Fix null-dereference read in GetSelectionStart|Endpoint

In GetSelectionStart|Endpoint, the rect local to the layoutObject at the
selection start or end might be empty. The CL add checks for that.

Bug: 1018679
Change-Id: I203ca1c6683e984699691f5d99a4f3bc3353f5b1
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1880362Reviewed-by: Dave Tapuska <dtapuska@chromium.org>
Commit-Queue: Jinsong Fan <fanjinsong@sogou-inc.com>
Cr-Commit-Position: refs/heads/master@{#709884}

third_party/blink/renderer/core/input/event_handler.cc

@@ -131,6 +131,8 @@ bool ShouldRefetchEventTarget(const MouseEventWithHitTestResults& mev) {
 
 IntPoint GetSelectionStartpoint(const PositionWithAffinity& position) {
   const LocalCaretRect& local_caret_rect = LocalCaretRectOfPosition(position);
+  if (local_caret_rect.IsEmpty())
+    return IntPoint();
   const IntRect rect = AbsoluteCaretBoundsOf(position);
   // In a multiline edit, rect.MaxY() would end up on the next line, so
   // take the midpoint in order to use this corner point directly.
@@ -144,6 +146,8 @@ IntPoint GetSelectionStartpoint(const PositionWithAffinity& position) {
 
 IntPoint GetSelectionEndpoint(const PositionWithAffinity& position) {
   const LocalCaretRect& local_caret_rect = LocalCaretRectOfPosition(position);
+  if (local_caret_rect.IsEmpty())
+    return IntPoint();
   const IntRect rect = AbsoluteCaretBoundsOf(position);
   // In a multiline edit, rect.MaxY() would end up on the next line, so
   // take the midpoint in order to use this corner point directly.