Bug 34957

Summary: REGRESSION: WebKit Crashes when deleting images on blogger.com
Product: WebKit Reporter: Greg <ggolinsky>
Component: HTML EditingAssignee: Enrica Casucci <enrica>
Status: RESOLVED FIXED    
Severity: Major CC: ap
Priority: P1 Keywords: InRadar, Regression
Version: 528+ (Nightly build)   
Hardware: Mac (Intel)   
OS: OS X 10.6   
URL: http://www.blogger.com/
Attachments:
Description Flags
Pressing delete would normally delete the image. Instead, it locks up the browser
none
Crash report
none
Patch simon.fraser: review+

Description Greg 2010-02-15 12:48:56 PST 
Created attachment 48771 [details]
Pressing delete would normally delete the image. Instead, it locks up the browser

The browser would completely lock up, then crash, if the user selected an image from the blogger editor, and then tried to delete it by pressing delete. I was able to reproduce this bug twice. It works perfectly in Safari, only fails in the nightly build of webkit.
Comment 1 Alexey Proskuryakov 2010-02-15 14:05:41 PST 
Could you please attach a crash log? Please see <http://webkit.org/quality/crashlogs.html> for instructions.
Comment 2 Greg 2010-02-15 18:06:37 PST 
Created attachment 48784 [details]
Crash report
Comment 3 Alexey Proskuryakov 2010-02-15 18:26:47 PST 
Looks like infinite recursion in getInlineBoxAndOffset().
Comment 4 Alexey Proskuryakov 2010-02-15 18:27:10 PST 
<rdar://problem/7651935>
Comment 5 Enrica Casucci 2010-02-23 17:38:38 PST 
Created attachment 49348 [details]
Patch
Comment 6 Enrica Casucci 2010-02-23 17:54:05 PST 
Committed revision 55179.