[webkit-changes] [WebKit/WebKit] 33ccda: [iOS] Extending selection with arrow keys before a...
Wenson Hsieh
noreply at github.com
Mon Feb 19 19:35:54 PST 2024
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 33ccda6e9a0510fd5d89c720c09f48dcb183af74
https://github.com/WebKit/WebKit/commit/33ccda6e9a0510fd5d89c720c09f48dcb183af74
Author: Wenson Hsieh <wenson_hsieh at apple.com>
Date: 2024-02-19 (Mon, 19 Feb 2024)
Changed paths:
A LayoutTests/editing/selection/ios/select-backwards-with-inline-predictions-expected.txt
A LayoutTests/editing/selection/ios/select-backwards-with-inline-predictions.html
M Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm
Log Message:
-----------
[iOS] Extending selection with arrow keys before an inline prediction causes a MESSAGE_CHECK
https://bugs.webkit.org/show_bug.cgi?id=269750
rdar://123018695
Reviewed by Ryosuke Niwa.
When computing `selectedRangeInMarkedText`, we use `distanceBetweenPositions` to compute the
location of the range, based on the number of characters from the start of the composition range to
the start of the selection. When an inline prediction is active, however, it's possible to extend
the selection backwards, before the start of the marked text representing the inline prediction. In
this case, `distanceBetweenPositions` returns -1; this value is then interpreted as the `uint64_t`
numeric max limit and sent over IPC in `DocumentEditingContext::Range`, where it fails to decode due
to overflowing the max value which (subsequently) causes the web process to terminate.
To avoid this, we clamp the `selectedRangeInMarkedText` to the marked text range, such that the
endpoints of this range are both clamped to `[0, markedTextLength]`.
* LayoutTests/editing/selection/ios/select-backwards-with-inline-predictions-expected.txt: Added.
* LayoutTests/editing/selection/ios/select-backwards-with-inline-predictions.html: Added.
* Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm:
(WebKit::WebPage::requestDocumentEditingContext):
Canonical link: https://commits.webkit.org/275017@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list