https://bugs.webkit.org/show_bug.cgi?id=77077
Reviewed by Enrica Casucci.
The crash was caused by a missing null check after removing the position out of the start block.
Fixed the bug by adding an early return.
Tests: editing/deleting/delete-start-block.html
editing/selection/move-into-empty-root-inline-box.html
* editing/DeleteSelectionCommand.cpp:
(WebCore::DeleteSelectionCommand::handleGeneralDelete):
LayoutTests: Crash in previousLinePosition when moving into a root inline box without leaves
https://bugs.webkit.org/show_bug.cgi?id=76812
Reviewed by Enrica Casucci.
Add a regression test for the crash. Unfortunately, we can only test previousLinePosition.
* editing/selection/move-into-empty-root-inline-box-expected.txt: Added.
* editing/selection/move-into-empty-root-inline-box.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@106380
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2012-01-31 Ryosuke Niwa <rniwa@webkit.org>
+
+ Crash in previousLinePosition when moving into a root inline box without leaves
+ https://bugs.webkit.org/show_bug.cgi?id=76812
+
+ Reviewed by Enrica Casucci.
+
+ Add a regression test for the crash. Unfortunately, we can only test previousLinePosition.
+
+ * editing/selection/move-into-empty-root-inline-box-expected.txt: Added.
+ * editing/selection/move-into-empty-root-inline-box.html: Added.
+
2012-01-31 Tony Chang <tony@chromium.org>
[chromium] Fix css3/flexbox/cross-axis-scrollbar-expected to work on
--- /dev/null
+This tests removing the start block. WebKit should not crash.
+| <div>
+| <br>
+| <br>
+| <br>
--- /dev/null
+><progress><script src="../../resources/dump-as-markup.js"></script><script>
+
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+
+document.designMode="on";
+document.execCommand("selectall");
+document.execCommand("justifycenter",false);
+document.body.removeChild(document.body.firstElementChild);
+document.execCommand("insertparagraph");
+
+Markup.description("This tests removing the start block. WebKit should not crash.");
+Markup.dump(document.body);
+
+</script>
+2012-01-31 Ryosuke Niwa <rniwa@webkit.org>
+
+ Crash in DeleteSelectionCommand::handleGeneralDelete when attempting to delete the start block
+ https://bugs.webkit.org/show_bug.cgi?id=77077
+
+ Reviewed by Enrica Casucci.
+
+ The crash was caused by a missing null check after removing the position out of the start block.
+ Fixed the bug by adding an early return.
+
+ Tests: editing/deleting/delete-start-block.html
+ editing/selection/move-into-empty-root-inline-box.html
+
+ * editing/DeleteSelectionCommand.cpp:
+ (WebCore::DeleteSelectionCommand::handleGeneralDelete):
+
2012-01-31 Rafael Brandao <rafael.lobo@openbossa.org>
HTMLIsIndexElement should not expose HTMLInputElement properties
if (startNode == m_startBlock && startOffset == 0 && canHaveChildrenForEditing(startNode) && !startNode->hasTagName(tableTag)) {
startOffset = 0;
startNode = startNode->traverseNextNode();
+ if (!startNode)
+ return;
}
if (startOffset >= caretMaxOffset(startNode) && startNode->isTextNode()) {
projects / profile / ivi / webkit-efl.git / commitdiff