Bug 34957

Summary: REGRESSION: WebKit Crashes when deleting images on blogger.com
Product: WebKit Reporter: Greg <ggolinsky>
Component: HTML EditingAssignee: Enrica Casucci <enrica>
Status: RESOLVED FIXED    
Severity: Major CC: ap
Priority: P1 Keywords: InRadar, Regression
Version: 528+ (Nightly build)   
Hardware: Mac (Intel)   
OS: OS X 10.6   
URL: http://www.blogger.com/
Attachments:
Description Flags
Pressing delete would normally delete the image. Instead, it locks up the browser
none
Crash report
none
Patch simon.fraser: review+

Greg
Reported 2010-02-15 12:48:56 PST
Created attachment 48771 [details] Pressing delete would normally delete the image. Instead, it locks up the browser The browser would completely lock up, then crash, if the user selected an image from the blogger editor, and then tried to delete it by pressing delete. I was able to reproduce this bug twice. It works perfectly in Safari, only fails in the nightly build of webkit.
Attachments
Pressing delete would normally delete the image. Instead, it locks up the browser (153.99 KB, image/png)
2010-02-15 12:48 PST, Greg 		no flags
Details
Crash report (130.30 KB, text/plain)
2010-02-15 18:06 PST, Greg 		no flags
Details
Patch (4.03 KB, patch)
2010-02-23 17:38 PST, Enrica Casucci 		simon.fraser: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2010-02-15 14:05:41 PST
Could you please attach a crash log? Please see <http://webkit.org/quality/crashlogs.html> for instructions.
Greg
Comment 2 2010-02-15 18:06:37 PST
Created attachment 48784 [details] Crash report
Alexey Proskuryakov
Comment 3 2010-02-15 18:26:47 PST
Looks like infinite recursion in getInlineBoxAndOffset().
Alexey Proskuryakov
Comment 4 2010-02-15 18:27:10 PST
<rdar://problem/7651935>
Enrica Casucci
Comment 5 2010-02-23 17:38:38 PST
Created attachment 49348 [details] Patch
Enrica Casucci
Comment 6 2010-02-23 17:54:05 PST
Committed revision 55179.
Note You need to log in before you can comment on or make changes to this bug.