WebKit Bugzilla
Attachment 358030 Details for
Bug 193015
: Fix fast/ruby/ruby-base-merge-block-children-crash-2.html after r239543
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-193015-20181223150424.patch (text/plain), 2.72 KB, created by
Wenson Hsieh
on 2018-12-23 15:04:24 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Wenson Hsieh
Created:
2018-12-23 15:04:24 PST
Size:
2.72 KB
patch
obsolete
>Subversion Revision: 239543 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 7c3f3e2dd813b73ac6511699a024fd625794c9e3..60d2a0dc003ba1e120b848d5b1fb64771d79f17c 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,17 @@ >+2018-12-23 Wenson Hsieh <wenson_hsieh@apple.com> >+ >+ Fix fast/ruby/ruby-base-merge-block-children-crash-2.html after r239543 >+ https://bugs.webkit.org/show_bug.cgi?id=193015 >+ <rdar://problem/46583527> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Fix the crash by gracefully handling integer overflow when computing the area of a very large editable element. >+ >+ * UIProcess/ios/WKContentViewInteraction.mm: >+ (-[WKContentView _elementDidFocus:userIsInteracting:blurPreviousNode:changingActivityState:userObject:]): >+ (-[WKContentView _updateChangedSelection:]): >+ > 2018-12-22 Wenson Hsieh <wenson_hsieh@apple.com> > > [iOS] Suppress native selection behaviors when focusing a very small editable element >diff --git a/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm b/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm >index 502ac79259d41728ed913f5ff52eec8bf30f6e82..b71543c691f1b8f8fea3553ad56fd09102a4702c 100644 >--- a/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm >+++ b/Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm >@@ -4476,7 +4476,8 @@ - (void)_elementDidFocus:(const WebKit::FocusedElementInformation&)information u > else > [self _stopSuppressingSelectionAssistantForReason:WebKit::FocusedElementIsTransparent]; > >- if (information.elementRect.area() < minimumFocusedElementAreaForSuppressingSelectionAssistant) >+ auto elementArea = information.elementRect.area<RecordOverflow>(); >+ if (!elementArea.hasOverflowed() && elementArea < minimumFocusedElementAreaForSuppressingSelectionAssistant) > [self _beginSuppressingSelectionAssistantForReason:WebKit::FocusedElementIsTooSmall]; > else > [self _stopSuppressingSelectionAssistantForReason:WebKit::FocusedElementIsTooSmall]; >@@ -5013,7 +5014,8 @@ - (void)_updateChangedSelection:(BOOL)force > else > [self _stopSuppressingSelectionAssistantForReason:WebKit::FocusedElementIsTransparent]; > >- if (postLayoutData.focusedElementRect.area() < minimumFocusedElementAreaForSuppressingSelectionAssistant) >+ auto elementArea = postLayoutData.focusedElementRect.area<RecordOverflow>(); >+ if (!elementArea.hasOverflowed() && elementArea < minimumFocusedElementAreaForSuppressingSelectionAssistant) > [self _beginSuppressingSelectionAssistantForReason:WebKit::FocusedElementIsTooSmall]; > else > [self _stopSuppressingSelectionAssistantForReason:WebKit::FocusedElementIsTooSmall];
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=358030">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 193015
: 358030