RESOLVED FIXED 13493
REGRESSION: Crash at WTF::fastFree() when arrowing backward through editable text 
https://bugs.webkit.org/show_bug.cgi?id=13493
Summary REGRESSION: Crash at WTF::fastFree() when arrowing backward through editable ...
Justin Garcia
Reported 2007-04-25 15:10:40 PDT
Open: <body contenteditable="true">&#149; <b>This is some linked text</b></body> Place the caret at the end of the document and left arrow backward through the text. Crash occurs when the caret is between 'm' and 'e' of 'some'. 0 com.apple.JavaScriptCore 0x001747ca WTF::fastFree(void*) + 58 1 com.apple.WebCore 0x0118b900 WebCore::DeprecatedStringData::~DeprecatedStringData [in-charge]() + 32 2 com.apple.WebCore 0x011d28dd WebCore::previousBoundary(WebCore::VisiblePosition const&, unsigned (*)(unsigned short const*, unsigned)) + 893 3 com.apple.WebCore 0x011d5be0 WebCore::startOfWord(WebCore::VisiblePosition const&, WebCore::EWordSide) + 256 4 com.apple.WebCore 0x010abba6 WebCore::Frame::respondToChangedSelection(WebCore::Selection const&, bool) + 310 5 com.apple.WebCore 0x011c669f WebCore::SelectionController::setSelection(WebCore::Selection const&, bool, bool, bool) + 895 6 com.apple.WebCore 0x011c8326 WebCore::SelectionController::moveTo(WebCore::VisiblePosition const&, bool) + 118 7 com.apple.WebCore 0x011c947d WebCore::SelectionController::modify(WebCore::SelectionController::EAlteration, WebCore::SelectionController::EDirection, WebCore::TextGranularity, bool) + 509 ... <rdar://problem/5157329> REGRESSION: Crash at WTF::fastFree() when arrowing backward through editable text
Attachments
Add attachment proposed patch, testcase, etc.
Justin Garcia
Comment 1 2007-04-27 15:15:16 PDT
Regressed between r20814 and r20836.
Justin Garcia
Comment 2 2007-04-28 19:55:25 PDT
Looks like r20819 caused this.
Justin Garcia
Comment 3 2007-04-30 13:05:15 PDT
I backed out those changes in r21193. We'll revisit the bug fixed by those changes later.
Note You need to log in before you can comment on or make changes to this bug.