Summary: | Crash under WebCore::TextIterator::subrange() | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Chris Dumez <cdumez> | ||||
Component: | HTML Editing | Assignee: | Chris Dumez <cdumez> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | commit-queue, enrica, rniwa, webkit-bug-importer | ||||
Priority: | P2 | Keywords: | InRadar | ||||
Version: | WebKit Nightly Build | ||||||
Hardware: | Unspecified | ||||||
OS: | Unspecified | ||||||
Attachments: |
|
Description
Chris Dumez
2016-04-20 14:35:56 PDT
Created attachment 276854 [details]
Patch
Comment on attachment 276854 [details]
Patch
paragraphRangeContainingCorrection is dereferenced before this. If this is to avoid null pointer dereferencing in this function, I think this is in the wrong place.
(In reply to comment #3) > Comment on attachment 276854 [details] > Patch > > paragraphRangeContainingCorrection is dereferenced before this. If this is > to avoid null pointer dereferencing in this function, I think this is in the > wrong place. But before this, it is initialized like so: paragraphRangeContainingCorrection = range->cloneRange(); And range->cloneRange() cannot return null. This is therefore the right place to null check. (In reply to comment #4) > (In reply to comment #3) > > Comment on attachment 276854 [details] > > Patch > > > > paragraphRangeContainingCorrection is dereferenced before this. If this is > > to avoid null pointer dereferencing in this function, I think this is in the > > wrong place. > > But before this, it is initialized like so: > paragraphRangeContainingCorrection = range->cloneRange(); > > And range->cloneRange() cannot return null. > > This is therefore the right place to null check. As explained in the Changelog, the issue is only with TextIterator::rangeFromLocationAndLength() potentially returning null. Comment on attachment 276854 [details] Patch Clearing flags on attachment: 276854 Committed r199807: <http://trac.webkit.org/changeset/199807> All reviewed patches have been landed. Closing bug. |