Bug 1872000 - Make `nsFocusManager::GetSelectionLocation` check whether the text frame is nullptr before creating `nsFrameIterator` r=emilio

See the comment in the bug, this is not a new crash. The old factory method did the null-check and returned. Therefore, before using `MOZ_TRY`, calling a method of `nsFrameIterator` with `nullptr` caused a crash. I tried to reproduce this bug with creating empty text nodes or invisible text nodes, but I couldn't reproduce this. Therefore, this patch does not contain crash tests. Differential Revision: https://phabricator.services.mozilla.com/D197317
2023-12-27 07:48:25 +00:00 · 2023-12-27 07:48:25 +00:00 · 07e6fe942a
--- a/dom/base/nsFocusManager.cpp
+++ b/dom/base/nsFocusManager.cpp
@ -3220,7 +3220,13 @@ nsresult nsFocusManager::GetSelectionLocation(Document* aDocument,
      text && text->TextDataLength() == domRange->StartOffset() &&
      domSelection->IsCollapsed()) {
    nsIFrame* startFrame = start->GetPrimaryFrame();
+    // FIXME: If the text node is empty or only collapsible white-spaces next
+    // to a block boundary, it may not have frame, however, we don't know how to
+    // reproduce this.
    MOZ_ASSERT(startFrame);
+    if (MOZ_UNLIKELY(!startFrame)) {
+      return NS_ERROR_FAILURE;
+    }
    // Yes, indeed we were at the end of the last node
    nsIFrame* limiter =
        domSelection && domSelection->GetAncestorLimiter()