Crash on OS X when shift clicking outside of input

https://bugs.webkit.org/show_bug.cgi?id=104058

Patch by Yi Shen <max.hong.shen@gmail.com> on 2013-04-22
Reviewed by Chang Shu.

Source/WebCore:

Shift clicking outside of a focused div while removing the focused div from
the dom tree at the same time may hit a null visible position, which should
not be used to calculate the text distance with the new selection's start and
end position. Otherwise, the browser may crash.

Test: editing/selection/crash-on-shift-click.html

* page/EventHandler.cpp:
(WebCore::EventHandler::handleMousePressEventSingleClick):

LayoutTests:

Add test for shift click crash issue.

* editing/selection/crash-on-shift-click-expected.txt: Added.
* editing/selection/crash-on-shift-click.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@148894 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent a61ec35b
2013-04-22 Yi Shen <max.hong.shen@gmail.com>
Crash on OS X when shift clicking outside of input
https://bugs.webkit.org/show_bug.cgi?id=104058
Reviewed by Chang Shu.
Add test for shift click crash issue.
* editing/selection/crash-on-shift-click-expected.txt: Added.
* editing/selection/crash-on-shift-click.html: Added.
2013-04-22 Jessie Berlin <jberlin@apple.com>
Fix an incorrect rebaseline done in r148830.
This test shift clicks outside of a focused div with removing the focused div from the dom tree at the same time. If this doesn't crash, then the test passes.
<!DOCTYPE html>
<html>
<body>
<div id="parentDiv">
<div id="firstChildDiv" contenteditable>first child div</div>
<div id="secondChildDiv" contenteditable>second child div</div>
<div/>
<script>
function clickOnTestPage(x, y, keys) {
eventSender.mouseMoveTo(x, y);
eventSender.mouseDown(0, keys);
eventSender.mouseUp(0, keys);
}
function runTest() {
var parentDivElement = document.getElementById('parentDiv');
clickOnTestPage(parentDivElement.offsetLeft + 10, parentDivElement.offsetTop + 10);
eventSender.leapForward(300);
window.onmousedown = removeFirstChildDiv;
clickOnTestPage(100, 100, ['shiftKey']);
document.getElementById('secondChildDiv').innerHTML = "This test shift clicks outside of a focused div with removing the focused div from the dom tree at the same time. If this doesn't crash, then the test passes.";
}
function removeFirstChildDiv() {
var parentDivElement = document.getElementById('parentDiv');
var childDivElement = document.getElementById('firstChildDiv');
parentDivElement.removeChild(childDivElement);
}
if (window.eventSender)
runTest();
if (window.testRunner)
testRunner.dumpAsText();
</script>
</body>
</html>
2013-04-22 Yi Shen <max.hong.shen@gmail.com>
Crash on OS X when shift clicking outside of input
https://bugs.webkit.org/show_bug.cgi?id=104058
Reviewed by Chang Shu.
Shift clicking outside of a focused div while removing the focused div from
the dom tree at the same time may hit a null visible position, which should
not be used to calculate the text distance with the new selection's start and
end position. Otherwise, the browser may crash.
Test: editing/selection/crash-on-shift-click.html
* page/EventHandler.cpp:
(WebCore::EventHandler::handleMousePressEventSingleClick):
2013-04-22 Carlos Garcia Campos <cgarcia@igalia.com>
Scrollbar should not depend on EventHandler, Frame and FrameView
......@@ -605,7 +605,7 @@ bool EventHandler::handleMousePressEventSingleClick(const MouseEventWithHitTestR
pos = selectionInUserSelectAll.end();
}
if (!m_frame->editor()->behavior().shouldConsiderSelectionAsDirectional()) {
if (!m_frame->editor()->behavior().shouldConsiderSelectionAsDirectional() && pos.isNotNull()) {
// See <rdar://problem/3668157> REGRESSION (Mail): shift-click deselects when selection
// was created right-to-left
Position start = newSelection.start();
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment