[GTK][WPE] Web process crash when IM tries to delete surrounding text
authorcarlosgc@webkit.org <carlosgc@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 16 Jan 2020 14:47:40 +0000 (14:47 +0000)
committercarlosgc@webkit.org <carlosgc@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 16 Jan 2020 14:47:40 +0000 (14:47 +0000)
https://bugs.webkit.org/show_bug.cgi?id=206352

Reviewed by Adrian Perez de Castro.

TextIterator::rangeFromLocationAndLength() can return nullptr when the start of the range can't be found.

* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::deleteSurrounding): Return early if selectionRange is nullptr.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@254677 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/WebProcess/WebPage/WebPage.cpp

index 494c114..16aa382 100644 (file)
@@ -1,3 +1,15 @@
+2020-01-16  Carlos Garcia Campos  <cgarcia@igalia.com>
+
+        [GTK][WPE] Web process crash when IM tries to delete surrounding text
+        https://bugs.webkit.org/show_bug.cgi?id=206352
+
+        Reviewed by Adrian Perez de Castro.
+
+        TextIterator::rangeFromLocationAndLength() can return nullptr when the start of the range can't be found.
+
+        * WebProcess/WebPage/WebPage.cpp:
+        (WebKit::WebPage::deleteSurrounding): Return early if selectionRange is nullptr.
+
 2020-01-16  Cathie Chen  <cathiechen@igalia.com>
 
         Mapping HTML attributes width/height to the default aspect ratio of <img>
index 8ccbc85..e3ea52c 100644 (file)
@@ -5412,6 +5412,8 @@ void WebPage::deleteSurrounding(int64_t offset, unsigned characterCount)
     auto cursorPosition = TextIterator::rangeLength(paragraphRange.get());
     auto& rootNode = paragraphRange->startContainer().treeScope().rootNode();
     auto selectionRange = TextIterator::rangeFromLocationAndLength(&rootNode, cursorPosition + offset, characterCount);
+    if (!selectionRange)
+        return;
 
     targetFrame->editor().setIgnoreSelectionChanges(true);
     targetFrame->selection().setSelection(VisibleSelection(*selectionRange, SEL_DEFAULT_AFFINITY));