Fixed crash loading Mozilla layout test editor/libeditor/crashtests/431086-1.xhtml.
authorbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 11 Nov 2015 01:32:10 +0000 (01:32 +0000)
committerbfulgham@apple.com <bfulgham@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 11 Nov 2015 01:32:10 +0000 (01:32 +0000)
https://bugs.webkit.org/show_bug.cgi?id=150252
<rdar://problem/23149470>

Patch by Pranjal Jumde <pjumde@apple.com> on 2015-11-10
Reviewed by Brent Fulgham.

* Source/WebCore/editing/ios/EditorIOS.mm
* Source/WebCore/editing/mac/EditorMac.mm
  In Editor::fontForSelection moved the node removal code, so that the
  node is only removed if style is not NULL.
* Source/WebCore/editing/cocoa/EditorCocoa.mm
  In Editor::styleForSelectionStart checking if the parentNode can
  accept the styleElement node.
* LayoutTests/editing/execCommand/150252.xhtml
* LayoutTests/editing/execCommand/150252_minimal.xhtml
* LayoutTests/editing/execCommand/150252-expected.txt
* LayoutTests/editing/execCommand/150252_minimal-expected.txt

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@192285 268f45cc-cd09-0410-ab3c-d52691b4dbfc

ChangeLog
LayoutTests/editing/execCommand/150252-expected.txt [new file with mode: 0644]
LayoutTests/editing/execCommand/150252.xhtml [new file with mode: 0644]
LayoutTests/editing/execCommand/150252_minimal-expected.txt [new file with mode: 0644]
Source/WebCore/editing/cocoa/EditorCocoa.mm
Source/WebCore/editing/ios/EditorIOS.mm
Source/WebCore/editing/mac/EditorMac.mm

index 0aff195..afcee54 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,24 @@
+2015-11-10  Pranjal Jumde  <pjumde@apple.com>
+
+        Fixed crash loading Mozilla layout test editor/libeditor/crashtests/431086-1.xhtml.
+        https://bugs.webkit.org/show_bug.cgi?id=150252
+        <rdar://problem/23149470>
+
+        Reviewed by Brent Fulgham.
+
+
+        * Source/WebCore/editing/ios/EditorIOS.mm
+        * Source/WebCore/editing/mac/EditorMac.mm
+          In Editor::fontForSelection moved the node removal code, so that the
+          node is only removed if style is not NULL.
+        * Source/WebCore/editing/cocoa/EditorCocoa.mm
+          In Editor::styleForSelectionStart checking if the parentNode can 
+          accept the styleElement node.
+        * LayoutTests/editing/execCommand/150252.xhtml
+        * LayoutTests/editing/execCommand/150252_minimal.xhtml
+        * LayoutTests/editing/execCommand/150252-expected.txt
+        * LayoutTests/editing/execCommand/150252_minimal-expected.txt
+
 2015-11-09  Pranjal Jumde  <pjumde@apple.com>
 
         Fixed crash loading Mozilla layout test editor/libeditor/crashtests/431086-1.xhtml.
diff --git a/LayoutTests/editing/execCommand/150252-expected.txt b/LayoutTests/editing/execCommand/150252-expected.txt
new file mode 100644 (file)
index 0000000..6025c93
--- /dev/null
@@ -0,0 +1 @@
+This test passes if it doesn't crash. https://bugs.webkit.org/show_bug.cgi?id=150252
diff --git a/LayoutTests/editing/execCommand/150252.xhtml b/LayoutTests/editing/execCommand/150252.xhtml
new file mode 100644 (file)
index 0000000..e8a1578
--- /dev/null
@@ -0,0 +1,26 @@
+<div id="150252" xmlns="http://www.w3.org/1999/xhtml">
+
+<script type="text/javascript">
+
+function boom()
+{
+  if (window.testRunner)
+    testRunner.dumpAsText();
+
+  var r = document.documentElement;
+  r.style.position = "absolute";
+  r.contentEditable = "true";
+  r.focus();
+  r.contentEditable = "false";
+  r.focus();
+  r.contentEditable = "true";
+  document.execCommand("subscript", false, null);
+  r.contentEditable = "false";
+  document.getElementById("150252").innerHTML = "This test passes if it doesn't crash. https://bugs.webkit.org/show_bug.cgi?id=150252";
+}
+
+window.addEventListener("load", boom, false);
+
+</script>
+
+</div>
diff --git a/LayoutTests/editing/execCommand/150252_minimal-expected.txt b/LayoutTests/editing/execCommand/150252_minimal-expected.txt
new file mode 100644 (file)
index 0000000..6025c93
--- /dev/null
@@ -0,0 +1 @@
+This test passes if it doesn't crash. https://bugs.webkit.org/show_bug.cgi?id=150252
index 95e66db..3f73a4e 100644 (file)
@@ -63,7 +63,12 @@ RenderStyle* Editor::styleForSelectionStart(Frame* frame, Node *&nodeToRemove)
 
     styleElement->appendChild(frame->document()->createEditingTextNode(""), ASSERT_NO_EXCEPTION);
 
-    position.deprecatedNode()->parentNode()->appendChild(styleElement.copyRef(), ASSERT_NO_EXCEPTION);
+    ContainerNode* parentNode = position.deprecatedNode()->parentNode();
+
+    if (!parentNode->ensurePreInsertionValidity(styleElement.copyRef(), nullptr, IGNORE_EXCEPTION))
+        return nullptr; 
+
+    parentNode->appendChild(styleElement.copyRef(), ASSERT_NO_EXCEPTION);
 
     nodeToRemove = styleElement.ptr();
 
index afd12b2..22f75bc 100644 (file)
@@ -192,13 +192,10 @@ const Font* Editor::fontForSelection(bool& hasMultipleFonts) const
         RenderStyle* style = styleForSelectionStart(&m_frame, nodeToRemove); // sets nodeToRemove
 
         const Font* result = nullptr;
-        if (style)
+        if (style) {
             result = &style->fontCascade().primaryFont();
-
-        if (nodeToRemove) {
-            ExceptionCode ec;
-            nodeToRemove->remove(ec);
-            ASSERT(!ec);
+            if (nodeToRemove)
+                nodeToRemove->remove(ASSERT_NO_EXCEPTION);
         }
 
         return result;
index 37f9c1d..5b334ba 100644 (file)
@@ -118,12 +118,11 @@ const Font* Editor::fontForSelection(bool& hasMultipleFonts) const
         RenderStyle* style = styleForSelectionStart(&m_frame, nodeToRemove); // sets nodeToRemove
 
         const Font* result = nullptr;
-        if (style)
+        if (style) {
             result = &style->fontCascade().primaryFont();
-
-        if (nodeToRemove)
-            nodeToRemove->remove(ASSERT_NO_EXCEPTION);
-
+            if (nodeToRemove)
+                nodeToRemove->remove(ASSERT_NO_EXCEPTION);
+        }
         return result;
     }