From 2c8fb4957871bca5694fc9e9f8932c9769967bd1 Mon Sep 17 00:00:00 2001
From: Tim Ledbetter <tim.ledbetter@ladybird.org>
Date: Sun, 8 Sep 2024 23:59:31 +0100
Subject: [PATCH] LibWeb: Don't attempt to set selection if control has no
 selectable text

---
 .../expected/HTML/HTMLInputElement-select-crash.txt   |  1 +
 .../input/HTML/HTMLInputElement-select-crash.html     | 11 +++++++++++
 Userland/Libraries/LibWeb/HTML/HTMLInputElement.cpp   |  3 +++
 .../Libraries/LibWeb/HTML/HTMLTextAreaElement.cpp     |  3 +++
 4 files changed, 18 insertions(+)
 create mode 100644 Tests/LibWeb/Text/expected/HTML/HTMLInputElement-select-crash.txt
 create mode 100644 Tests/LibWeb/Text/input/HTML/HTMLInputElement-select-crash.html

diff --git a/Tests/LibWeb/Text/expected/HTML/HTMLInputElement-select-crash.txt b/Tests/LibWeb/Text/expected/HTML/HTMLInputElement-select-crash.txt
new file mode 100644
index 00000000000..aaecaf93c4a
--- /dev/null
+++ b/Tests/LibWeb/Text/expected/HTML/HTMLInputElement-select-crash.txt
@@ -0,0 +1 @@
+PASS (didn't crash)
diff --git a/Tests/LibWeb/Text/input/HTML/HTMLInputElement-select-crash.html b/Tests/LibWeb/Text/input/HTML/HTMLInputElement-select-crash.html
new file mode 100644
index 00000000000..81fc5123be0
--- /dev/null
+++ b/Tests/LibWeb/Text/input/HTML/HTMLInputElement-select-crash.html
@@ -0,0 +1,11 @@
+<!DOCTYPE html>
+<script src="../include.js"></script>
+<script>
+    test(() => {
+        const inputElement = document.createElement("input");
+        inputElement.type = "color";
+        inputElement.value = "#000000";
+        inputElement.select();
+        println("PASS (didn't crash)");
+    });
+</script>
diff --git a/Userland/Libraries/LibWeb/HTML/HTMLInputElement.cpp b/Userland/Libraries/LibWeb/HTML/HTMLInputElement.cpp
index 2a573ce11af..158cfe9d526 100644
--- a/Userland/Libraries/LibWeb/HTML/HTMLInputElement.cpp
+++ b/Userland/Libraries/LibWeb/HTML/HTMLInputElement.cpp
@@ -2365,6 +2365,9 @@ HTMLInputElement::ValueAttributeMode HTMLInputElement::value_attribute_mode() co
 
 void HTMLInputElement::selection_was_changed(size_t selection_start, size_t selection_end)
 {
+    if (!m_text_node)
+        return;
+
     document().set_cursor_position(DOM::Position::create(realm(), *m_text_node, selection_end));
 
     if (auto selection = document().get_selection())
diff --git a/Userland/Libraries/LibWeb/HTML/HTMLTextAreaElement.cpp b/Userland/Libraries/LibWeb/HTML/HTMLTextAreaElement.cpp
index 4d0b5dcd304..4c0cdb6a818 100644
--- a/Userland/Libraries/LibWeb/HTML/HTMLTextAreaElement.cpp
+++ b/Userland/Libraries/LibWeb/HTML/HTMLTextAreaElement.cpp
@@ -463,6 +463,9 @@ void HTMLTextAreaElement::queue_firing_input_event()
 
 void HTMLTextAreaElement::selection_was_changed(size_t selection_start, size_t selection_end)
 {
+    if (!m_text_node)
+        return;
+
     document().set_cursor_position(DOM::Position::create(realm(), *m_text_node, selection_end));
 
     if (auto selection = document().get_selection())