Dragging image with a border-image larger than the image element crashes
authorwenson_hsieh@apple.com <wenson_hsieh@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 19 Nov 2018 16:31:22 +0000 (16:31 +0000)
committerwenson_hsieh@apple.com <wenson_hsieh@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 19 Nov 2018 16:31:22 +0000 (16:31 +0000)
commit93e4d529c55c1284745ebcfdb669f3651b9dad26
tree0cb5908ed13336b93ea69a1172d0d6ef12194f8d
parentf500b4ecb1b62485c49fa0914c82f1f0cf57da55
Dragging image with a border-image larger than the image element crashes
https://bugs.webkit.org/show_bug.cgi?id=191817
<rdar://problem/46159222>

Reviewed by Ryosuke Niwa.

Source/WebCore:

When dragging an image element, if the image element has:

(1) box-sizing: border-box;
(2) a border-image
(3) a border-top-width that is at least as large as the height of the element and/or a border-left-width that is
    at least as large as the width of the element

...then upon drag, we will fail to create a suitable drag image using the bounding box of the image element
since the size is empty, thereby causing a crash. To fix this, we bail out of this bounding-rect-dependent
codepath for generating a drag image in the case where the bounding rect is empty, and instead fall back to an
icon representation for the drag image.

Test: fast/events/drag-image-with-border-image.html

* page/DragController.cpp:
(WebCore::DragController::doImageDrag):

LayoutTests:

Verifies that an image that meets the pathological criteria described in Source/WebCore/ChangeLog can still be
dragged and dropped into an editable area.

* fast/events/drag-image-with-border-image.html: Added.
* platform/gtk/TestExpectations:
* platform/ios/TestExpectations:
* platform/mac-wk2/TestExpectations:
* platform/wpe/TestExpectations:

Enable this test only in WebKit1.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@238375 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/events/drag-image-with-border-image-expected.txt [new file with mode: 0644]
LayoutTests/fast/events/drag-image-with-border-image.html [new file with mode: 0644]
LayoutTests/platform/gtk/TestExpectations
LayoutTests/platform/ios/TestExpectations
LayoutTests/platform/mac-wk2/TestExpectations
LayoutTests/platform/wpe/TestExpectations
Source/WebCore/ChangeLog
Source/WebCore/page/DragController.cpp