+2004-12-09 Ken Kocienda <kocienda@apple.com>
+
+ Reviewed by Harrison
+
+ Fix for this bug:
+
+ <rdar://problem/3910425> REGRESSION (Mail): Crash in ReplaceSelectionCommand; selection is empty, leading to null deref
+
+ * khtml/editing/htmlediting.cpp:
+ (khtml::MoveSelectionCommand::doApply): The node representing the destination for the move may have
+ been deleted. If this is the case, set the destination to the node the delete command provides in
+ its ending selection.
+
=== Safari-175 ===
2004-12-09 Ken Kocienda <kocienda@apple.com>
Selection selection = endingSelection();
ASSERT(selection.isRange());
+ Position pos = m_position;
+
// Update the position otherwise it may become invalid after the selection is deleted.
NodeImpl *positionNode = m_position.node();
long positionOffset = m_position.offset();
if (selectionStart.node() == positionNode) {
positionOffset += selectionStart.offset();
}
+ pos = Position(positionNode, positionOffset);
}
-
+
deleteSelection(m_smartMove);
- setEndingSelection(Position(positionNode, positionOffset));
+ // If the node for the destination has been removed as a result of the deletion,
+ // set the destination to the ending point after the deletion.
+ // Fixes: <rdar://problem/3910425> REGRESSION (Mail): Crash in ReplaceSelectionCommand;
+ // selection is empty, leading to null deref
+ if (!pos.node()->inDocument())
+ pos = endingSelection().start();
+
+ setEndingSelection(pos);
EditCommandPtr cmd(new ReplaceSelectionCommand(document(), m_fragment, true, m_smartMove));
applyCommandToComposite(cmd);
}
git://git.webkit.org / WebKit-https.git / commitdiff