Title: [276805] branches/safari-611-branch/Source
- Revision
- 276805
- Author
- [email protected]
- Date
- 2021-04-29 15:18:35 -0700 (Thu, 29 Apr 2021)
Log Message
Revert "Cherry-pick r276742. rdar://problem/77326513"
This reverts commit r276784.
Modified Paths
Diff
Modified: branches/safari-611-branch/Source/WebCore/ChangeLog (276804 => 276805)
--- branches/safari-611-branch/Source/WebCore/ChangeLog 2021-04-29 22:09:09 UTC (rev 276804)
+++ branches/safari-611-branch/Source/WebCore/ChangeLog 2021-04-29 22:18:35 UTC (rev 276805)
@@ -1,50 +1,5 @@
2021-04-29 Russell Epstein <[email protected]>
- Cherry-pick r276742. rdar://problem/77326513
-
- [iOS] Web content process occasionally crashes under VisibleSelection::adjustPositionForEnd
- https://bugs.webkit.org/show_bug.cgi?id=225072
- rdar://77159489
-
- Reviewed by Darin Adler.
-
- Source/WebCore:
-
- Remove a helper method that was added in r276688, which we no longer need.
-
- * dom/Position.h:
- (WebCore::Position::isInTreeScope const): Deleted.
-
- Source/WebKit:
-
- The fix for this crash that I landed in r276688 was based on a misunderstanding that accessing `treeScope()`
- would trigger a null pointer deref if `isInTreeScope()` is `false`. This is not the case, since the `treeScope`
- of a `Node` is a separate notion from whether that `Node` is connected to said tree scope.
-
- Since this crash is really due to dereferencing a null container node in the case where `selectionStart` or
- `selectionEnd` are null, a better fix is to just check the nullity of the container node.
-
- * WebProcess/WebPage/ios/WebPageIOS.mm:
- (WebKit::rangeForPointInRootViewCoordinates):
-
-
- git-svn-id: https://svn.webkit.org/repository/webkit/trunk@276742 268f45cc-cd09-0410-ab3c-d52691b4dbfc
-
- 2021-04-28 Wenson Hsieh <[email protected]>
-
- [iOS] Web content process occasionally crashes under VisibleSelection::adjustPositionForEnd
- https://bugs.webkit.org/show_bug.cgi?id=225072
- rdar://77159489
-
- Reviewed by Darin Adler.
-
- Remove a helper method that was added in r276688, which we no longer need.
-
- * dom/Position.h:
- (WebCore::Position::isInTreeScope const): Deleted.
-
-2021-04-29 Russell Epstein <[email protected]>
-
Cherry-pick r276688. rdar://problem/77326513
[iOS] Web content process occasionally crashes under VisibleSelection::adjustPositionForEnd
Modified: branches/safari-611-branch/Source/WebCore/dom/Position.h (276804 => 276805)
--- branches/safari-611-branch/Source/WebCore/dom/Position.h 2021-04-29 22:09:09 UTC (rev 276804)
+++ branches/safari-611-branch/Source/WebCore/dom/Position.h 2021-04-29 22:18:35 UTC (rev 276805)
@@ -123,6 +123,8 @@
return container ? container->rootEditableElement() : nullptr;
}
+ bool isInTreeScope() const { return m_anchorNode && m_anchorNode->isInTreeScope(); }
+
// These should only be used for PositionIsOffsetInAnchor positions, unless
// the position is a legacy editing position.
void moveToPosition(Node* anchorNode, unsigned offset);
Modified: branches/safari-611-branch/Source/WebKit/ChangeLog (276804 => 276805)
--- branches/safari-611-branch/Source/WebKit/ChangeLog 2021-04-29 22:09:09 UTC (rev 276804)
+++ branches/safari-611-branch/Source/WebKit/ChangeLog 2021-04-29 22:18:35 UTC (rev 276805)
@@ -1,55 +1,5 @@
2021-04-29 Russell Epstein <[email protected]>
- Cherry-pick r276742. rdar://problem/77326513
-
- [iOS] Web content process occasionally crashes under VisibleSelection::adjustPositionForEnd
- https://bugs.webkit.org/show_bug.cgi?id=225072
- rdar://77159489
-
- Reviewed by Darin Adler.
-
- Source/WebCore:
-
- Remove a helper method that was added in r276688, which we no longer need.
-
- * dom/Position.h:
- (WebCore::Position::isInTreeScope const): Deleted.
-
- Source/WebKit:
-
- The fix for this crash that I landed in r276688 was based on a misunderstanding that accessing `treeScope()`
- would trigger a null pointer deref if `isInTreeScope()` is `false`. This is not the case, since the `treeScope`
- of a `Node` is a separate notion from whether that `Node` is connected to said tree scope.
-
- Since this crash is really due to dereferencing a null container node in the case where `selectionStart` or
- `selectionEnd` are null, a better fix is to just check the nullity of the container node.
-
- * WebProcess/WebPage/ios/WebPageIOS.mm:
- (WebKit::rangeForPointInRootViewCoordinates):
-
-
- git-svn-id: https://svn.webkit.org/repository/webkit/trunk@276742 268f45cc-cd09-0410-ab3c-d52691b4dbfc
-
- 2021-04-28 Wenson Hsieh <[email protected]>
-
- [iOS] Web content process occasionally crashes under VisibleSelection::adjustPositionForEnd
- https://bugs.webkit.org/show_bug.cgi?id=225072
- rdar://77159489
-
- Reviewed by Darin Adler.
-
- The fix for this crash that I landed in r276688 was based on a misunderstanding that accessing `treeScope()`
- would trigger a null pointer deref if `isInTreeScope()` is `false`. This is not the case, since the `treeScope`
- of a `Node` is a separate notion from whether that `Node` is connected to said tree scope.
-
- Since this crash is really due to dereferencing a null container node in the case where `selectionStart` or
- `selectionEnd` are null, a better fix is to just check the nullity of the container node.
-
- * WebProcess/WebPage/ios/WebPageIOS.mm:
- (WebKit::rangeForPointInRootViewCoordinates):
-
-2021-04-29 Russell Epstein <[email protected]>
-
Cherry-pick r276688. rdar://problem/77326513
[iOS] Web content process occasionally crashes under VisibleSelection::adjustPositionForEnd
Modified: branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm (276804 => 276805)
--- branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm 2021-04-29 22:09:09 UTC (rev 276804)
+++ branches/safari-611-branch/Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm 2021-04-29 22:18:35 UTC (rev 276805)
@@ -1526,15 +1526,15 @@
if (baseIsStart) {
if (result <= selectionStart)
result = selectionStart.next();
- else if (auto containerNode = makeRefPtr(selectionStart.deepEquivalent().containerNode()); containerNode && targetNode && &containerNode->treeScope() != &targetNode->treeScope())
- result = VisibleSelection::adjustPositionForEnd(result.deepEquivalent(), containerNode.get());
+ else if (targetNode && targetNode->isInTreeScope() && selectionStart.deepEquivalent().isInTreeScope() && selectionStart.deepEquivalent().treeScope() != &targetNode->treeScope())
+ result = VisibleSelection::adjustPositionForEnd(result.deepEquivalent(), selectionStart.deepEquivalent().containerNode());
range = makeSimpleRange(selectionStart, result);
} else {
if (selectionEnd <= result)
result = selectionEnd.previous();
- else if (auto containerNode = makeRefPtr(selectionEnd.deepEquivalent().containerNode()); containerNode && targetNode && &containerNode->treeScope() != &targetNode->treeScope())
- result = VisibleSelection::adjustPositionForStart(result.deepEquivalent(), containerNode.get());
+ else if (targetNode && targetNode->isInTreeScope() && selectionEnd.deepEquivalent().isInTreeScope() && selectionEnd.deepEquivalent().treeScope() != &targetNode->treeScope())
+ result = VisibleSelection::adjustPositionForStart(result.deepEquivalent(), selectionEnd.deepEquivalent().containerNode());
range = makeSimpleRange(result, selectionEnd);
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
