REGRESSION (r236785): Nullptr crash in StyledMarkupAccumulator::traverseNodesForSeria...
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 24 Nov 2018 02:17:30 +0000 (02:17 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 24 Nov 2018 02:17:30 +0000 (02:17 +0000)
commiteee152d96f52169ec65f8b288228fba36f5414a6
treebf4615111a31b1b30248721557d168d81d04eb1e
parent081746923be39a9c89316e910b505ccd84f6af71
REGRESSION (r236785): Nullptr crash in StyledMarkupAccumulator::traverseNodesForSerialization
https://bugs.webkit.org/show_bug.cgi?id=191921

Reviewed by Dean Jackson.

Source/WebCore:

The bug was caused by traverseNodesForSerialization not being able to traverse past the end of shadow root
when skipping children of a node for which enterNode returns false because  it was using NodeTraversal's
nextSkippingChildren instead of a member function which supports traversing the composed tree.

Fixed the crash by using variant of nextSkippingChildren which knows how to traverse past the last node
in a shadow tree. Also added more assertions to help debug issues like this in the future.

Test: editing/pasteboard/copy-paste-across-shadow-boundaries-5.html

* editing/markup.cpp:
(WebCore::StyledMarkupAccumulator::traverseNodesForSerialization):

LayoutTests:

Added a regression test.

* editing/pasteboard/copy-paste-across-shadow-boundaries-5-expected.txt: Added.
* editing/pasteboard/copy-paste-across-shadow-boundaries-5.html: Added.
* platform/ios/editing/pasteboard/copy-paste-across-shadow-boundaries-5-expected.txt: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@238465 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/editing/pasteboard/copy-paste-across-shadow-boundaries-5-expected.txt [new file with mode: 0644]
LayoutTests/editing/pasteboard/copy-paste-across-shadow-boundaries-5.html [new file with mode: 0644]
LayoutTests/platform/ios/editing/pasteboard/copy-paste-across-shadow-boundaries-5-expected.txt [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/editing/markup.cpp