[iOS] Crash when changing inputmode for certain types of focusable elements
authorwenson_hsieh@apple.com <wenson_hsieh@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 31 Mar 2019 20:01:44 +0000 (20:01 +0000)
committerwenson_hsieh@apple.com <wenson_hsieh@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 31 Mar 2019 20:01:44 +0000 (20:01 +0000)
commite8719c85661b2ccd4a317ba5ba406546ad19c093
tree5d6c4d6c09070f52e863476fa080e8ec516f895c
parentf8f86f50ce7cb0b2970a384e2d15739b21fe72d2
[iOS] Crash when changing inputmode for certain types of focusable elements
https://bugs.webkit.org/show_bug.cgi?id=196431
<rdar://problem/49454962>

Reviewed by Tim Horton.

Source/WebKit:

The crash is happening because WebPage::focusedElementDidChangeInputMode assumes that the document's focused
element must be the same as m_focusedElement in WebPage. However, this is not the case, since m_focusedElement
is only set for certain types of elements that require user input (e.g. text fields, editable content, select
menus, etc.). The function then attempts to dereference m_focusedElement, which may be null if the document's
focused element doesn't fall into one of the aforementioned categories.

To fix this, bail if the element that is changing inputmode is not equal to the WebPage's current focused
element. See below for more details.

Test: fast/forms/change-inputmode-crash.html

* WebProcess/WebPage/WebPage.cpp:
(WebKit::isTextFormControlOrEditableContent):

Clean up some existing logic by introducing a helper method for determining whether an element should
propagate inputmode attribute changes to the UI process. Also, check the element type using type traits instead
of checking against the tag name.

(WebKit::WebPage::elementDidFocus):
(WebKit::WebPage::focusedElementDidChangeInputMode):

LayoutTests:

Add a layout test that exercises the edge case; see WebKit ChangeLogs for more details.

* fast/forms/change-inputmode-crash-expected.txt: Added.
* fast/forms/change-inputmode-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243684 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/fast/forms/change-inputmode-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/forms/change-inputmode-crash.html [new file with mode: 0644]
Source/WebKit/ChangeLog
Source/WebKit/WebProcess/WebPage/WebPage.cpp