2010-11-01 Ryosuke Niwa <rniwa@webkit.org>
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 4 Nov 2010 00:14:01 +0000 (00:14 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 4 Nov 2010 00:14:01 +0000 (00:14 +0000)
commit4fbb0b9dc054bbe7c2e02c0afdc739f0e6041455
treed1fdd05a96d03fdce19f80a6852856aabaaf6390
parentf5b6265f15ef1614bdb1d472b69b07d09d923481
2010-11-01  Ryosuke Niwa  <rniwa@webkit.org>

        Reviewed by Darin Adler.

        Crash in ApplyStyleCommand::removeStyleFromRunBeforeApplyingStyle
        https://bugs.webkit.org/show_bug.cgi?id=48581

        The crash was caused by RemoveNodePreservingChildrenCommand's calling removeNode
        on m_node without checking that m_node has a parent and it's still in the document.
        Fixed the crash by adding an early exit in CompositeEditCommand::removeNode and
        deploying RefPtr in several places of ApplyStyleCommand.cpp.

        Test: editing/style/iframe-onload-crash.html

        * editing/ApplyStyleCommand.cpp:
        (WebCore::ApplyStyleCommand::applyInlineStyleToNodeRange):
        (WebCore::ApplyStyleCommand::removeStyleFromRunBeforeApplyingStyle):
        (WebCore::ApplyStyleCommand::removeInlineStyleFromElement):
        * editing/ApplyStyleCommand.h:
        * editing/CompositeEditCommand.cpp:
        (WebCore::CompositeEditCommand::removeNode):
2010-10-29  Ryosuke Niwa  <rniwa@webkit.org>

        Reviewed by Darin Adler.

        Crash in ApplyStyleCommand::removeStyleFromRunBeforeApplyingStyle
        https://bugs.webkit.org/show_bug.cgi?id=48581

        Added a test to ensure removeStyleFromRunBeforeApplyingStyle doesn't crash.

        * editing/style/iframe-onload-crash-expected.txt: Added.
        * editing/style/iframe-onload-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@71288 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/editing/style/iframe-onload-crash-expected.txt [new file with mode: 0644]
LayoutTests/editing/style/iframe-onload-crash.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/editing/ApplyStyleCommand.cpp
WebCore/editing/ApplyStyleCommand.h
WebCore/editing/CompositeEditCommand.cpp