DeleteSelectionCommand should be robust when starting and ending editable positions...
authorwenson_hsieh@apple.com <wenson_hsieh@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 24 Aug 2017 04:12:55 +0000 (04:12 +0000)
committerwenson_hsieh@apple.com <wenson_hsieh@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 24 Aug 2017 04:12:55 +0000 (04:12 +0000)
commitdeec25cc8ecac7d3b296ff78084cf318adedd8cd
tree66e5fdeb1e159f45cc723b119db160522deea555
parent4a0eb4e63145d563b61c83170bee711edb598a41
DeleteSelectionCommand should be robust when starting and ending editable positions cannot be found
https://bugs.webkit.org/show_bug.cgi?id=175914
<rdar://problem/29792688>

Reviewed by Ryosuke Niwa.

Source/WebCore:

DeleteSelectionCommand can cause a null dereference if editable start and end positions are not found. This can
happen when attempting to delete after selecting the contents within a canvas or output element with `read-write`
`-webkit-user-modify` style. To fix this, we make the initialization step of the DeleteSelectionCommand robust
when editable start and end positions are missing.

Test: editing/execCommand/forward-delete-read-write-canvas.html

* editing/DeleteSelectionCommand.cpp:
(WebCore::DeleteSelectionCommand::initializePositionData):

Make this initialization helper indicate failure via a bool return value. DeleteSelectionCommand::doApply bails
early if initializePositionData returned false.

(WebCore::DeleteSelectionCommand::doApply):
* editing/DeleteSelectionCommand.h:

LayoutTests:

Adds a new LayoutTest. This test passes if WebKit successfully loaded the page.

* editing/execCommand/forward-delete-read-write-canvas-expected.txt: Added.
* editing/execCommand/forward-delete-read-write-canvas.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@221128 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/editing/execCommand/forward-delete-read-write-canvas-expected.txt [new file with mode: 0644]
LayoutTests/editing/execCommand/forward-delete-read-write-canvas.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/editing/DeleteSelectionCommand.cpp
Source/WebCore/editing/DeleteSelectionCommand.h