Null deref of Range under WebPage::startAutoscrollAtPosition
authortimothy_horton@apple.com <timothy_horton@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 11 Jul 2019 22:22:57 +0000 (22:22 +0000)
committertimothy_horton@apple.com <timothy_horton@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 11 Jul 2019 22:22:57 +0000 (22:22 +0000)
https://bugs.webkit.org/show_bug.cgi?id=199724
<rdar://problem/41127089>

Reviewed by Dean Jackson.

* WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::startAutoscrollAtPosition):
Refactor this function to be early-return-y, and add one more
early return if the Range is null.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@247369 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm

index 61095a5..b0f490d 100644 (file)
@@ -1,3 +1,16 @@
+2019-07-11  Tim Horton  <timothy_horton@apple.com>
+
+        Null deref of Range under WebPage::startAutoscrollAtPosition
+        https://bugs.webkit.org/show_bug.cgi?id=199724
+        <rdar://problem/41127089>
+
+        Reviewed by Dean Jackson.
+
+        * WebProcess/WebPage/ios/WebPageIOS.mm:
+        (WebKit::WebPage::startAutoscrollAtPosition):
+        Refactor this function to be early-return-y, and add one more
+        early return if the Range is null.
+
 2019-07-11  Pablo Saavedra  <psaavedra@igalia.com>
 
         [WPE][GTK] Build failure with ENABLE_ACCESSIBILITY=OFF
index 114398c..21e527a 100644 (file)
@@ -1763,19 +1763,23 @@ void WebPage::moveSelectionByOffset(int32_t offset, CallbackID callbackID)
     
 void WebPage::startAutoscrollAtPosition(const WebCore::FloatPoint& positionInWindow)
 {
-    if (m_focusedElement && m_focusedElement->renderer())
+    if (m_focusedElement && m_focusedElement->renderer()) {
         m_page->mainFrame().eventHandler().startSelectionAutoscroll(m_focusedElement->renderer(), positionInWindow);
-    else {
-        Frame& frame = m_page->focusController().focusedOrMainFrame();
-        VisibleSelection selection = frame.selection().selection();
-        if (selection.isRange()) {
-            RefPtr<Range> range = frame.selection().toNormalizedRange();
-            Node& node = range->startContainer();
-            auto* renderer = node.renderer();
-            if (renderer)
-                m_page->mainFrame().eventHandler().startSelectionAutoscroll(renderer, positionInWindow);
-        }
+        return;
     }
+    
+    Frame& frame = m_page->focusController().focusedOrMainFrame();
+    VisibleSelection selection = frame.selection().selection();
+    if (!selection.isRange())
+        return;
+    RefPtr<Range> range = frame.selection().toNormalizedRange();
+    if (!range)
+        return;
+    auto* renderer = range->startContainer().renderer();
+    if (!renderer)
+        return;
+
+    m_page->mainFrame().eventHandler().startSelectionAutoscroll(renderer, positionInWindow);
 }
     
 void WebPage::cancelAutoscroll()