Safari crashes when calling execCommand on formatted html in special case
authorenrica@apple.com <enrica@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 3 Nov 2009 01:06:26 +0000 (01:06 +0000)
committerenrica@apple.com <enrica@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Tue, 3 Nov 2009 01:06:26 +0000 (01:06 +0000)
<rdar://problem/7318656>
https://bugs.webkit.org/show_bug.cgi?id=31023

Reviewed by Adele Peterson and Dan Bernstein.

WebCore:

Test: editing/execCommand/align-in-span.html

* rendering/RenderObject.cpp:
(WebCore::RenderObject::containingBlock): Modified comment on containingBlock returning NULL.
* rendering/RenderText.cpp:
(WebCore::RenderText::setSelectionState): Added check for NULL return from containingBlock,
since it is possible when dealing with orphaned trees.

LayoutTests:

* editing/execCommand/align-in-span-expected.txt: Added.
* editing/execCommand/align-in-span.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@50433 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/editing/execCommand/align-in-span-expected.txt [new file with mode: 0644]
LayoutTests/editing/execCommand/align-in-span.html [new file with mode: 0755]
WebCore/ChangeLog
WebCore/rendering/RenderObject.cpp
WebCore/rendering/RenderText.cpp

index 6b88ef446e6a1876c91dd5212af4e3e48ac92987..875a1b0ee106ac05006eba36bc8268b342716c64 100644 (file)
@@ -1,3 +1,14 @@
+2009-11-02  Enrica Casucci  <enrica@apple.com>
+
+        Reviewed by Adele Peterson and Dan Bernstein.
+
+        Safari crashes when calling execCommand on formatted html in special case
+        <rdar://problem/7318656>
+        https://bugs.webkit.org/show_bug.cgi?id=31023
+
+        * editing/execCommand/align-in-span-expected.txt: Added.
+        * editing/execCommand/align-in-span.html: Added.
+
 2009-11-02  Chris Marrin  <cmarrin@apple.com>
 
         Reviewed by Oliver Hunt.
 2009-11-02  Chris Marrin  <cmarrin@apple.com>
 
         Reviewed by Oliver Hunt.
diff --git a/LayoutTests/editing/execCommand/align-in-span-expected.txt b/LayoutTests/editing/execCommand/align-in-span-expected.txt
new file mode 100644 (file)
index 0000000..4d8e806
--- /dev/null
@@ -0,0 +1,4 @@
+Line 1. 
+Select all text in this line and use justify command.
+Line 3.
+
diff --git a/LayoutTests/editing/execCommand/align-in-span.html b/LayoutTests/editing/execCommand/align-in-span.html
new file mode 100755 (executable)
index 0000000..88249bd
--- /dev/null
@@ -0,0 +1,31 @@
+<html>\r
+<head>\r
+<script type="text/javascript">\r
+\r
+function selectAndJustify()\r
+{\r
+    if (window.layoutTestController)\r
+        layoutTestController.dumpAsText();\r
+\r
+    var elem = document.getElementById("test");\r
+    var selection = window.getSelection();\r
+    selection.setBaseAndExtent(elem, 2, elem, 6);\r
+    document.execCommand('JustifyCenter', false, null);\r
+}\r
+\r
+</script>\r
+</head>\r
+\r
+<body>\r
+    <span id="test" contenteditable="true" >\r
+        Line 1.\r
+        <br>\r
+        <b>Select all text in this line and use justify command.</b>\r
+        <br>\r
+        Line 3.\r
+    </span>\r
+</body>\r
+<script>\r
+selectAndJustify();\r
+</script>\r
+</html>\r
index 962ba8ea5e76bb9ce48ffe48d1e62937803ea688..e3cccb033766ac1bdbd4bf1e7b71d644912481bb 100644 (file)
@@ -1,3 +1,19 @@
+2009-11-02  Enrica Casucci  <enrica@apple.com>
+
+        Reviewed by Adele Peterson and Dan Bernstein.
+
+        Safari crashes when calling execCommand on formatted html in special case
+        <rdar://problem/7318656>
+        https://bugs.webkit.org/show_bug.cgi?id=31023
+
+        Test: editing/execCommand/align-in-span.html
+
+        * rendering/RenderObject.cpp:
+        (WebCore::RenderObject::containingBlock): Modified comment on containingBlock returning NULL.
+        * rendering/RenderText.cpp:
+        (WebCore::RenderText::setSelectionState): Added check for NULL return from containingBlock,
+        since it is possible when dealing with orphaned trees.
+
 2009-11-02  Chris Marrin  <cmarrin@apple.com>
 
         Reviewed by Oliver Hunt.
 2009-11-02  Chris Marrin  <cmarrin@apple.com>
 
         Reviewed by Oliver Hunt.
index e451c30f15a259c48fa1dfa0859f324b25e59b98..3dc565c5fcc42da2dd3672c7c73d8000d34d9a9d 100644 (file)
@@ -640,7 +640,7 @@ RenderBlock* RenderObject::containingBlock() const
     }
 
     if (!o || !o->isRenderBlock())
     }
 
     if (!o || !o->isRenderBlock())
-        return 0; // Probably doesn't happen any more, but leave just in case. -dwh
+        return 0; // This can still happen in case of an orphaned tree
 
     return toRenderBlock(o);
 }
 
     return toRenderBlock(o);
 }
index 40c3d75a542b27413c8dd3221e112c3669339531..a4f53a2da2afd564f192dc48888bf27b735d4f14 100644 (file)
@@ -813,7 +813,9 @@ void RenderText::setSelectionState(SelectionState state)
         }
     }
 
         }
     }
 
-    containingBlock()->setSelectionState(state);
+    // The returned value can be null in case of an orphaned tree.
+    if (RenderBlock* cb = containingBlock())
+        cb->setSelectionState(state);
 }
 
 void RenderText::setTextWithOffset(PassRefPtr<StringImpl> text, unsigned offset, unsigned len, bool force)
 }
 
 void RenderText::setTextWithOffset(PassRefPtr<StringImpl> text, unsigned offset, unsigned len, bool force)