip to site navigation (Press enter)

[webkit-changes] [191597] trunk

commit-queue Mon, 26 Oct 2015 13:18:07 -0700

Title: [191597] trunk

Revision: 191597
Author: commit-qu...@webkit.org
Date: 2015-10-26 13:16:53 -0700 (Mon, 26 Oct 2015)

Log Message

Null dereference loading Blink layout test editing/execCommand/indent-inline-box-crash.html
https://bugs.webkit.org/show_bug.cgi?id=149290
<rdar://problem/22746435>


Patch by Jiewen Tan <jiewen_...@apple.com> on 2015-10-26
Reviewed by Alex Christensen.

Source/WebCore:

This is a merge of Blink r174952:
https://codereview.chromium.org/297203004

Test: editing/execCommand/indent-inline-box-crash.html

* editing/IndentOutdentCommand.cpp:
(WebCore::IndentOutdentCommand::tryIndentingAsListItem):

LayoutTests:

* editing/execCommand/indent-inline-box-crash-expected.txt: Added.
* editing/execCommand/indent-inline-box-crash.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/editing/IndentOutdentCommand.cpp

Added Paths

trunk/LayoutTests/editing/execCommand/indent-inline-box-crash-expected.txt
trunk/LayoutTests/editing/execCommand/indent-inline-box-crash.html

Diff

Modified: trunk/LayoutTests/ChangeLog (191596 => 191597)


--- trunk/LayoutTests/ChangeLog	2015-10-26 20:08:19 UTC (rev 191596)
+++ trunk/LayoutTests/ChangeLog	2015-10-26 20:16:53 UTC (rev 191597)
@@ -1,5 +1,16 @@
 2015-10-26  Jiewen Tan  <jiewen_...@apple.com>
 
+        Null dereference loading Blink layout test editing/execCommand/indent-inline-box-crash.html
+        https://bugs.webkit.org/show_bug.cgi?id=149290
+        <rdar://problem/22746435>
+
+        Reviewed by Alex Christensen.
+
+        * editing/execCommand/indent-inline-box-crash-expected.txt: Added.
+        * editing/execCommand/indent-inline-box-crash.html: Added.
+
+2015-10-26  Jiewen Tan  <jiewen_...@apple.com>
+
         Null dereference loading Blink layout test editing/execCommand/indent-no-visible-contents-crash.html
         https://bugs.webkit.org/show_bug.cgi?id=149292
         <rdar://problem/22746530>

Added: trunk/LayoutTests/editing/execCommand/indent-inline-box-crash-expected.txt (0 => 191597)


--- trunk/LayoutTests/editing/execCommand/indent-inline-box-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/editing/execCommand/indent-inline-box-crash-expected.txt	2015-10-26 20:16:53 UTC (rev 191597)
@@ -0,0 +1 @@
+Pass if not crash.

Added: trunk/LayoutTests/editing/execCommand/indent-inline-box-crash.html (0 => 191597)


--- trunk/LayoutTests/editing/execCommand/indent-inline-box-crash.html	                        (rev 0)
+++ trunk/LayoutTests/editing/execCommand/indent-inline-box-crash.html	2015-10-26 20:16:53 UTC (rev 191597)
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<head>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+
+_onload_ = function () {
+    document.designMode = 'on';
+    document.execCommand('SelectAll')
+    document.execCommand('Indent');
+    document.body.textContent = 'Pass if not crash.';
+};
+</script>
+</head>
+<body style="display: -webkit-inline-box">
+<ol style="display: -webkit-inline-box">
+<br>
+foo
+</ol>
+</body>
+</html>

Modified: trunk/Source/WebCore/ChangeLog (191596 => 191597)


--- trunk/Source/WebCore/ChangeLog	2015-10-26 20:08:19 UTC (rev 191596)
+++ trunk/Source/WebCore/ChangeLog	2015-10-26 20:16:53 UTC (rev 191597)
@@ -1,5 +1,21 @@
 2015-10-26  Jiewen Tan  <jiewen_...@apple.com>
 
+        Null dereference loading Blink layout test editing/execCommand/indent-inline-box-crash.html
+        https://bugs.webkit.org/show_bug.cgi?id=149290
+        <rdar://problem/22746435>
+
+        Reviewed by Alex Christensen.
+
+        This is a merge of Blink r174952:
+        https://codereview.chromium.org/297203004
+
+        Test: editing/execCommand/indent-inline-box-crash.html
+
+        * editing/IndentOutdentCommand.cpp:
+        (WebCore::IndentOutdentCommand::tryIndentingAsListItem):
+
+2015-10-26  Jiewen Tan  <jiewen_...@apple.com>
+
         Null dereference loading Blink layout test editing/execCommand/indent-no-visible-contents-crash.html
         https://bugs.webkit.org/show_bug.cgi?id=149292
         <rdar://problem/22746530>

Modified: trunk/Source/WebCore/editing/IndentOutdentCommand.cpp (191596 => 191597)


--- trunk/Source/WebCore/editing/IndentOutdentCommand.cpp	2015-10-26 20:08:19 UTC (rev 191596)
+++ trunk/Source/WebCore/editing/IndentOutdentCommand.cpp	2015-10-26 20:16:53 UTC (rev 191597)
@@ -65,8 +65,7 @@
     // Find the block that we want to indent.  If it's not a list item (e.g., a div inside a list item), we bail out.
     RefPtr<Element> selectedListItem = enclosingBlock(lastNodeInSelectedParagraph);
 
-    // FIXME: we need to deal with the case where there is no li (malformed HTML)
-    if (!selectedListItem->hasTagName(liTag))
+    if (!selectedListItem || !selectedListItem->hasTagName(liTag))
         return false;
     
     // FIXME: previousElementSibling does not ignore non-rendered content like <span></span>.  Should we?

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes