Null dereference loading Blink layout test editing/execCommand/indent-inline-box...
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 26 Oct 2015 20:16:53 +0000 (20:16 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 26 Oct 2015 20:16:53 +0000 (20:16 +0000)
https://bugs.webkit.org/show_bug.cgi?id=149290
<rdar://problem/22746435>

Patch by Jiewen Tan <jiewen_tan@apple.com> on 2015-10-26
Reviewed by Alex Christensen.

Source/WebCore:

This is a merge of Blink r174952:
https://codereview.chromium.org/297203004

Test: editing/execCommand/indent-inline-box-crash.html

* editing/IndentOutdentCommand.cpp:
(WebCore::IndentOutdentCommand::tryIndentingAsListItem):

LayoutTests:

* editing/execCommand/indent-inline-box-crash-expected.txt: Added.
* editing/execCommand/indent-inline-box-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@191597 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/editing/execCommand/indent-inline-box-crash-expected.txt [new file with mode: 0644]
LayoutTests/editing/execCommand/indent-inline-box-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/editing/IndentOutdentCommand.cpp

index 6e296b2..3ab72f4 100644 (file)
@@ -1,5 +1,16 @@
 2015-10-26  Jiewen Tan  <jiewen_tan@apple.com>
 
+        Null dereference loading Blink layout test editing/execCommand/indent-inline-box-crash.html
+        https://bugs.webkit.org/show_bug.cgi?id=149290
+        <rdar://problem/22746435>
+
+        Reviewed by Alex Christensen.
+
+        * editing/execCommand/indent-inline-box-crash-expected.txt: Added.
+        * editing/execCommand/indent-inline-box-crash.html: Added.
+
+2015-10-26  Jiewen Tan  <jiewen_tan@apple.com>
+
         Null dereference loading Blink layout test editing/execCommand/indent-no-visible-contents-crash.html
         https://bugs.webkit.org/show_bug.cgi?id=149292
         <rdar://problem/22746530>
diff --git a/LayoutTests/editing/execCommand/indent-inline-box-crash-expected.txt b/LayoutTests/editing/execCommand/indent-inline-box-crash-expected.txt
new file mode 100644 (file)
index 0000000..24892cf
--- /dev/null
@@ -0,0 +1 @@
+Pass if not crash.
diff --git a/LayoutTests/editing/execCommand/indent-inline-box-crash.html b/LayoutTests/editing/execCommand/indent-inline-box-crash.html
new file mode 100644 (file)
index 0000000..e7c6b4a
--- /dev/null
@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<head>
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+
+onload = function () {
+    document.designMode = 'on';
+    document.execCommand('SelectAll')
+    document.execCommand('Indent');
+    document.body.textContent = 'Pass if not crash.';
+};
+</script>
+</head>
+<body style="display: -webkit-inline-box">
+<ol style="display: -webkit-inline-box">
+<br>
+foo
+</ol>
+</body>
+</html>
index bf4d8d9..79fe779 100644 (file)
@@ -1,5 +1,21 @@
 2015-10-26  Jiewen Tan  <jiewen_tan@apple.com>
 
+        Null dereference loading Blink layout test editing/execCommand/indent-inline-box-crash.html
+        https://bugs.webkit.org/show_bug.cgi?id=149290
+        <rdar://problem/22746435>
+
+        Reviewed by Alex Christensen.
+
+        This is a merge of Blink r174952:
+        https://codereview.chromium.org/297203004
+
+        Test: editing/execCommand/indent-inline-box-crash.html
+
+        * editing/IndentOutdentCommand.cpp:
+        (WebCore::IndentOutdentCommand::tryIndentingAsListItem):
+
+2015-10-26  Jiewen Tan  <jiewen_tan@apple.com>
+
         Null dereference loading Blink layout test editing/execCommand/indent-no-visible-contents-crash.html
         https://bugs.webkit.org/show_bug.cgi?id=149292
         <rdar://problem/22746530>
index ec4d272..26e6004 100644 (file)
@@ -65,8 +65,7 @@ bool IndentOutdentCommand::tryIndentingAsListItem(const Position& start, const P
     // Find the block that we want to indent.  If it's not a list item (e.g., a div inside a list item), we bail out.
     RefPtr<Element> selectedListItem = enclosingBlock(lastNodeInSelectedParagraph);
 
-    // FIXME: we need to deal with the case where there is no li (malformed HTML)
-    if (!selectedListItem->hasTagName(liTag))
+    if (!selectedListItem || !selectedListItem->hasTagName(liTag))
         return false;
     
     // FIXME: previousElementSibling does not ignore non-rendered content like <span></span>.  Should we?