Character iterators should not advance if they are at end
authorleandrogracia@chromium.org <leandrogracia@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 5 Jul 2012 20:03:40 +0000 (20:03 +0000)
committerleandrogracia@chromium.org <leandrogracia@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 5 Jul 2012 20:03:40 +0000 (20:03 +0000)
commit872d5114ad543712de34a556ae2ce697b0775d97
tree2164102d2dc93daa7b8dc06ffe7a53bef19f2607
parent9f6cedbe6281c4541e8ad45b1586e1d35cb09b23
Character iterators should not advance if they are at end
https://bugs.webkit.org/show_bug.cgi?id=90560

Reviewed by Ryosuke Niwa.

Source/WebCore:

CharacterIterator and BackwardsCharacterIterator try to advance their
internal TextIterator without checking if they already are at end.
This can cause crashes in TextIterator::advance.

Test: platform/chromium/editing/surrounding-text/surrounding-text.html

* editing/SurroundingText.cpp:
(WebCore::SurroundingText::SurroundingText):
* editing/TextIterator.cpp:
(WebCore::CharacterIterator::advance):
(WebCore::BackwardsCharacterIterator::advance):

LayoutTests:

Add a new test case where character iterators are already at end when
trying to advance. This was caught by Chromium's address sanitizer
here: http://code.google.com/p/chromium/issues/detail?id=135705

* platform/chromium/editing/surrounding-text/surrounding-text-expected.txt:
* platform/chromium/editing/surrounding-text/surrounding-text.html:

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@121921 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/platform/chromium/editing/surrounding-text/surrounding-text-expected.txt
LayoutTests/platform/chromium/editing/surrounding-text/surrounding-text.html
Source/WebCore/ChangeLog
Source/WebCore/editing/SurroundingText.cpp
Source/WebCore/editing/TextIterator.cpp