Bug 26076

Summary: Custom highlighting (via -webkit-highlight) can crash
Product: WebKit Reporter: Kai Brüning <kai>
Component: WebKit APIAssignee: Nobody <webkit-unassigned>
Status: RESOLVED CONFIGURATION CHANGED    
Severity: Major CC: mitz
Priority: P2 Keywords: Regression
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
See Also: https://bugs.webkit.org/show_bug.cgi?id=128456
Attachments:
Description Flags
Test case - crashes on loading none

Kai Brüning
Reported 2009-05-29 03:08:34 PDT
The functions WebChromeClient::customHighlightRect() and WebChromeClient::paintCustomHighlight() get passed a node. With Changeset 40871 (committed 2009-02-11), the passed node can be 0, which results in a crash. I include a test case which crashes when opening.
Attachments
Test case - crashes on loading (475 bytes, application/xhtml+xml)
2009-05-29 03:09 PDT, Kai Brüning 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Kai Brüning
Comment 1 2009-05-29 03:09:28 PDT
Created attachment 30771 [details] Test case - crashes on loading
Kai Brüning
Comment 2 2009-05-29 03:16:37 PDT
I forgot to mention that the problem is triggered by having generated content in the document (via h1:empty:before {content:"some text";} in this case). I do not know whether this is the only way to trigger the problem, though.
mitz
Comment 3 2017-06-16 22:32:22 PDT
paintCustomHighlight and the SPI that relied on it have been removed via bug 128456.
Note You need to log in before you can comment on or make changes to this bug.