Bug 1342417 - ClearStyle should check that SplitStyleAbovePoint returns node. r?masayuki
SplitStyleAbovePoint can return null for split node, but we don't check it.
Also, this crash occurs on paste operation, so I think that there is 100% reproduce test. But I cannot find it.
MozReview-Commit-ID: 69OlPTc0I9h
--- a/editor/libeditor/HTMLStyleEditor.cpp
+++ b/editor/libeditor/HTMLStyleEditor.cpp
@@ -632,35 +632,43 @@ HTMLEditor::ClearStyle(nsCOMPtr<nsINode>
secondSplitParent = secondSplitParent->GetParentNode();
}
*aOffset = 0;
rv = SplitStyleAbovePoint(address_of(secondSplitParent),
aOffset, aProperty, aAttribute,
getter_AddRefs(leftNode),
getter_AddRefs(rightNode));
NS_ENSURE_SUCCESS(rv, rv);
+
+ if (rightNode) {
+ bool bIsEmptyNode;
+ IsEmptyNode(rightNode, &bIsEmptyNode, false, true);
+ if (bIsEmptyNode) {
+ // delete rightNode if it became empty
+ rv = DeleteNode(rightNode);
+ NS_ENSURE_SUCCESS(rv, rv);
+ }
+ }
+
+ if (!leftNode) {
+ return NS_OK;
+ }
+
// should be impossible to not get a new leftnode here
nsCOMPtr<nsINode> newSelParent = GetLeftmostChild(leftNode);
if (!newSelParent) {
newSelParent = leftNode;
}
// If rightNode starts with a br, suck it out of right node and into
// leftNode. This is so we you don't revert back to the previous style
// if you happen to click at the end of a line.
if (savedBR) {
rv = MoveNode(savedBR, newSelParent, 0);
NS_ENSURE_SUCCESS(rv, rv);
}
- bool bIsEmptyNode;
- IsEmptyNode(rightNode, &bIsEmptyNode, false, true);
- if (bIsEmptyNode) {
- // delete rightNode if it became empty
- rv = DeleteNode(rightNode);
- NS_ENSURE_SUCCESS(rv, rv);
- }
// remove the style on this new hierarchy
int32_t newSelOffset = 0;
{
// Track the point at the new hierarchy. This is so we can know where
// to put the selection after we call RemoveStyleInside().
// RemoveStyleInside() could remove any and all of those nodes, so I
// have to use the range tracking system to find the right spot to put
// selection.