Preserve selection end positions in directionOfSelection
authorddkilzer@apple.com <ddkilzer@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 29 Mar 2014 23:18:31 +0000 (23:18 +0000)
committerddkilzer@apple.com <ddkilzer@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sat, 29 Mar 2014 23:18:31 +0000 (23:18 +0000)
commitef7acb58b4a6d2b1af15839028644280c025c059
tree4920c858f13b8ecd1126b372f5e305f34570d8b1
parent1c98d6213e516dd23a11626162064d15ce65f6d2
Preserve selection end positions in directionOfSelection
<http://webkit.org/b/104813>
<rdar://problem/13666417>

Reviewed by Brent Fulgham.

Merged from Blink (patch by kenrb@chromium.org):
https://src.chromium.org/viewvc/blink?revision=150621&view=revision
http://crbug.com/164263

    VisibleSelection::visibleStart() and VisibleSelection::visibleEnd()
    can both cause layouts, which has the potential to invalidate any
    rendertree-based objects. This was causing a problem in
    FrameSelection::directionOfSelection(), where a reference to a
    lineBox was being held across a call to visibleEnd().

    This patch ensures that the any layout is completed before linebox
    references are retrieved.

Source/WebCore:

Test: editing/selection/layout-during-move-selection-crash.html

* editing/FrameSelection.cpp:
(WebCore::FrameSelection::directionOfSelection):

LayoutTests:

* editing/selection/layout-during-move-selection-crash-expected.txt: Added.
* editing/selection/layout-during-move-selection-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@166457 268f45cc-cd09-0410-ab3c-d52691b4dbfc
LayoutTests/ChangeLog
LayoutTests/editing/selection/layout-during-move-selection-crash-expected.txt [new file with mode: 0644]
LayoutTests/editing/selection/layout-during-move-selection-crash.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/editing/FrameSelection.cpp