Crash due to accessing removed parent lineboxes when clearing selection.
authorinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 23 Mar 2012 20:56:10 +0000 (20:56 +0000)
committerinferno@chromium.org <inferno@chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Fri, 23 Mar 2012 20:56:10 +0000 (20:56 +0000)
commit9344ead7c07ba3fe9f50a80881c2332972259e83
treed43661049fb97fa084d98ae0c6fb9cfef46d7c52
parentd898f1cc44788a49295de53a01f49e74049859b6
Crash due to accessing removed parent lineboxes when clearing selection.
https://bugs.webkit.org/show_bug.cgi?id=81359

Reviewed by Eric Seidel.

Source/WebCore:

Similar to r110323, adds the canUpdateSelectionOnRootLineBoxes
check to more places.

Test: editing/selection/clear-selection-crash.html

* rendering/RenderObject.cpp:
(WebCore::RenderObject::canUpdateSelectionOnRootLineBoxes):
* rendering/RenderSelectionInfo.h:
(WebCore::RenderSelectionInfo::RenderSelectionInfo):
(WebCore::RenderBlockSelectionInfo::RenderBlockSelectionInfo):

LayoutTests:

* editing/selection/clear-selection-crash-expected.txt: Added.
* editing/selection/clear-selection-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@111899 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/editing/selection/clear-selection-crash-expected.txt [new file with mode: 0644]
LayoutTests/editing/selection/clear-selection-crash.html [new file with mode: 0755]
Source/WebCore/ChangeLog
Source/WebCore/rendering/RenderObject.cpp
Source/WebCore/rendering/RenderSelectionInfo.h