81581 2012-03-19 16:08:47 -0700 visual word movement: crashes on CSS generated content 2012-03-20 16:50:15 -0700 1 1 1 Unclassified WebKit HTML Editing 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 25298 1 xji webkit-unassigned rniwa webkit.review.bot oldest_to_newest 582389 0 xji 2012-03-19 16:08:47 -0700 visual word movement: crashes on CSS generated content 582419 1 132710 xji 2012-03-19 16:26:17 -0700 Created attachment 132710 patch w/ layout test Ryosuke, Thanks for the bug report! 582426 2 xji 2012-03-19 16:32:02 -0700 I checked other pointer dereference codes, and I think they are mostly looks ok. How about the following when textBox is a not-null-InlineTextBox? textBox->textRenderer()->text()->characters() I think it is fine since InlineTextBox must have a text renderer. And it should have text()->characters() although it could be null. There is similar usage in https://cs.corp.google.com/#chrome/src/third_party/WebKit/Source/WebCore/rendering/InlineTextBox.cpp&q=textRenderer()%20package:%5Echrome$%20file:%5Esrc/third_party/WebKit/.*.cpp&type=cs&l=346 583226 3 132710 rniwa 2012-03-20 10:55:24 -0700 Comment on attachment 132710 patch w/ layout test View in context: https://bugs.webkit.org/attachment.cgi?id=132710&action=review > LayoutTests/editing/selection/move-by-word-visually-crash-test-css-generated-content.html:1 > +<head> No DOCTYPE? 583578 4 132710 xji 2012-03-20 16:22:51 -0700 Comment on attachment 132710 patch w/ layout test View in context: https://bugs.webkit.org/attachment.cgi?id=132710&action=review >> LayoutTests/editing/selection/move-by-word-visually-crash-test-css-generated-content.html:1 >> +<head> > > No DOCTYPE? I will update all the tests in another patch. 583613 5 132710 webkit.review.bot 2012-03-20 16:50:10 -0700 Comment on attachment 132710 patch w/ layout test Clearing flags on attachment: 132710 Committed r111469: <http://trac.webkit.org/changeset/111469> 583614 6 webkit.review.bot 2012-03-20 16:50:15 -0700 All reviewed patches have been landed. Closing bug. 132710 2012-03-19 16:26:17 -0700 2012-03-20 16:50:10 -0700 patch w/ layout test 81581.v1 text/plain 4490 xji SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDExMTI2NikKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE4IEBACisyMDEyLTAzLTE5ICBYaWFvbWVp IEppICA8eGppQGNocm9taXVtLm9yZz4KKworICAgICAgICB2aXN1YWwgd29yZCBtb3ZlbWVudDog Y3Jhc2hlcyBvbiBDU1MgZ2VuZXJhdGVkIGNvbnRlbnQuCisgICAgICAgIGh0dHBzOi8vYnVncy53 ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD04MTU4MQorCisgICAgICAgIFJldmlld2VkIGJ5IE5P Qk9EWSAoT09QUyEpLgorCisgICAgICAgIENoZWNrIGZvciBudWxsIHBvaW50ZXIgd2hlbiByZWZl cmVuY2luZyBib3gtPnJlbmRlcmVyKCktPm5vZGUoKSBpbiBwcmV2aW91c1Jvb3RJbmxpbmVCb3gg YW5kIG5leHRSb290SW5saW5lQm94LgorCisgICAgICAgIFRlc3Q6IGVkaXRpbmcvc2VsZWN0aW9u L21vdmUtYnktd29yZC12aXN1YWxseS1jcmFzaC10ZXN0LWNzcy1nZW5lcmF0ZWQtY29udGVudC5o dG1sCisKKyAgICAgICAgKiBlZGl0aW5nL3Zpc2libGVfdW5pdHMuY3BwOgorICAgICAgICAoV2Vi Q29yZTo6cHJldmlvdXNSb290SW5saW5lQm94KToKKyAgICAgICAgKFdlYkNvcmU6Om5leHRSb290 SW5saW5lQm94KToKKwogMjAxMi0wMy0xOSAgQW5kZXJzIENhcmxzc29uICA8YW5kZXJzY2FAYXBw bGUuY29tPgogCiAgICAgICAgIE1ha2UgdGhlIFRpbGVDYWNoZSB3b3JrIHdpdGggSGlEUEkgYWdh aW4KSW5kZXg6IFNvdXJjZS9XZWJDb3JlL2VkaXRpbmcvdmlzaWJsZV91bml0cy5jcHAKPT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PQotLS0gU291cmNlL1dlYkNvcmUvZWRpdGluZy92aXNpYmxlX3VuaXRzLmNwcAkocmV2aXNp b24gMTExMDIxKQorKysgU291cmNlL1dlYkNvcmUvZWRpdGluZy92aXNpYmxlX3VuaXRzLmNwcAko d29ya2luZyBjb3B5KQpAQCAtMTAzLDYgKzEwMywxMCBAQCBzdGF0aWMgTm9kZSogbmV4dExlYWZX aXRoU2FtZUVkaXRhYmlsaXR5CiBzdGF0aWMgY29uc3QgUm9vdElubGluZUJveCogcHJldmlvdXNS b290SW5saW5lQm94KGNvbnN0IElubGluZUJveCogYm94LCBjb25zdCBWaXNpYmxlUG9zaXRpb24m IHZpc2libGVQb3NpdGlvbikKIHsKICAgICBOb2RlKiBoaWdoZXN0Um9vdCA9IGhpZ2hlc3RFZGl0 YWJsZVJvb3QodmlzaWJsZVBvc2l0aW9uLmRlZXBFcXVpdmFsZW50KCksIENvbnRlbnRJc0VkaXRh YmxlKTsKKworICAgIGlmICghYm94LT5yZW5kZXJlcigpIHx8ICFib3gtPnJlbmRlcmVyKCktPm5v ZGUoKSkKKyAgICAgICAgcmV0dXJuIDA7CisKICAgICBOb2RlKiBub2RlID0gYm94LT5yZW5kZXJl cigpLT5ub2RlKCk7CiAgICAgTm9kZSogZW5jbG9zaW5nQmxvY2tOb2RlID0gZW5jbG9zaW5nTm9k ZVdpdGhOb25JbmxpbmVSZW5kZXJlcihub2RlKTsKICAgICBOb2RlKiBwcmV2aW91c05vZGUgPSBw cmV2aW91c0xlYWZXaXRoU2FtZUVkaXRhYmlsaXR5KG5vZGUsIENvbnRlbnRJc0VkaXRhYmxlKTsK QEAgLTEzMiw2ICsxMzYsMTAgQEAgc3RhdGljIGNvbnN0IFJvb3RJbmxpbmVCb3gqIHByZXZpb3Vz Um9vdAogc3RhdGljIGNvbnN0IFJvb3RJbmxpbmVCb3gqIG5leHRSb290SW5saW5lQm94KGNvbnN0 IElubGluZUJveCogYm94LCBjb25zdCBWaXNpYmxlUG9zaXRpb24mIHZpc2libGVQb3NpdGlvbikK IHsKICAgICBOb2RlKiBoaWdoZXN0Um9vdCA9IGhpZ2hlc3RFZGl0YWJsZVJvb3QodmlzaWJsZVBv c2l0aW9uLmRlZXBFcXVpdmFsZW50KCksIENvbnRlbnRJc0VkaXRhYmxlKTsKKworICAgIGlmICgh Ym94LT5yZW5kZXJlcigpIHx8ICFib3gtPnJlbmRlcmVyKCktPm5vZGUoKSkKKyAgICAgICAgcmV0 dXJuIDA7CisKICAgICBOb2RlKiBub2RlID0gYm94LT5yZW5kZXJlcigpLT5ub2RlKCk7CiAgICAg Tm9kZSogZW5jbG9zaW5nQmxvY2tOb2RlID0gZW5jbG9zaW5nTm9kZVdpdGhOb25JbmxpbmVSZW5k ZXJlcihub2RlKTsKICAgICBOb2RlKiBuZXh0Tm9kZSA9IG5leHRMZWFmV2l0aFNhbWVFZGl0YWJp bGl0eShub2RlLCBDb250ZW50SXNFZGl0YWJsZSk7CkluZGV4OiBMYXlvdXRUZXN0cy9DaGFuZ2VM b2cKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCShyZXZpc2lvbiAxMTEyNjYp CisrKyBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cJKHdvcmtpbmcgY29weSkKQEAgLTEsMyArMSwxMyBA QAorMjAxMi0wMy0xOSAgWGlhb21laSBKaSAgPHhqaUBjaHJvbWl1bS5vcmc+CisKKyAgICAgICAg dmlzdWFsIHdvcmQgbW92ZW1lbnQ6IGNyYXNoZXMgb24gQ1NTIGdlbmVyYXRlZCBjb250ZW50Lgor ICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9ODE1ODEKKwor ICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICAqIGVkaXRpbmcv c2VsZWN0aW9uL21vdmUtYnktd29yZC12aXN1YWxseS1jcmFzaC10ZXN0LWNzcy1nZW5lcmF0ZWQt Y29udGVudC1leHBlY3RlZC50eHQ6IEFkZGVkLgorICAgICAgICAqIGVkaXRpbmcvc2VsZWN0aW9u L21vdmUtYnktd29yZC12aXN1YWxseS1jcmFzaC10ZXN0LWNzcy1nZW5lcmF0ZWQtY29udGVudC5o dG1sOiBBZGRlZC4KKwogMjAxMi0wMy0xOSAgSmVzc2llIEJlcmxpbiAgPGpiZXJsaW5AYXBwbGUu Y29tPgogCiAgICAgICAgIFNoYWRvdyBET00gaXMgbm90IGVuYWJsZWQgb24gTWFjLCBzbyBza2lw IHRoZSB3aG9sZSBkaXJlY3RvcnkgaW5zdGVhZCBvZiBza2lwcGluZyB0aGUgdGVzdHMKSW5kZXg6 IExheW91dFRlc3RzL2VkaXRpbmcvc2VsZWN0aW9uL21vdmUtYnktd29yZC12aXN1YWxseS1jcmFz aC10ZXN0LWNzcy1nZW5lcmF0ZWQtY29udGVudC1leHBlY3RlZC50eHQKPT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0g TGF5b3V0VGVzdHMvZWRpdGluZy9zZWxlY3Rpb24vbW92ZS1ieS13b3JkLXZpc3VhbGx5LWNyYXNo LXRlc3QtY3NzLWdlbmVyYXRlZC1jb250ZW50LWV4cGVjdGVkLnR4dAkocmV2aXNpb24gMCkKKysr IExheW91dFRlc3RzL2VkaXRpbmcvc2VsZWN0aW9uL21vdmUtYnktd29yZC12aXN1YWxseS1jcmFz aC10ZXN0LWNzcy1nZW5lcmF0ZWQtY29udGVudC1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCkBA IC0wLDAgKzEgQEAKK0NyYXNoIHRlc3QgcGFzc2VkCkluZGV4OiBMYXlvdXRUZXN0cy9lZGl0aW5n L3NlbGVjdGlvbi9tb3ZlLWJ5LXdvcmQtdmlzdWFsbHktY3Jhc2gtdGVzdC1jc3MtZ2VuZXJhdGVk LWNvbnRlbnQuaHRtbAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9lZGl0aW5nL3NlbGVjdGlv bi9tb3ZlLWJ5LXdvcmQtdmlzdWFsbHktY3Jhc2gtdGVzdC1jc3MtZ2VuZXJhdGVkLWNvbnRlbnQu aHRtbAkocmV2aXNpb24gMCkKKysrIExheW91dFRlc3RzL2VkaXRpbmcvc2VsZWN0aW9uL21vdmUt Ynktd29yZC12aXN1YWxseS1jcmFzaC10ZXN0LWNzcy1nZW5lcmF0ZWQtY29udGVudC5odG1sCShy ZXZpc2lvbiAwKQpAQCAtMCwwICsxLDI4IEBACis8aGVhZD4KKzxzdHlsZT4KK2RpdjpiZWZvcmUg eworICAgIGNvbnRlbnQ6IHVybCguLi8uLi9hY2Nlc3NpYmlsaXR5L3Jlc291cmNlcy9jYWtlLnBu Zyk7Cit9Cis8L3N0eWxlPgorPC9oZWFkPgorPHNjcmlwdCBzcmM9InJlc291cmNlcy9tb3ZlLWJ5 LXdvcmQtdmlzdWFsbHkuanMiPjwvc2NyaXB0PgorPHNjcmlwdD4KKworb25sb2FkID0gZnVuY3Rp b24oKSB7CisgICAgdHJ5IHsKKyAgICAgICAgcnVuVGVzdCgpOworICAgICAgICBkb2N1bWVudC5i b2R5LmlubmVySFRNTCA9ICJDcmFzaCB0ZXN0IHBhc3NlZCI7CisgICAgfSBmaW5hbGx5IHsKKyAg ICB9Cit9OworCitpZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVyKSB7CisgICAgbGF5b3V0 VGVzdENvbnRyb2xsZXIuZHVtcEFzVGV4dCgpOworICAgIGxheW91dFRlc3RDb250cm9sbGVyLnNl dEVkaXRpbmdCZWhhdmlvcignd2luJyk7Cit9Cis8L3NjcmlwdD4KKzxkaXYgY29udGVudGVkaXRh YmxlIGRpcj1sdHI+Cis8ZGl2IHRpdGxlPSIwfDAiIGNsYXNzPSJ0ZXN0X21vdmVfYnlfd29yZCIg ZGlyPWx0cj5pbiBkaXYgMTwvZGl2PgorPGRpdiB0aXRsZT0iMHwwIiBjbGFzcz0idGVzdF9tb3Zl X2J5X3dvcmQiIGRpcj1sdHI+PGltZyBzcmM9Li4vLi4vYWNjZXNzaWJpbGl0eS9yZXNvdXJjZXMv Y2FrZS5wbmc+PC9kaXY+Cis8aDE+dGV4dCBhcmVhPC9oMT4KKzwvZGl2Pgo=