[iOS] Crash long pressing on <input type=file>
authorjhoneycutt@apple.com <jhoneycutt@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 16 Jun 2015 21:39:57 +0000 (21:39 +0000)
committerjhoneycutt@apple.com <jhoneycutt@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 16 Jun 2015 21:39:57 +0000 (21:39 +0000)
https://bugs.webkit.org/show_bug.cgi?id=146009
<rdar://problem/21234453>

Reviewed by Ryosuke Niwa.

.:

* ManualTests/ios/long-press-input-type-file-crash.html: Added.

Source/WebCore:

* dom/Position.cpp:
(WebCore::Position::atStartOfTree):
(WebCore::Position::atEndOfTree):
Null check the container node before passing it to findParent().

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@185613 268f45cc-cd09-0410-ab3c-d52691b4dbfc

ChangeLog
ManualTests/ios/long-press-input-type-file-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/dom/Position.cpp

index eef1c6b..be5bc99 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,13 @@
+2015-06-15  Jon Honeycutt  <jhoneycutt@apple.com>
+
+        [iOS] Crash long pressing on <input type=file>
+        https://bugs.webkit.org/show_bug.cgi?id=146009
+        <rdar://problem/21234453>
+
+        Reviewed by Ryosuke Niwa.
+
+        * ManualTests/ios/long-press-input-type-file-crash.html: Added.
+
 2015-06-16  Brent Fulgham  <bfulgham@apple.com>
 
         Rollout accidental Xcode project change.
diff --git a/ManualTests/ios/long-press-input-type-file-crash.html b/ManualTests/ios/long-press-input-type-file-crash.html
new file mode 100644 (file)
index 0000000..203c8f7
--- /dev/null
@@ -0,0 +1,37 @@
+<!DOCTYPE html>
+<html>
+    <body onload="test()">
+        <p>
+            This test checks that a long press gesture on an file input button does not crash on iOS.
+            Press and hold on the file input button below until you see the word "PASS".
+        </p>
+        <p id="result">Test not running</p>
+        <p>
+            <input type="file" id="filecontrol">
+        </p>
+        <script>
+            var timer;
+            var pass;
+            function setText(s)
+            {
+                document.getElementById("result").innerHTML = s;
+            }
+
+            function test() {
+                var input = document.getElementById("filecontrol");
+                input.onclick = function(e) { e.preventDefault(); }
+                input.ontouchstart = function() {
+                    setText("Wait...");
+                    passed = false;
+                    timer = window.setTimeout(function() { setText("PASS"); passed = true; }, 1000);
+                }
+                input.ontouchend = input.ontouchmove = function() {
+                    if (passed)
+                        return;
+                    setText("Try again");
+                    window.clearTimeout(timer);
+                }
+            }
+        </script>
+    </body>
+</html>
index 78302ef..ce20e2f 100644 (file)
@@ -1,3 +1,16 @@
+2015-06-15  Jon Honeycutt  <jhoneycutt@apple.com>
+
+        [iOS] Crash long pressing on <input type=file>
+        https://bugs.webkit.org/show_bug.cgi?id=146009
+        <rdar://problem/21234453>
+
+        Reviewed by Ryosuke Niwa.
+
+        * dom/Position.cpp:
+        (WebCore::Position::atStartOfTree):
+        (WebCore::Position::atEndOfTree):
+        Null check the container node before passing it to findParent().
+
 2015-06-15  Chris Fleizach  <cfleizach@apple.com>
 
         AX:  iOS accessibility tests are not running because we need WKTR support
index d2b1105..ed9e248 100644 (file)
@@ -476,7 +476,9 @@ bool Position::atStartOfTree() const
 {
     if (isNull())
         return true;
-    if (findParent(containerNode()))
+
+    Node* container = containerNode();
+    if (container && findParent(container))
         return false;
 
     switch (m_anchorType) {
@@ -499,7 +501,9 @@ bool Position::atEndOfTree() const
 {
     if (isNull())
         return true;
-    if (findParent(containerNode()))
+
+    Node* container = containerNode();
+    if (container && findParent(container))
         return false;
 
     switch (m_anchorType) {