From 9d7c6654e5eb5493f6fc5503eb3aafbc6915bc45 Mon Sep 17 00:00:00 2001 From: "commit-queue@webkit.org" Date: Wed, 18 Jan 2012 02:03:30 +0000 Subject: [PATCH] NULL ptr in WebCore::RenderSVGInlineText::localCaretRect https://bugs.webkit.org/show_bug.cgi?id=75851 Patch by Stephen Chenney on 2012-01-17 Reviewed by Ryosuke Niwa. .: Added a check for null box in localCaretRect, to match test in other implementations. Adding a manual test because the crash is not reproducible in DRT. * ManualTests/svg-modify-deleted-selection.svg: Added. Source/WebCore: Added a check for null box in localCaretRect, to match test in other implementations. Adding a manual test because the crash is not reproducible in DRT. Test: ManualTests/svg-modify-deleted-selection.svg * rendering/svg/RenderSVGInlineText.cpp: (WebCore::RenderSVGInlineText::localCaretRect): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@105224 268f45cc-cd09-0410-ab3c-d52691b4dbfc --- ChangeLog | 13 +++++++++++++ ManualTests/svg-modify-deleted-selection.svg | 16 ++++++++++++++++ Source/WebCore/ChangeLog | 16 ++++++++++++++++ Source/WebCore/rendering/svg/RenderSVGInlineText.cpp | 2 +- 4 files changed, 46 insertions(+), 1 deletion(-) create mode 100644 ManualTests/svg-modify-deleted-selection.svg diff --git a/ChangeLog b/ChangeLog index 793f8fd..4ad22de 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,16 @@ +2012-01-17 Stephen Chenney + + NULL ptr in WebCore::RenderSVGInlineText::localCaretRect + https://bugs.webkit.org/show_bug.cgi?id=75851 + + Reviewed by Ryosuke Niwa. + + Added a check for null box in localCaretRect, to match test in other + implementations. Adding a manual test because the crash is not + reproducible in DRT. + + * ManualTests/svg-modify-deleted-selection.svg: Added. + 2012-01-17 Raul Hudea Move tests out of WebCore/manual-tests to toplevel ManualTests. diff --git a/ManualTests/svg-modify-deleted-selection.svg b/ManualTests/svg-modify-deleted-selection.svg new file mode 100644 index 0000000..a04aec3 --- /dev/null +++ b/ManualTests/svg-modify-deleted-selection.svg @@ -0,0 +1,16 @@ + + + +Test passes if no crash on mouse click. Text may be highlighted. + 1 + diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog index 5c5968f..6b98a2d 100644 --- a/Source/WebCore/ChangeLog +++ b/Source/WebCore/ChangeLog @@ -1,3 +1,19 @@ +2012-01-17 Stephen Chenney + + NULL ptr in WebCore::RenderSVGInlineText::localCaretRect + https://bugs.webkit.org/show_bug.cgi?id=75851 + + Reviewed by Ryosuke Niwa. + + Added a check for null box in localCaretRect, to match test in other + implementations. Adding a manual test because the crash is not reproducible + in DRT. + + Test: ManualTests/svg-modify-deleted-selection.svg + + * rendering/svg/RenderSVGInlineText.cpp: + (WebCore::RenderSVGInlineText::localCaretRect): + 2012-01-17 Caio Marcelo de Oliveira Filho Uint8ClampedArray support diff --git a/Source/WebCore/rendering/svg/RenderSVGInlineText.cpp b/Source/WebCore/rendering/svg/RenderSVGInlineText.cpp index 224a49d..74facc3 100644 --- a/Source/WebCore/rendering/svg/RenderSVGInlineText.cpp +++ b/Source/WebCore/rendering/svg/RenderSVGInlineText.cpp @@ -138,7 +138,7 @@ InlineTextBox* RenderSVGInlineText::createTextBox() LayoutRect RenderSVGInlineText::localCaretRect(InlineBox* box, int caretOffset, LayoutUnit*) { - if (!box->isInlineTextBox()) + if (!box || !box->isInlineTextBox()) return LayoutRect(); InlineTextBox* textBox = static_cast(box); -- 2.7.4