https://bugs.webkit.org/show_bug.cgi?id=90560
Reviewed by Ryosuke Niwa.
Source/WebCore:
CharacterIterator and BackwardsCharacterIterator try to advance their
internal TextIterator without checking if they already are at end.
This can cause crashes in TextIterator::advance.
Test: platform/chromium/editing/surrounding-text/surrounding-text.html
* editing/SurroundingText.cpp:
(WebCore::SurroundingText::SurroundingText):
* editing/TextIterator.cpp:
(WebCore::CharacterIterator::advance):
(WebCore::BackwardsCharacterIterator::advance):
LayoutTests:
Add a new test case where character iterators are already at end when
trying to advance. This was caught by Chromium's address sanitizer
here: http://code.google.com/p/chromium/issues/detail?id=135705
* platform/chromium/editing/surrounding-text/surrounding-text-expected.txt:
* platform/chromium/editing/surrounding-text/surrounding-text.html:
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@121921
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2012-07-05 Leandro Gracia Gil <leandrogracia@chromium.org>
+
+ Character iterators should not advance if they are at end
+ https://bugs.webkit.org/show_bug.cgi?id=90560
+
+ Reviewed by Ryosuke Niwa.
+
+ Add a new test case where character iterators are already at end when
+ trying to advance. This was caught by Chromium's address sanitizer
+ here: http://code.google.com/p/chromium/issues/detail?id=135705
+
+ * platform/chromium/editing/surrounding-text/surrounding-text-expected.txt:
+ * platform/chromium/editing/surrounding-text/surrounding-text.html:
+
2012-07-05 Alexey Proskuryakov <ap@apple.com>
[Mac][WK2] Enable HTTPS tests
PASS surroundingText('<button>.</button><div id="here">012345678901234567890123456789</div><button>.</button>', 15, 12) is "901234567890"
PASS surroundingText('<option>.</option>12345<button id="here">test</button><option>.</option>', 0, 100) is ""
PASS surroundingText('<option>.</option>12345<button>te<span id="here">st</span></button><option>.</option>', 0, 100) is ""
+PASS surroundingText('<p id="here">.', 0, 2) is "."
PASS successfullyParsed is true
TEST COMPLETE
shouldBeEqualToString('surroundingText(\'<button>.</button><div id="here">012345678901234567890123456789</div><button>.</button>\', 15, 12)', '901234567890');
shouldBeEqualToString('surroundingText(\'<option>.</option>12345<button id="here">test</button><option>.</option>\', 0, 100)', '');
shouldBeEqualToString('surroundingText(\'<option>.</option>12345<button>te<span id="here">st</span></button><option>.</option>\', 0, 100)', '');
+ shouldBeEqualToString('surroundingText(\'<p id="here">.\', 0, 2)', '.');
document.body.removeChild(document.getElementById('test'));
finishJSTest();
+2012-07-05 Leandro Gracia Gil <leandrogracia@chromium.org>
+
+ Character iterators should not advance if they are at end
+ https://bugs.webkit.org/show_bug.cgi?id=90560
+
+ Reviewed by Ryosuke Niwa.
+
+ CharacterIterator and BackwardsCharacterIterator try to advance their
+ internal TextIterator without checking if they already are at end.
+ This can cause crashes in TextIterator::advance.
+
+ Test: platform/chromium/editing/surrounding-text/surrounding-text.html
+
+ * editing/SurroundingText.cpp:
+ (WebCore::SurroundingText::SurroundingText):
+ * editing/TextIterator.cpp:
+ (WebCore::CharacterIterator::advance):
+ (WebCore::BackwardsCharacterIterator::advance):
+
2012-07-05 John Mellor <johnme@chromium.org>
Text Autosizing: Add basic framework
{
const unsigned halfMaxLength = maxLength / 2;
CharacterIterator forwardIterator(makeRange(visiblePosition, endOfDocument(visiblePosition)).get(), TextIteratorStopsOnFormControls);
- forwardIterator.advance(maxLength - halfMaxLength);
+ if (!forwardIterator.atEnd())
+ forwardIterator.advance(maxLength - halfMaxLength);
Position position = visiblePosition.deepEquivalent().parentAnchoredEquivalent();
Document* document = position.document();
return;
BackwardsCharacterIterator backwardsIterator(makeRange(startOfDocument(visiblePosition), visiblePosition).get(), TextIteratorStopsOnFormControls);
- backwardsIterator.advance(halfMaxLength);
+ if (!backwardsIterator.atEnd())
+ backwardsIterator.advance(halfMaxLength);
m_positionOffsetInContent = Range::create(document, backwardsIterator.range()->endPosition(), position)->text().length();
m_contentRange = Range::create(document, backwardsIterator.range()->endPosition(), forwardIterator.range()->startPosition());
void CharacterIterator::advance(int count)
{
+ ASSERT(!atEnd());
+
if (count <= 0) {
ASSERT(count == 0);
return;
void BackwardsCharacterIterator::advance(int count)
{
+ ASSERT(!atEnd());
+
if (count <= 0) {
ASSERT(!count);
return;