LayoutTests:
authoradele <adele@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 26 Feb 2007 21:49:48 +0000 (21:49 +0000)
committeradele <adele@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 26 Feb 2007 21:49:48 +0000 (21:49 +0000)
        Reviewed by Adam.

        Test for <rdar://problem/4990700> Safari always crashes when attempting to edit/view
        Yahoo pipes in WebCore::HTMLSelectElement::optionToListIndex

        * fast/forms/select-out-of-bounds-index-expected.txt: Added.
        * fast/forms/select-out-of-bounds-index.html: Added.

WebCore:

        Reviewed by Adam.

        Fix for <rdar://problem/4990700> Safari always crashes when attempting to edit/view
        Yahoo pipes in WebCore::HTMLSelectElement::optionToListIndex

        Test: fast/forms/select-out-of-bounds-index.html

        * html/HTMLSelectElement.cpp:
        (WebCore::HTMLSelectElement::setSelectedIndex): If we're about to deselect all options, then set m_lastOnChangeIndex to -1.
        (WebCore::HTMLSelectElement::optionToListIndex): Moved listSize to a local variable.  Rewrote using a simpler for-loop to prevent out-of-bounds errors.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@19859 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/forms/select-out-of-bounds-index-expected.txt [new file with mode: 0644]
LayoutTests/fast/forms/select-out-of-bounds-index.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/html/HTMLSelectElement.cpp

index 6c1e52a..a669afd 100644 (file)
@@ -1,3 +1,13 @@
+2007-02-26  Adele Peterson  <adele@apple.com>
+
+        Reviewed by Adam.
+
+        Test for <rdar://problem/4990700> Safari always crashes when attempting to edit/view 
+        Yahoo pipes in WebCore::HTMLSelectElement::optionToListIndex
+
+        * fast/forms/select-out-of-bounds-index-expected.txt: Added.
+        * fast/forms/select-out-of-bounds-index.html: Added.
+
 2007-02-25  Mitz Pettel  <mitz@webkit.org>
 
         Reviewed by David Hyatt.
diff --git a/LayoutTests/fast/forms/select-out-of-bounds-index-expected.txt b/LayoutTests/fast/forms/select-out-of-bounds-index-expected.txt
new file mode 100644 (file)
index 0000000..bdb1f9b
--- /dev/null
@@ -0,0 +1,2 @@
+This tests that we don't crash when setting the selectedIndex out of bounds
+
diff --git a/LayoutTests/fast/forms/select-out-of-bounds-index.html b/LayoutTests/fast/forms/select-out-of-bounds-index.html
new file mode 100644 (file)
index 0000000..6510ee8
--- /dev/null
@@ -0,0 +1,26 @@
+<html>
+    <head>
+        <script>
+        function test() {
+            if (window.layoutTestController)
+                layoutTestController.dumpAsText();
+            var sl = document.getElementById('sl');
+            sl.selectedIndex = 1;
+            sl.selectedIndex = 2;
+            sl.selectedIndex = 0;
+            sl.selectedIndex = -1;
+            sl.selectedIndex = 0;
+            sl.selectedIndex = 5;
+        }
+        </script>
+    </head>
+    <body onload="test()">
+        This tests that we don't crash when setting the selectedIndex out of bounds<br>
+        <select id="sl">
+            <optgroup label="group">
+                <option id="op1">1
+                <option id="op2">2
+            </optgroup>
+        </select>
+    </body>
+</html>
index c425494..82535b1 100644 (file)
@@ -1,3 +1,16 @@
+2007-02-26  Adele Peterson  <adele@apple.com>
+
+        Reviewed by Adam.
+
+        Fix for <rdar://problem/4990700> Safari always crashes when attempting to edit/view 
+        Yahoo pipes in WebCore::HTMLSelectElement::optionToListIndex
+
+        Test: fast/forms/select-out-of-bounds-index.html
+
+        * html/HTMLSelectElement.cpp:
+        (WebCore::HTMLSelectElement::setSelectedIndex): If we're about to deselect all options, then set m_lastOnChangeIndex to -1.
+        (WebCore::HTMLSelectElement::optionToListIndex): Moved listSize to a local variable.  Rewrote using a simpler for-loop to prevent out-of-bounds errors.
+
 2007-02-26  Anders Carlsson  <acarlsson@apple.com>
 
         Reviewed by Geoff.
index 837f182..91042cc 100644 (file)
@@ -172,7 +172,8 @@ void HTMLSelectElement::setSelectedIndex(int optionIndex, bool deselect, bool fi
     if (listIndex >= 0) {
         element = static_cast<HTMLOptionElement*>(items[listIndex]);
         element->setSelected(true);
-    }
+    } else if (deselect)
+        m_lastOnChangeIndex = -1;
 
     if (deselect)
         deselectItems(element);
@@ -444,19 +445,19 @@ bool HTMLSelectElement::appendFormData(FormDataList& list, bool)
 int HTMLSelectElement::optionToListIndex(int optionIndex) const
 {
     const Vector<HTMLElement*>& items = listItems();
-    if (optionIndex < 0 || optionIndex >= int(items.size()))
+    int listSize = (int)items.size();
+    if (optionIndex < 0 || optionIndex >= listSize)
         return -1;
 
-    int listIndex = 0;
-    int optionIndex2 = 0;
-    for (;
-         optionIndex2 < int(items.size()) && optionIndex2 <= optionIndex;
-         listIndex++) { // not a typo!
-        if (items[listIndex]->hasLocalName(optionTag))
+    int optionIndex2 = -1;
+    for (int listIndex = 0; listIndex < listSize; listIndex++) {
+        if (items[listIndex]->hasLocalName(optionTag)) {
             optionIndex2++;
+            if (optionIndex2 == optionIndex)
+                return listIndex;
+        }
     }
-    listIndex--;
-    return listIndex;
+    return -1;
 }
 
 int HTMLSelectElement::listToOptionIndex(int listIndex) const