Bug 106280

Upstreamed from https://crbug.com/168558 0x014cb988 [Google Chrome Framework] - Node.cpp:460] WebCore::Node::treeScope 0x01dd6316 [Google Chrome Framework] - VisibleSelection.cpp:467] WebCore::VisibleSelection::adjustSelectionToAvoidCrossingShadowBoundaries 0x01dd2d19 [Google Chrome Framework] - VisibleSelection.cpp:418] WebCore::VisibleSelection::validate 0x01dd364b [Google Chrome Framework] - VisibleSelection.cpp:124] WebCore::VisibleSelection::setExtent 0x01ef52b2 [Google Chrome Framework] - EventHandler.cpp:831] WebCore::EventHandler::updateSelectionForMouseDrag 0x01ef4497 [Google Chrome Framework] - EventHandler.cpp:724] WebCore::EventHandler::handleMouseDraggedEvent 0x01ef7d19 [Google Chrome Framework] - EventHandler.cpp:1817] WebCore::EventHandler::handleMouseMoveEvent 0x01ef7685 [Google Chrome Framework] - EventHandler.cpp:1686] WebCore::EventHandler::mouseMoved 0x01402f68 [Google Chrome Framework] - PageWidgetDelegate.cpp:197] WebKit::PageWidgetEventHandler::handleMouseMove 0x01402e56 [Google Chrome Framework] - PageWidgetDelegate.cpp:118] WebKit::PageWidgetDelegate::handleInputEvent 0x0144a4bc [Google Chrome Framework] - WebViewImpl.cpp:1953] WebKit::WebViewImpl::handleInputEvent 0x004e27c6 [Google Chrome Framework] - render_widget.cc:573] RenderWidget::OnHandleInputEvent 0x004e15a8 [Google Chrome Framework] - ../ipc/ipc_message.h:170] RenderWidget::OnMessageReceived 0x004aed61 [Google Chrome Framework] - render_view_impl.cc:1061] RenderViewImpl::OnMessageReceived 0x0118e57c [Google Chrome Framework] - message_router.cc:47] MessageRouter::RouteMessage 0x0118e520 [Google Chrome Framework] - message_router.cc:39] MessageRouter::OnMessageReceived 0x01108b1b [Google Chrome Framework] - child_thread.cc:275] ChildThread::OnMessageReceived 0x00e7b624 [Google Chrome Framework] - ipc_channel_proxy.cc:261] IPC::ChannelProxy::Context::OnDispatchMessage My suspicion is that adjustPositionForEnd() or adjustPositionForStart() touches null node.