From 20852443d382275bde55ddbed66f474eb6809ced Mon Sep 17 00:00:00 2001 From: Aliaksandr Kalenik Date: Wed, 30 Oct 2024 17:29:57 +0100 Subject: [PATCH] LibWeb: Clamp end offset in CharacterData::replace_data() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Makes this method to not fail if updating of start offset (which happens before update of the end offset) already moved end offset to the end of string on the following step: > 1. If range’s root is not equal to node’s root, or if bp is after the range’s end, set range’s end to bp. --- Userland/Libraries/LibWeb/DOM/CharacterData.cpp | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/Userland/Libraries/LibWeb/DOM/CharacterData.cpp b/Userland/Libraries/LibWeb/DOM/CharacterData.cpp index 44c8080ea82..42d9cb64b75 100644 --- a/Userland/Libraries/LibWeb/DOM/CharacterData.cpp +++ b/Userland/Libraries/LibWeb/DOM/CharacterData.cpp @@ -112,8 +112,11 @@ WebIDL::ExceptionOr CharacterData::replace_data(size_t offset, size_t coun // 11. For each live range whose end node is node and end offset is greater than offset plus count, increase its end offset by data’s length and decrease it by count. for (auto& range : Range::live_ranges()) { - if (range->end_container() == this && range->end_offset() > (offset + count)) - TRY(range->set_end(*range->end_container(), range->end_offset() + data.bytes().size() - count)); + if (range->end_container() == this && range->end_offset() > (offset + count)) { + // AD-HOC: Clamp offset to the end of the data if it's too large. + auto new_offset = min(range->end_offset() + data.bytes().size() - count, m_data.bytes().size()); + TRY(range->set_end(*range->end_container(), new_offset)); + } } // 12. If node’s parent is non-null, then run the children changed steps for node’s parent.