Fix fast/ruby/ruby-base-merge-block-children-crash-2.html after r239543
authorwenson_hsieh@apple.com <wenson_hsieh@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 23 Dec 2018 23:51:30 +0000 (23:51 +0000)
committerwenson_hsieh@apple.com <wenson_hsieh@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 23 Dec 2018 23:51:30 +0000 (23:51 +0000)
https://bugs.webkit.org/show_bug.cgi?id=193015
<rdar://problem/46583527>

Reviewed by Tim Horton.

Fix the crash by gracefully handling integer overflow when computing the area of a very large editable element.

* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView _elementDidFocus:userIsInteracting:blurPreviousNode:changingActivityState:userObject:]):
(-[WKContentView _updateChangedSelection:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239546 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm

index 7c3f3e2..57623fa 100644 (file)
@@ -1,3 +1,17 @@
+2018-12-23  Wenson Hsieh  <wenson_hsieh@apple.com>
+
+        Fix fast/ruby/ruby-base-merge-block-children-crash-2.html after r239543
+        https://bugs.webkit.org/show_bug.cgi?id=193015
+        <rdar://problem/46583527>
+
+        Reviewed by Tim Horton.
+
+        Fix the crash by gracefully handling integer overflow when computing the area of a very large editable element.
+
+        * UIProcess/ios/WKContentViewInteraction.mm:
+        (-[WKContentView _elementDidFocus:userIsInteracting:blurPreviousNode:changingActivityState:userObject:]):
+        (-[WKContentView _updateChangedSelection:]):
+
 2018-12-22  Wenson Hsieh  <wenson_hsieh@apple.com>
 
         [iOS] Suppress native selection behaviors when focusing a very small editable element
index 502ac79..b71543c 100644 (file)
@@ -4476,7 +4476,8 @@ static const double minimumFocusedElementAreaForSuppressingSelectionAssistant =
     else
         [self _stopSuppressingSelectionAssistantForReason:WebKit::FocusedElementIsTransparent];
 
-    if (information.elementRect.area() < minimumFocusedElementAreaForSuppressingSelectionAssistant)
+    auto elementArea = information.elementRect.area<RecordOverflow>();
+    if (!elementArea.hasOverflowed() && elementArea < minimumFocusedElementAreaForSuppressingSelectionAssistant)
         [self _beginSuppressingSelectionAssistantForReason:WebKit::FocusedElementIsTooSmall];
     else
         [self _stopSuppressingSelectionAssistantForReason:WebKit::FocusedElementIsTooSmall];
@@ -5013,7 +5014,8 @@ static const double minimumFocusedElementAreaForSuppressingSelectionAssistant =
         else
             [self _stopSuppressingSelectionAssistantForReason:WebKit::FocusedElementIsTransparent];
 
-        if (postLayoutData.focusedElementRect.area() < minimumFocusedElementAreaForSuppressingSelectionAssistant)
+        auto elementArea = postLayoutData.focusedElementRect.area<RecordOverflow>();
+        if (!elementArea.hasOverflowed() && elementArea < minimumFocusedElementAreaForSuppressingSelectionAssistant)
             [self _beginSuppressingSelectionAssistantForReason:WebKit::FocusedElementIsTooSmall];
         else
             [self _stopSuppressingSelectionAssistantForReason:WebKit::FocusedElementIsTooSmall];