[webkit-changes] [124997] trunk/Source/WebCore

Tue, 07 Aug 2012 23:47:30 -0700

Title: [124997] trunk/Source/WebCore
Revision
124997
Author
ma...@webkit.org
Date
2012-08-07 23:47:46 -0700 (Tue, 07 Aug 2012)

Log Message

REGRESSION(r65062): out of bound access in TextIterator (5 editing tests) on GTK
https://bugs.webkit.org/show_bug.cgi?id=63611

Reviewed by Ryosuke Niwa.

Ensure document's layout is up-to-date before using TextIterator
to properly calculate the offset for a text change when emitting
accessibility related signals in GTK.

* accessibility/gtk/AXObjectCacheAtk.cpp:
(WebCore::AXObjectCache::nodeTextChangePlatformNotification): Call
to document->updateLayout() before using TextIterator.

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (124996 => 124997)


--- trunk/Source/WebCore/ChangeLog	2012-08-08 06:46:01 UTC (rev 124996)
+++ trunk/Source/WebCore/ChangeLog	2012-08-08 06:47:46 UTC (rev 124997)
@@ -1,3 +1,18 @@
+2012-08-08  Mario Sanchez Prada  <msanc...@igalia.com>
+
+        REGRESSION(r65062): out of bound access in TextIterator (5 editing tests) on GTK
+        https://bugs.webkit.org/show_bug.cgi?id=63611
+
+        Reviewed by Ryosuke Niwa.
+
+        Ensure document's layout is up-to-date before using TextIterator
+        to properly calculate the offset for a text change when emitting
+        accessibility related signals in GTK.
+
+        * accessibility/gtk/AXObjectCacheAtk.cpp:
+        (WebCore::AXObjectCache::nodeTextChangePlatformNotification): Call
+        to document->updateLayout() before using TextIterator.
+
 2012-08-07  Hayato Ito  <hay...@chromium.org>
 
         Unreviewed build fix after http://trac.webkit.org/changeset/124975

Modified: trunk/Source/WebCore/accessibility/gtk/AXObjectCacheAtk.cpp (124996 => 124997)


--- trunk/Source/WebCore/accessibility/gtk/AXObjectCacheAtk.cpp	2012-08-08 06:46:01 UTC (rev 124996)
+++ trunk/Source/WebCore/accessibility/gtk/AXObjectCacheAtk.cpp	2012-08-08 06:47:46 UTC (rev 124997)
@@ -185,7 +185,14 @@
         return;
 
     Node* node = object->node();
-    RefPtr<Range> range = Range::create(node->document(), node->parentNode(), 0, node, 0);
+    if (!node)
+        return;
+
+    // Ensure document's layout is up-to-date before using TextIterator.
+    Document* document = node->document();
+    document->updateLayout();
+
+    RefPtr<Range> range = Range::create(document, node->parentNode(), 0, node, 0);
     emitTextChanged(object, textChange, offset + TextIterator::rangeLength(range.get()), text);
 }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to