Bug 249039

Summary: Potential Crash fix by making InsertListCommand check endingSelection() editability
Product: WebKit Reporter: Ahmad Saleem <ahmad.saleem792>
Component: HTML EditingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer, wenson_hsieh
Priority: P2 Keywords: InRadar
Version: Safari Technology Preview   
Hardware: Unspecified   
OS: Unspecified   

Description Ahmad Saleem 2022-12-09 12:02:29 PST 
Hi Team,

Another potential crash fix in HTML editing code from Blink commit:

Blink Commit - https://src.chromium.org/viewvc/blink?revision=200709&view=revision

Webkit GitHub Source - https://github.com/WebKit/WebKit/blob/13d943d8e677e17ee46868eb40924fe5b17b3db9/Source/WebCore/editing/InsertListCommand.cpp#L181

It is to add early return condition to endingSelection whether it has rootEditableElement since L177 does not take assumption about endingSelection() through endOfSelection.

Just wanted to fix raise this.

NOTE - The test case does not crash but it was stable crash in Blink.

Thanks!
Comment 1 EWS 2022-12-13 13:37:19 PST 
Committed 257811@main (5da6fc9173aa): <https://commits.webkit.org/257811@main>

Reviewed commits have been landed. Closing PR #7400 and removing active labels.
Comment 2 Radar WebKit Bug Importer 2022-12-13 13:38:18 PST 
<rdar://problem/103318339>