[Webkit-unassigned] [Bug 249039] New: Potential Crash fix by making InsertListCommand check endingSelection() editability

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Dec 9 12:02:29 PST 2022 

https://bugs.webkit.org/show_bug.cgi?id=249039

            Bug ID: 249039
           Summary: Potential Crash fix by making InsertListCommand check
                    endingSelection() editability
           Product: WebKit
           Version: Safari Technology Preview
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML Editing
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: ahmad.saleem792 at gmail.com
                CC: wenson_hsieh at apple.com

Hi Team,

Another potential crash fix in HTML editing code from Blink commit:

Blink Commit - https://src.chromium.org/viewvc/blink?revision=200709&view=revision

Webkit GitHub Source - https://github.com/WebKit/WebKit/blob/13d943d8e677e17ee46868eb40924fe5b17b3db9/Source/WebCore/editing/InsertListCommand.cpp#L181

It is to add early return condition to endingSelection whether it has rootEditableElement since L177 does not take assumption about endingSelection() through endOfSelection.

Just wanted to fix raise this.

NOTE - The test case does not crash but it was stable crash in Blink.

Thanks!

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20221209/bd595499/attachment.htm>

More information about the webkit-unassigned mailing list