Crashes in WebCore::ApplyStyleCommand.doApply()
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 9 Sep 2011 09:02:36 +0000 (09:02 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 9 Sep 2011 09:02:36 +0000 (09:02 +0000)
https://bugs.webkit.org/show_bug.cgi?id=67765

Patch by Shinya Kawanaka <shinyak@google.com> on 2011-09-09
Reviewed by Ryosuke Niwa.

WebCore::enclosingBlock may return null, but ApplyStyleCommand::applyBlockStyle did not check it. This patch make it to be checked.

Source/WebCore:

Test: editing/style/remove-format-without-enclosing-block.html

* editing/ApplyStyleCommand.cpp:
(WebCore::ApplyStyleCommand::applyBlockStyle): Added null check.

LayoutTests:

* editing/style/remove-format-without-enclosing-block-expected.txt: Added.
* editing/style/remove-format-without-enclosing-block.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@94840 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/editing/style/remove-format-without-enclosing-block-expected.txt [new file with mode: 0644]
LayoutTests/editing/style/remove-format-without-enclosing-block.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/editing/ApplyStyleCommand.cpp

index 56f495e..398cd51 100644 (file)
@@ -1,3 +1,15 @@
+2011-09-09  Shinya Kawanaka  <shinyak@google.com>
+
+        Crashes in WebCore::ApplyStyleCommand.doApply()
+        https://bugs.webkit.org/show_bug.cgi?id=67765
+
+        Reviewed by Ryosuke Niwa.
+
+        WebCore::enclosingBlock may return null, but ApplyStyleCommand::applyBlockStyle did not check it. This patch make it to be checked.
+
+        * editing/style/remove-format-without-enclosing-block-expected.txt: Added.
+        * editing/style/remove-format-without-enclosing-block.html: Added.
+
 2011-09-09  Ilya Tikhonovsky  <loislo@chromium.org>
 
         Unreviewed. Update test expectations for hyphenate-limit-lines.html.
diff --git a/LayoutTests/editing/style/remove-format-without-enclosing-block-expected.txt b/LayoutTests/editing/style/remove-format-without-enclosing-block-expected.txt
new file mode 100644 (file)
index 0000000..f5292a9
--- /dev/null
@@ -0,0 +1,4 @@
+AexecCommand("RemoveFormat") was crashing when there is no enclosing block.
+The test has passed if it does not crash.
+
+PASS
diff --git a/LayoutTests/editing/style/remove-format-without-enclosing-block.html b/LayoutTests/editing/style/remove-format-without-enclosing-block.html
new file mode 100644 (file)
index 0000000..74983f1
--- /dev/null
@@ -0,0 +1,12 @@
+<card id="edit" contentEditable="true">A<script>
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+edit.focus();
+document.execCommand("SelectAll");
+document.execCommand("RemoveFormat");
+
+document.writeln('execCommand("RemoveFormat") was crashing when there is no enclosing block.<br>');
+document.writeln('The test has passed if it does not crash.<br><br>')
+document.writeln('PASS');
+</script>
index 73146ee..65be650 100644 (file)
@@ -1,3 +1,17 @@
+2011-09-09  Shinya Kawanaka  <shinyak@google.com>
+
+        Crashes in WebCore::ApplyStyleCommand.doApply()
+        https://bugs.webkit.org/show_bug.cgi?id=67765
+
+        Reviewed by Ryosuke Niwa.
+
+        WebCore::enclosingBlock may return null, but ApplyStyleCommand::applyBlockStyle did not check it. This patch make it to be checked.
+
+        Test: editing/style/remove-format-without-enclosing-block.html
+
+        * editing/ApplyStyleCommand.cpp:
+        (WebCore::ApplyStyleCommand::applyBlockStyle): Added null check.
+
 2011-09-09  James Simonsen  <simonjam@chromium.org>
 
         [Chromium] Fix leak of Skia stream with custom CSS fonts
index c4476d0..25ff28d 100644 (file)
@@ -281,8 +281,8 @@ void ApplyStyleCommand::applyBlockStyle(EditingStyle *style)
                 if (newBlock)
                     block = newBlock;
             }
-            ASSERT(block->isHTMLElement());
-            if (block->isHTMLElement()) {
+            ASSERT(!block || block->isHTMLElement());
+            if (block && block->isHTMLElement()) {
                 removeCSSStyle(style, toHTMLElement(block.get()));
                 if (!m_removeOnly)
                     addBlockStyle(styleChange, toHTMLElement(block.get()));