Null dereference loading Blink layout test editing/inserting/insert-html-crash-01.html
https://bugs.webkit.org/show_bug.cgi?id=149298
<rdar://problem/
22746918>
Reviewed by Ryosuke Niwa.
Source/WebCore:
The test crashes in the method WebCore::CompositeEditCommand::moveParagraphs() because
the other method WebCore::CompositeEditCommand::cleanupAfterDeletion() accidentally
deletes the destination node. In WebCore::CompositeEditCommand::cleanupAfterDeletion(),
it fails to determine that caretAfterDelete equals to destination as Position::operator==,
which is called in VisiblePosition::operator==, only checks the equality of tuple
<Anchor Node, Anchor Type, Offset>. It is insufficient as a single position can be
represented by multiple tuples. Therefore, this change adds Position::equals() to fortify
the equal checking of two positions by considering combinations of different tuple
representations.
Furthermore, it adds VisiblePosition::equals() which considers affinity and call
Position::equals() while comparing two visible positions.
Test: editing/inserting/insert-html-crash-01.html
* dom/Position.cpp:
(WebCore::Position::equals):
* dom/Position.h:
* editing/CompositeEditCommand.cpp:
(WebCore::CompositeEditCommand::cleanupAfterDeletion):
Replace operator== with VisiblePosition::equals() to tackle the test case.
* editing/VisiblePosition.cpp:
(WebCore::VisiblePosition::equals):
* editing/VisiblePosition.h:
LayoutTests:
This test case is from Blink r153982:
https://codereview.chromium.org/
16053005
* editing/inserting/insert-html-crash-01-expected.txt: Added.
* editing/inserting/insert-html-crash-01.html: Added.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@192170
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
git://git.webkit.org / WebKit-https.git / commit