Bug 26528

Summary: REGRESSION (r44674): Assertion in TextIterator::pushFullyClippedState while counting matches for "a" on apple.com
Product: WebKit Reporter: Darin Adler <darin>
Component: TextAssignee: Darin Adler <darin>
Status: RESOLVED FIXED    
Severity: Normal CC: finnur.webkit
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
Attachments:
Description Flags
patch, but I haven't written the regression test yet
none
patch mitz: review+

Description Darin Adler 2009-06-18 16:39:23 PDT 
To reproduce:

1. visit http://www.apple.com
2. click in Google search field
3. type "a"

Assertion fires. When I comment out the assertion there is no visible problem.

#0  0x03d5bc04 in WebCore::pushFullyClippedState (stack=@0xbfffe020, node=0x1d3d68e0) at OpenSource/WebCore/editing/TextIterator.cpp:187
#1  0x03d5e39d in WebCore::TextIterator::handleReplacedElement (this=0xbfffe014) at OpenSource/WebCore/editing/TextIterator.cpp:532
#2  0x03d5edae in WebCore::TextIterator::advance (this=0xbfffe014) at OpenSource/WebCore/editing/TextIterator.cpp:339
Comment 1 Darin Adler 2009-06-18 16:39:38 PDT 
<rdar://problem/6985329>
Comment 2 Mark Rowe (bdash) 2009-06-19 13:45:20 PDT 
*** Bug 26557 has been marked as a duplicate of this bug. ***
Comment 3 Darin Adler 2009-06-19 15:56:07 PDT 
I've got a fix for this. I hope to post it soon.
Comment 4 Darin Adler 2009-06-19 18:30:22 PDT 
Created attachment 31583 [details]
patch, but I haven't written the regression test yet
Comment 5 Darin Adler 2009-06-20 12:53:32 PDT 
Created attachment 31599 [details]
patch
Comment 6 Darin Adler 2009-06-20 13:37:15 PDT 
http://trac.webkit.org/changeset/44901