Commit efec7302 authored by dglazkov@chromium.org's avatar dglazkov@chromium.org

WebCore:

2009-04-24  Eric Roman  <eroman@chromium.org>

        Reviewed by Darin Adler.

        Initialize TextIterator::m_textLength to 0.

        This assures that TextIterator::length() will return 0 for cases when TextIterator's constructor returns early (because there is nothing to iterate over in the range).

        <https://bugs.webkit.org/show_bug.cgi?id=25335>

        Test: editing/selection/doubleclick-whitespace-img-crash.html

        * editing/TextIterator.cpp:
        (WebCore::TextIterator::TextIterator):

LayoutTests:

2009-04-24  Eric Roman  <eroman@chromium.org>

        Reviewed by Darin Adler.

        Add a test for <https://bugs.webkit.org/show_bug.cgi?id=25335>.

        To pass, this test must not access invalid memory when run (won't necessarily manifest as a crash for failures).

        * editing/selection/doubleclick-whitespace-img-crash-expected.txt: Added.
        * editing/selection/doubleclick-whitespace-img-crash.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@42831 268f45cc-cd09-0410-ab3c-d52691b4dbfc
parent 8f7d4596
2009-04-24 Eric Roman <eroman@chromium.org>
Reviewed by Darin Adler.
Add a test for <https://bugs.webkit.org/show_bug.cgi?id=25335>.
To pass, this test must not access invalid memory when run (won't necessarily manifest as a crash for failures).
* editing/selection/doubleclick-whitespace-img-crash-expected.txt: Added.
* editing/selection/doubleclick-whitespace-img-crash.html: Added.
2009-04-24 Fumitoshi Ukai <ukai@google.com>
Reviewed by Dimitri Glazkov.
......
<html>
<head>
<script>
if (window.layoutTestController) {
layoutTestController.dumpAsText();
layoutTestController.setSmartInsertDeleteEnabled(false);
layoutTestController.setSelectTrailingWhitespaceEnabled(true);
layoutTestController.waitUntilDone();
}
function startTest() {
if (window.layoutTestController) {
// The IFRAME has loaded with an image in it. Double click
// in any of the space around the image in the IFRAME.
// (The image is 76 x 103 pixels big).
eventSender.mouseMoveTo(150, 150);
eventSender.mouseDown();
eventSender.mouseUp();
eventSender.mouseDown();
eventSender.mouseUp();
// As long as didn't crash, we passed.
document.body.innerHTML = "PASS";
layoutTestController.notifyDone();
}
}
</script>
</head>
<body onload="startTest()">
<iframe src="../resources/abe.png" style="width: 300px; height: 300px"></iframe>
<p>
Double-click in the white space around the image -- should not crash or access invalid memory.
<a href="https://bugs.webkit.org/show_bug.cgi?id=25335">BUG 25335</a>.
</p>
</body>
</html>
2009-04-24 Eric Roman <eroman@chromium.org>
Reviewed by Darin Adler.
Initialize TextIterator::m_textLength to 0.
This assures that TextIterator::length() will return 0 for cases when TextIterator's constructor returns early (because there is nothing to iterate over in the range).
<https://bugs.webkit.org/show_bug.cgi?id=25335>
Test: editing/selection/doubleclick-whitespace-img-crash.html
* editing/TextIterator.cpp:
(WebCore::TextIterator::TextIterator):
2009-04-24 Fumitoshi Ukai <ukai@google.com>
Reviewed by Dimitri Glazkov.
......@@ -103,6 +103,8 @@ TextIterator::TextIterator()
, m_endContainer(0)
, m_endOffset(0)
, m_positionNode(0)
, m_textCharacters(0)
, m_textLength(0)
, m_lastCharacter(0)
, m_emitCharactersBetweenAllVisiblePositions(false)
, m_enterTextControls(false)
......@@ -116,6 +118,8 @@ TextIterator::TextIterator(const Range* r, bool emitCharactersBetweenAllVisibleP
, m_endContainer(0)
, m_endOffset(0)
, m_positionNode(0)
, m_textCharacters(0)
, m_textLength(0)
, m_emitCharactersBetweenAllVisiblePositions(emitCharactersBetweenAllVisiblePositions)
, m_enterTextControls(enterTextControls)
{
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment