130271 2014-03-14 16:38:24 -0700 REGRESSION(r165385): [WebTextIterator currentRange] crashes 2014-03-16 19:27:51 -0700 1 1 1 Unclassified WebKit HTML Editing 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 rniwa rniwa andersca commit-queue darin enrica oldest_to_newest 990728 0 rniwa 2014-03-14 16:38:24 -0700 After http://trac.webkit.org/changeset/165385, TextIterator::range no longer checked the nullity of m_positionNode. As a result, [WebTextIterator currentRange] which simply calls TextIterator::range crashes. Since applications that embed WebKit don't necessarily check atEnd before calling [WebTextIterator currentRange] we need to keep the null check there. 990733 1 226776 rniwa 2014-03-14 16:41:55 -0700 Created attachment 226776 Fixes the crash 990734 2 226777 rniwa 2014-03-14 16:42:38 -0700 Created attachment 226777 Reverted the erroneous jsc change. 990742 3 226777 commit-queue 2014-03-14 16:55:59 -0700 Comment on attachment 226777 Reverted the erroneous jsc change. Clearing flags on attachment: 226777 Committed r165664: <http://trac.webkit.org/changeset/165664> 990743 4 commit-queue 2014-03-14 16:56:02 -0700 All reviewed patches have been landed. Closing bug. 990888 5 226777 darin 2014-03-15 14:27:17 -0700 Comment on attachment 226777 Reverted the erroneous jsc change. View in context: https://bugs.webkit.org/attachment.cgi?id=226777&action=review > Source/WebKit/mac/ChangeLog:12 > + Preserve the old public API behavior by checking atEnd in [WebTextIterator currentRange]. Was the old public API behavior returning nil? I think that it might have returned a range, rather than nil, before. So this might not be a sufficient fix. What about the other methods of WebTextIterator? 991069 6 226777 rniwa 2014-03-16 19:27:51 -0700 Comment on attachment 226777 Reverted the erroneous jsc change. View in context: https://bugs.webkit.org/attachment.cgi?id=226777&action=review >> Source/WebKit/mac/ChangeLog:12 >> + Preserve the old public API behavior by checking atEnd in [WebTextIterator currentRange]. > > Was the old public API behavior returning nil? I think that it might have returned a range, rather than nil, before. So this might not be a sufficient fix. > > What about the other methods of WebTextIterator? The old TextIterator::range returned 0 when m_positionNode was null: http://trac.webkit.org/browser/trunk/Source/WebCore/editing/TextIterator.cpp?rev=165384#L1101 I don't think other methods have the same issue. 226776 2014-03-14 16:41:55 -0700 2014-03-14 16:42:38 -0700 Fixes the crash fix130271 text/plain 2438 rniwa SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS90ZXN0cy9zdHJlc3MvZGVhZC1hY2Nlc3MtdG8t Y2FwdHVyZWQtdmFyaWFibGUtcHJlY2VkZWQtYnktYS1saXZlLXN0b3JlLmpzCj09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0K LS0tIFNvdXJjZS9KYXZhU2NyaXB0Q29yZS90ZXN0cy9zdHJlc3MvZGVhZC1hY2Nlc3MtdG8tY2Fw dHVyZWQtdmFyaWFibGUtcHJlY2VkZWQtYnktYS1saXZlLXN0b3JlLmpzCShyZXZpc2lvbiAxNjU1 NjYpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENvcmUvdGVzdHMvc3RyZXNzL2RlYWQtYWNjZXNzLXRv LWNhcHR1cmVkLXZhcmlhYmxlLXByZWNlZGVkLWJ5LWEtbGl2ZS1zdG9yZS5qcwkod29ya2luZyBj b3B5KQpAQCAtMSwxNyArMCwwIEBACi1mdW5jdGlvbiBmb28oKSB7Ci0gICAgdmFyIHggPSA0MjsK LSAgICAoZnVuY3Rpb24oKSB7IHggPSA0MzsgfSkoKTsKLSAgICB4Kys7Ci0gICAgdmFyIHJlYWxS ZXN1bHQgPSB4OwotICAgIChmdW5jdGlvbigpIHsgeCA9IDQ0OyB9KSgpOwotICAgIHZhciBmYWtl UmVzdWx0ID0geDsKLSAgICByZXR1cm4gcmVhbFJlc3VsdDsKLX0KLQotbm9JbmxpbmUoZm9vKTsK LQotZm9yICh2YXIgaSA9IDA7IGkgPCAxMDAwMDsgKytpKSB7Ci0gICAgdmFyIHJlc3VsdCA9IGZv bygpOwotICAgIGlmIChyZXN1bHQgIT0gNDQpCi0gICAgICAgIHRocm93ICJFcnJvcjogYmFkIHJl c3VsdDogIiArIHJlc3VsdDsKLX0KSW5kZXg6IFNvdXJjZS9XZWJLaXQvbWFjL0NoYW5nZUxvZwo9 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViS2l0L21hYy9DaGFuZ2VMb2cJKHJldmlzaW9uIDE2NTY1 OSkKKysrIFNvdXJjZS9XZWJLaXQvbWFjL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwz ICsxLDE5IEBACisyMDE0LTAzLTE0ICBSeW9zdWtlIE5pd2EgIDxybml3YUB3ZWJraXQub3JnPgor CisgICAgICAgIFJFR1JFU1NJT04ocjE2NTM4NSk6IFtXZWJUZXh0SXRlcmF0b3IgY3VycmVudFJh bmdlXSBjcmFzaGVzCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNn aT9pZD0xMzAyNzEKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAg ICAgICBBZnRlciByMTY1Mzg1LCBUZXh0SXRlcmF0b3I6OnJhbmdlIG5vIGxvbmdlciBjaGVja2Vk IHRoZSBudWxsaXR5IG9mIG1fcG9zaXRpb25Ob2RlLiBBcyBhIHJlc3VsdCwKKyAgICAgICAgW1dl YlRleHRJdGVyYXRvciBjdXJyZW50UmFuZ2VdIHdoaWNoIHNpbXBseSBjYWxscyBUZXh0SXRlcmF0 b3I6OnJhbmdlIGNyYXNoZXMgd2hlbiBhbiBhcHBsaWNhdGlvbgorICAgICAgICB0aGF0IGVtYmVk cyBXZWJLaXQgZG9lc24ndCBjaGVjayBbV2ViVGV4dEl0ZXJhdG9yIGF0RW5kXSBmaXJzdC4KKwor ICAgICAgICBQcmVzZXJ2ZSB0aGUgb2xkIHB1YmxpYyBBUEkgYmVoYXZpb3IgYnkgY2hlY2tpbmcg YXRFbmQgaW4gW1dlYlRleHRJdGVyYXRvciBjdXJyZW50UmFuZ2VdLgorCisgICAgICAgICogV2Vi Vmlldy9XZWJUZXh0SXRlcmF0b3IubW06CisgICAgICAgICgtW1dlYlRleHRJdGVyYXRvciBjdXJy ZW50UmFuZ2VdKToKKwogMjAxNC0wMy0xMiAgU2VyZ2lvIFZpbGxhciBTZW5pbiAgPHN2aWxsYXJA aWdhbGlhLmNvbT4KIAogICAgICAgICBSZW5hbWUgREVGSU5FX1NUQVRJQ19MT0NBTCB0byBERVBS RUNBVEVEX0RFRklORV9TVEFUSUNfTE9DQUwKSW5kZXg6IFNvdXJjZS9XZWJLaXQvbWFjL1dlYlZp ZXcvV2ViVGV4dEl0ZXJhdG9yLm1tCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJLaXQvbWFjL1dl YlZpZXcvV2ViVGV4dEl0ZXJhdG9yLm1tCShyZXZpc2lvbiAxNjU1NjYpCisrKyBTb3VyY2UvV2Vi S2l0L21hYy9XZWJWaWV3L1dlYlRleHRJdGVyYXRvci5tbQkod29ya2luZyBjb3B5KQpAQCAtODgs NyArODgsMTAgQEAKIAogLSAoRE9NUmFuZ2UgKiljdXJyZW50UmFuZ2UKIHsKLSAgICByZXR1cm4g a2l0KF9wcml2YXRlLT5fdGV4dEl0ZXJhdG9yLT5yYW5nZSgpLmdldCgpKTsKKyAgICBXZWJDb3Jl OjpUZXh0SXRlcmF0b3ImIHRleHRJdGVyYXRvciA9ICpfcHJpdmF0ZS0+X3RleHRJdGVyYXRvcjsK KyAgICBpZiAodGV4dEl0ZXJhdG9yLmF0RW5kKCkpCisgICAgICAgIHJldHVybiBudWxscHRyOwor ICAgIHJldHVybiBraXQodGV4dEl0ZXJhdG9yLnJhbmdlKCkuZ2V0KCkpOwogfQogCiAvLyBGSVhN RTogQ29uc2lkZXIgZGVwcmVjYXRpbmcgdGhpcyBtZXRob2QgYW5kIGNyZWF0aW5nIG9uZSB0aGF0 IGRvZXMgbm90IHJlcXVpcmUgY29weWluZyA4LWJpdCBjaGFyYWN0ZXJzLgo= 226777 2014-03-14 16:42:38 -0700 2014-03-16 19:27:51 -0700 Reverted the erroneous jsc change. fix130271b text/plain 1676 rniwa SW5kZXg6IFNvdXJjZS9XZWJLaXQvbWFjL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2Uv V2ViS2l0L21hYy9DaGFuZ2VMb2cJKHJldmlzaW9uIDE2NTY1OSkKKysrIFNvdXJjZS9XZWJLaXQv bWFjL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE5IEBACisyMDE0LTAzLTE0 ICBSeW9zdWtlIE5pd2EgIDxybml3YUB3ZWJraXQub3JnPgorCisgICAgICAgIFJFR1JFU1NJT04o cjE2NTM4NSk6IFtXZWJUZXh0SXRlcmF0b3IgY3VycmVudFJhbmdlXSBjcmFzaGVzCisgICAgICAg IGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xMzAyNzEKKworICAgICAg ICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBBZnRlciByMTY1Mzg1LCBU ZXh0SXRlcmF0b3I6OnJhbmdlIG5vIGxvbmdlciBjaGVja2VkIHRoZSBudWxsaXR5IG9mIG1fcG9z aXRpb25Ob2RlLiBBcyBhIHJlc3VsdCwKKyAgICAgICAgW1dlYlRleHRJdGVyYXRvciBjdXJyZW50 UmFuZ2VdIHdoaWNoIHNpbXBseSBjYWxscyBUZXh0SXRlcmF0b3I6OnJhbmdlIGNyYXNoZXMgd2hl biBhbiBhcHBsaWNhdGlvbgorICAgICAgICB0aGF0IGVtYmVkcyBXZWJLaXQgZG9lc24ndCBjaGVj ayBbV2ViVGV4dEl0ZXJhdG9yIGF0RW5kXSBmaXJzdC4KKworICAgICAgICBQcmVzZXJ2ZSB0aGUg b2xkIHB1YmxpYyBBUEkgYmVoYXZpb3IgYnkgY2hlY2tpbmcgYXRFbmQgaW4gW1dlYlRleHRJdGVy YXRvciBjdXJyZW50UmFuZ2VdLgorCisgICAgICAgICogV2ViVmlldy9XZWJUZXh0SXRlcmF0b3Iu bW06CisgICAgICAgICgtW1dlYlRleHRJdGVyYXRvciBjdXJyZW50UmFuZ2VdKToKKwogMjAxNC0w My0xMiAgU2VyZ2lvIFZpbGxhciBTZW5pbiAgPHN2aWxsYXJAaWdhbGlhLmNvbT4KIAogICAgICAg ICBSZW5hbWUgREVGSU5FX1NUQVRJQ19MT0NBTCB0byBERVBSRUNBVEVEX0RFRklORV9TVEFUSUNf TE9DQUwKSW5kZXg6IFNvdXJjZS9XZWJLaXQvbWFjL1dlYlZpZXcvV2ViVGV4dEl0ZXJhdG9yLm1t Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJLaXQvbWFjL1dlYlZpZXcvV2ViVGV4dEl0ZXJhdG9y Lm1tCShyZXZpc2lvbiAxNjU1NjYpCisrKyBTb3VyY2UvV2ViS2l0L21hYy9XZWJWaWV3L1dlYlRl eHRJdGVyYXRvci5tbQkod29ya2luZyBjb3B5KQpAQCAtODgsNyArODgsMTAgQEAKIAogLSAoRE9N UmFuZ2UgKiljdXJyZW50UmFuZ2UKIHsKLSAgICByZXR1cm4ga2l0KF9wcml2YXRlLT5fdGV4dEl0 ZXJhdG9yLT5yYW5nZSgpLmdldCgpKTsKKyAgICBXZWJDb3JlOjpUZXh0SXRlcmF0b3ImIHRleHRJ dGVyYXRvciA9ICpfcHJpdmF0ZS0+X3RleHRJdGVyYXRvcjsKKyAgICBpZiAodGV4dEl0ZXJhdG9y LmF0RW5kKCkpCisgICAgICAgIHJldHVybiBudWxscHRyOworICAgIHJldHVybiBraXQodGV4dEl0 ZXJhdG9yLnJhbmdlKCkuZ2V0KCkpOwogfQogCiAvLyBGSVhNRTogQ29uc2lkZXIgZGVwcmVjYXRp bmcgdGhpcyBtZXRob2QgYW5kIGNyZWF0aW5nIG9uZSB0aGF0IGRvZXMgbm90IHJlcXVpcmUgY29w eWluZyA4LWJpdCBjaGFyYWN0ZXJzLgo=