Null pointer deference in WebCore::AppendNodeCommand::create
authorrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 21 May 2013 03:18:22 +0000 (03:18 +0000)
committerrniwa@webkit.org <rniwa@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 21 May 2013 03:18:22 +0000 (03:18 +0000)
commit6a62e47764d0f7894ae4da6cc30cd57cda5e45d9
treebd7a7592e1e3ee8ac6dcbfcf4cee099c07743f8b
parent11597ed3824556ba9b058fa424c343b049255a97
Null pointer deference in WebCore::AppendNodeCommand::create
https://bugs.webkit.org/show_bug.cgi?id=116479

Source/WebCore:

Reviewed by Andreas Kling.

Merge https://chromium.googlesource.com/chromium/blink/+/5cb43002a44f67a60ecf5a7ed76de2d0bcf89eb2

DeleteSelection::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss() make style and link elements
to be the direct children of the editable root. However, these style and link elements are not necessary editable
and WebKit crashes when they are not.

Test: editing/deleting/delete-uneditable-style.html

* editing/DeleteSelectionCommand.cpp:
(WebCore::DeleteSelectionCommand::makeStylingElementsDirectChildrenOfEditableRootToPreventStyleLoss):

LayoutTests:

Reviewed by Andreas Kling.

Add a regression test.

* editing/deleting/delete-uneditable-style-expected.txt: Added.
* editing/deleting/delete-uneditable-style.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@150402 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/editing/deleting/delete-uneditable-style-expected.txt [new file with mode: 0644]
LayoutTests/editing/deleting/delete-uneditable-style.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/editing/DeleteSelectionCommand.cpp