Bug 160011

Summary: Crash accessing null renderer inside WebCore::DeleteSelectionCommand::doApply
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: New BugsAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, cdumez, commit-queue, darin, enrica
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Fixes the bug none

Ryosuke Niwa
Reported 2016-07-20 21:44:49 PDT
Crash accessing null renderer inside WebCore::DeleteSelectionCommand::doApply
Attachments
Fixes the bug (1.43 KB, patch)
2016-07-20 21:46 PDT, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2016-07-20 21:46:13 PDT
<rdar://problem/21400186>
Ryosuke Niwa
Comment 2 2016-07-20 21:46:15 PDT
Created attachment 284188 [details] Fixes the bug
Alexey Proskuryakov
Comment 3 2016-07-20 22:48:37 PDT
Comment on attachment 284188 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=284188&action=review > Source/WebCore/editing/DeleteSelectionCommand.cpp:867 > + if (textNode.length() && textNode.renderer()) Is it valid for ending position to be a node without renderer? Should there be an assertion to hopefully catch the root cause in the future?
Ryosuke Niwa
Comment 4 2016-07-20 22:52:43 PDT
Comment on attachment 284188 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=284188&action=review >> Source/WebCore/editing/DeleteSelectionCommand.cpp:867 >> + if (textNode.length() && textNode.renderer()) > > Is it valid for ending position to be a node without renderer? Should there be an assertion to hopefully catch the root cause in the future? We try to avoid selecting a node without renderer but I wouldn't be surprised if we ended up getting it. In general, I don't think m_endingPosition has any sort of guarantee like VisiblePosition's deepEquivalent.
WebKit Commit Bot
Comment 5 2016-07-21 12:42:45 PDT
Comment on attachment 284188 [details] Fixes the bug Clearing flags on attachment: 284188 Committed r203518: <http://trac.webkit.org/changeset/203518>
WebKit Commit Bot
Comment 6 2016-07-21 12:42:50 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.