Title: [91520] branches/safari-534.51-branch
- Revision
- 91520
- Author
- lforsch...@apple.com
- Date
- 2011-07-21 15:22:29 -0700 (Thu, 21 Jul 2011)
Log Message
Merge r89831.
Modified Paths
Added Paths
Diff
Modified: branches/safari-534.51-branch/LayoutTests/ChangeLog (91519 => 91520)
--- branches/safari-534.51-branch/LayoutTests/ChangeLog 2011-07-21 22:20:44 UTC (rev 91519)
+++ branches/safari-534.51-branch/LayoutTests/ChangeLog 2011-07-21 22:22:29 UTC (rev 91520)
@@ -1,5 +1,22 @@
2011-07-21 Lucas Forschler <lforsch...@apple.com>
+ Merged 89831.
+
+ 2011-06-27 Ryosuke Niwa <rn...@webkit.org>
+
+ Reviewed by Kent Tamura.
+
+ Crash in TextIterator
+ https://bugs.webkit.org/show_bug.cgi?id=63334
+
+ Added a test to ensure WebKit does not crash when iterating through letters in a RTL block
+ with first-letter rule applied where letters are not contiguous.
+
+ * editing/text-iterator/first-letter-rtl-crash-expected.txt: Added.
+ * editing/text-iterator/first-letter-rtl-crash.html: Added.
+
+2011-07-21 Lucas Forschler <lforsch...@apple.com>
+
Merged 89780.
2011-07-21 Lucas Forschler <lforsch...@apple.com>
Copied: branches/safari-534.51-branch/LayoutTests/editing/text-iterator/first-letter-rtl-crash-expected.txt (from rev 89831, trunk/LayoutTests/editing/text-iterator/first-letter-rtl-crash-expected.txt) (0 => 91520)
--- branches/safari-534.51-branch/LayoutTests/editing/text-iterator/first-letter-rtl-crash-expected.txt (rev 0)
+++ branches/safari-534.51-branch/LayoutTests/editing/text-iterator/first-letter-rtl-crash-expected.txt 2011-07-21 22:22:29 UTC (rev 91520)
@@ -0,0 +1,3 @@
+
+This test ensures WebKit does not crash when first-letter rule is applied to LTR letters that are not visually contiguous to each other.
+PASS
Copied: branches/safari-534.51-branch/LayoutTests/editing/text-iterator/first-letter-rtl-crash.html (from rev 89831, trunk/LayoutTests/editing/text-iterator/first-letter-rtl-crash.html) (0 => 91520)
--- branches/safari-534.51-branch/LayoutTests/editing/text-iterator/first-letter-rtl-crash.html (rev 0)
+++ branches/safari-534.51-branch/LayoutTests/editing/text-iterator/first-letter-rtl-crash.html 2011-07-21 22:22:29 UTC (rev 91520)
@@ -0,0 +1,17 @@
+<!DOCTYPE html>
+<html>
+<style>
+body:first-letter { color: black; }
+</style>
+<script>
+
+function run() {
+ document.execCommand('findString', false, '!ABC');
+ document.body.innerHTML = '<br>This test ensures WebKit does not crash when first-letter rule is applied to LTR letters that ' +
+ ' are not visually contiguous to each other.<br>PASS';
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+}
+
+</script>
+<body style="direction: rtl;" _onload_="run()">!ABC‮</body>
Modified: branches/safari-534.51-branch/Source/WebCore/ChangeLog (91519 => 91520)
--- branches/safari-534.51-branch/Source/WebCore/ChangeLog 2011-07-21 22:20:44 UTC (rev 91519)
+++ branches/safari-534.51-branch/Source/WebCore/ChangeLog 2011-07-21 22:22:29 UTC (rev 91520)
@@ -1,5 +1,27 @@
2011-07-21 Lucas Forschler <lforsch...@apple.com>
+ Merged 89831.
+
+ 2011-06-27 Ryosuke Niwa <rn...@webkit.org>
+
+ Reviewed by Kent Tamura.
+
+ Crash in TextIterator
+ https://bugs.webkit.org/show_bug.cgi?id=63334
+
+ Fix a crash in TextIterator. Keep m_sortedTextBoxes and renderer consistent
+ and check !m_offset when handling first letter.
+
+ Also add more assertions to help detecting similar bugs.
+
+ Test: editing/text-iterator/first-letter-rtl-crash.html
+
+ * editing/TextIterator.cpp:
+ (WebCore::TextIterator::handleTextNode):
+ (WebCore::TextIterator::emitText):
+
+2011-07-21 Lucas Forschler <lforsch...@apple.com>
+
Merged 89780.
2011-06-26 Adam Barth <aba...@webkit.org>
Modified: branches/safari-534.51-branch/Source/WebCore/editing/TextIterator.cpp (91519 => 91520)
--- branches/safari-534.51-branch/Source/WebCore/editing/TextIterator.cpp 2011-07-21 22:20:44 UTC (rev 91519)
+++ branches/safari-534.51-branch/Source/WebCore/editing/TextIterator.cpp 2011-07-21 22:22:29 UTC (rev 91520)
@@ -459,7 +459,7 @@
emitCharacter(' ', m_node, 0, runStart, runStart);
return false;
}
- if (!m_handledFirstLetter && renderer->isTextFragment()) {
+ if (!m_handledFirstLetter && renderer->isTextFragment() && !m_offset) {
handleTextNodeFirstLetter(static_cast<RenderTextFragment*>(renderer));
if (m_firstLetterText) {
String firstLetter = m_firstLetterText->text();
@@ -496,6 +496,14 @@
return true;
}
+
+ m_textBox = renderer->firstTextBox();
+ if (!m_handledFirstLetter && renderer->isTextFragment() && !m_offset)
+ handleTextNodeFirstLetter(static_cast<RenderTextFragment*>(renderer));
+
+ if (m_firstLetterText)
+ renderer = m_firstLetterText;
+
// Used when text boxes are out of order (Hebrew/Arabic w/ embeded LTR text)
if (renderer->containsReversedText()) {
m_sortedTextBoxes.clear();
@@ -504,11 +512,9 @@
}
std::sort(m_sortedTextBoxes.begin(), m_sortedTextBoxes.end(), InlineTextBox::compareByStart);
m_sortedTextBoxesPosition = 0;
+ m_textBox = m_sortedTextBoxes.isEmpty() ? 0 : m_sortedTextBoxes[0];
}
-
- m_textBox = renderer->containsReversedText() ? (m_sortedTextBoxes.isEmpty() ? 0 : m_sortedTextBoxes[0]) : renderer->firstTextBox();
- if (!m_handledFirstLetter && renderer->isTextFragment() && !m_offset)
- handleTextNodeFirstLetter(static_cast<RenderTextFragment*>(renderer));
+
handleTextBox();
return true;
}
@@ -975,6 +981,9 @@
RenderText* renderer = toRenderText(renderObject);
m_text = m_emitsTextWithoutTranscoding ? renderer->textWithoutTranscoding() : renderer->text();
ASSERT(m_text.characters());
+ ASSERT(0 <= textStartOffset && textStartOffset < static_cast<int>(m_text.length()));
+ ASSERT(0 <= textEndOffset && textEndOffset <= static_cast<int>(m_text.length()));
+ ASSERT(textStartOffset <= textEndOffset);
m_positionNode = textNode;
m_positionOffsetBaseNode = 0;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
