chromium/src
0
Fork 0
Code Activity

Fix null-deref caused on ASAN build

Browse Source 
This CL changes the IDL file to take `Text` instead of `Node` to force
type checking at the bindings layer.

Bug: 1156904
Change-Id: I34e85ea84e359b1f54f62bf8179772ed2530fde0
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2592540
Reviewed-by: Jeremy Roman <jbroman@chromium.org>
Commit-Queue: Abhijeet Kandalkar <abhijeet@igalia.com>
Cr-Commit-Position: refs/heads/master@{#840533}
This commit is contained in:
Abhijeet Kandalkar
2021-01-06 08:58:23 +00:00
committed by Chromium LUCI CQ
parent aab13d41ae
commit 54c17b7975
3 changed files with 37 additions and 36 deletions
third_party/blink/renderer/core/testing
internals.ccinternals.hinternals.idl

46
third_party/blink/renderer/core/testing/internals.cc vendored

@ -1085,10 +1085,10 @@ void Internals::setMarker(Document* document,
document->Markers().AddGrammarMarker(EphemeralRange(range));
}
unsigned Internals::markerCountForNode(Node* node,
unsigned Internals::markerCountForNode(Text* text,
const String& marker_type,
ExceptionState& exception_state) {
DCHECK(node);
DCHECK(text);
base::Optional<DocumentMarker::MarkerTypes> marker_types =
MarkerTypesFrom(marker_type);
if (!marker_types) {
@ -1098,18 +1098,18 @@ unsigned Internals::markerCountForNode(Node* node,
return 0;
}
return node->GetDocument()
return text->GetDocument()
.Markers()
.MarkersFor(To<Text>(*node), marker_types.value())
.MarkersFor(*text, marker_types.value())
.size();
}
unsigned Internals::activeMarkerCountForNode(Node* node) {
DCHECK(node);
unsigned Internals::activeMarkerCountForNode(Text* text) {
DCHECK(text);
// Only TextMatch markers can be active.
DocumentMarkerVector markers = node->GetDocument().Markers().MarkersFor(
To<Text>(*node), DocumentMarker::MarkerTypes::TextMatch());
DocumentMarkerVector markers = text->GetDocument().Markers().MarkersFor(
*text, DocumentMarker::MarkerTypes::TextMatch());
unsigned active_marker_count = 0;
for (const auto& marker : markers) {
@ -1120,11 +1120,11 @@ unsigned Internals::activeMarkerCountForNode(Node* node) {
return active_marker_count;
}
DocumentMarker* Internals::MarkerAt(Node* node,
DocumentMarker* Internals::MarkerAt(Text* text,
const String& marker_type,
unsigned index,
ExceptionState& exception_state) {
DCHECK(node);
DCHECK(text);
base::Optional<DocumentMarker::MarkerTypes> marker_types =
MarkerTypesFrom(marker_type);
if (!marker_types) {
@ -1134,42 +1134,42 @@ DocumentMarker* Internals::MarkerAt(Node* node,
return nullptr;
}
DocumentMarkerVector markers = node->GetDocument().Markers().MarkersFor(
To<Text>(*node), marker_types.value());
DocumentMarkerVector markers =
text->GetDocument().Markers().MarkersFor(*text, marker_types.value());
if (markers.size() <= index)
return nullptr;
return markers[index];
}
Range* Internals::markerRangeForNode(Node* node,
Range* Internals::markerRangeForNode(Text* text,
const String& marker_type,
unsigned index,
ExceptionState& exception_state) {
DCHECK(node);
DocumentMarker* marker = MarkerAt(node, marker_type, index, exception_state);
DCHECK(text);
DocumentMarker* marker = MarkerAt(text, marker_type, index, exception_state);
if (!marker)
return nullptr;
return MakeGarbageCollected<Range>(node->GetDocument(), node,
marker->StartOffset(), node,
return MakeGarbageCollected<Range>(text->GetDocument(), text,
marker->StartOffset(), text,
marker->EndOffset());
}
String Internals::markerDescriptionForNode(Node* node,
String Internals::markerDescriptionForNode(Text* text,
const String& marker_type,
unsigned index,
ExceptionState& exception_state) {
DocumentMarker* marker = MarkerAt(node, marker_type, index, exception_state);
DocumentMarker* marker = MarkerAt(text, marker_type, index, exception_state);
if (!marker || !IsSpellCheckMarker(*marker))
return String();
return To<SpellCheckMarker>(marker)->Description();
}
unsigned Internals::markerBackgroundColorForNode(
Node* node,
Text* text,
const String& marker_type,
unsigned index,
ExceptionState& exception_state) {
DocumentMarker* marker = MarkerAt(node, marker_type, index, exception_state);
DocumentMarker* marker = MarkerAt(text, marker_type, index, exception_state);
auto* style_marker = DynamicTo<StyleableMarker>(marker);
if (!style_marker)
return 0;
@ -1177,11 +1177,11 @@ unsigned Internals::markerBackgroundColorForNode(
}
unsigned Internals::markerUnderlineColorForNode(
Node* node,
Text* text,
const String& marker_type,
unsigned index,
ExceptionState& exception_state) {
DocumentMarker* marker = MarkerAt(node, marker_type, index, exception_state);
DocumentMarker* marker = MarkerAt(text, marker_type, index, exception_state);
auto* style_marker = DynamicTo<StyleableMarker>(marker);
if (!style_marker)
return 0;

15
third_party/blink/renderer/core/testing/internals.h vendored

@ -80,6 +80,7 @@ class ScrollState;
class SequenceTest;
class ShadowRoot;
class StaticSelection;
class Text;
class TypeConversions;
class UnionTypesTest;
@ -178,21 +179,21 @@ class Internals final : public ScriptWrappable {
DOMRectReadOnly* boundingBox(Element*);
void setMarker(Document*, const Range*, const String&, ExceptionState&);
unsigned markerCountForNode(Node*, const String&, ExceptionState&);
unsigned activeMarkerCountForNode(Node*);
Range* markerRangeForNode(Node*,
unsigned markerCountForNode(Text*, const String&, ExceptionState&);
unsigned activeMarkerCountForNode(Text*);
Range* markerRangeForNode(Text*,
const String& marker_type,
unsigned index,
ExceptionState&);
String markerDescriptionForNode(Node*,
String markerDescriptionForNode(Text*,
const String& marker_type,
unsigned index,
ExceptionState&);
unsigned markerBackgroundColorForNode(Node*,
unsigned markerBackgroundColorForNode(Text*,
const String& marker_type,
unsigned index,
ExceptionState&);
unsigned markerUnderlineColorForNode(Node*,
unsigned markerUnderlineColorForNode(Text*,
const String& marker_type,
unsigned index,
ExceptionState&);
@ -629,7 +630,7 @@ class Internals final : public ScriptWrappable {
int height,
Document*);
DocumentMarker* MarkerAt(Node*,
DocumentMarker* MarkerAt(Text*,
const String& marker_type,
unsigned index,
ExceptionState&);

12
third_party/blink/renderer/core/testing/internals.idl vendored

@ -103,12 +103,12 @@
DOMRectReadOnly boundingBox(Element element);
[RaisesException] void setMarker(Document document, Range range, DOMString markerType);
[RaisesException] unsigned long markerCountForNode(Node node, DOMString markerType);
unsigned long activeMarkerCountForNode(Node node);
[RaisesException] Range markerRangeForNode(Node node, DOMString markerType, unsigned long index);
[RaisesException] DOMString markerDescriptionForNode(Node node, DOMString markerType, unsigned long index);
[RaisesException] unsigned long markerBackgroundColorForNode(Node node, DOMString markerType, unsigned long index);
[RaisesException] unsigned long markerUnderlineColorForNode(Node node, DOMString markerType, unsigned long index);
[RaisesException] unsigned long markerCountForNode(Text text, DOMString markerType);
unsigned long activeMarkerCountForNode(Text text);
[RaisesException] Range markerRangeForNode(Text text, DOMString markerType, unsigned long index);
[RaisesException] DOMString markerDescriptionForNode(Text text, DOMString markerType, unsigned long index);
[RaisesException] unsigned long markerBackgroundColorForNode(Text text, DOMString markerType, unsigned long index);
[RaisesException] unsigned long markerUnderlineColorForNode(Text text, DOMString markerType, unsigned long index);
[RaisesException] void addTextMatchMarker(Range range, DOMString matchStatus);
[RaisesException] void addCompositionMarker(Range range, DOMString underlineColorValue, DOMString thicknessValue, DOMString underlineStyleValue, DOMString textColorValue, DOMString backgroundColorValue);
[RaisesException] void addActiveSuggestionMarker(Range range, DOMString underlineColorValue, DOMString thicknessValue, DOMString backgroundColorValue);