Bug 104937

Summary: REGRESSION(r137406): NodeTraversal changes causing large renderer crash
Product: WebKit Reporter: Karen <karen+webkit>
Component: HTML EditingAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: kling, koivisto, mifenton, rniwa, webkit.review.bot
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Fixes the bug none

Karen
Reported 2012-12-13 11:53:51 PST
A recent webkit change on node traversal: http://trac.webkit.org/changeset/137406 is causing a large renderer crash in chromium. https://code.google.com/p/chromium/issues/detail?id=165988 Is it possible to fix or revert this change temporarily?
Attachments
Fixes the bug (1.61 KB, patch)
2012-12-13 12:29 PST, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2012-12-13 12:29:28 PST
Created attachment 179315 [details] Fixes the bug
Antti Koivisto
Comment 2 2012-12-13 12:40:14 PST
Comment on attachment 179315 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=179315&action=review > Source/WebCore/editing/FrameSelection.cpp:1958 > - Element* element = start && start->isElementNode() ? toElement(start) : ElementTraversal::next(start); > + if (!start) > + return 0; > + Element* element = start->isElementNode() ? toElement(start) : ElementTraversal::next(start); I meant to write !start || start->isElementNode() here but this works too.
WebKit Review Bot
Comment 3 2012-12-13 12:57:58 PST
Comment on attachment 179315 [details] Fixes the bug Clearing flags on attachment: 179315 Committed r137642: <http://trac.webkit.org/changeset/137642>
WebKit Review Bot
Comment 4 2012-12-13 12:58:02 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.