Bug 36800

Summary:

Ownerless nodes leads a crash on DOMSelection APIs

Product:

WebKit

Reporter:

Hajime Morrita <morrita>

Component:

HTML Editing

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

Priority:

Version:

528+ (Nightly build)

Hardware:

OS:

OS X 10.5

Attachments:

Description	Flags
to reproduce	none

Hajime Morrita

Reported 2010-03-29 19:25:24 PDT

Passing ownerless node to DOMSelection APIs including collapse(), extend(), selectAllChildren(), setPosition() causes a crash. One type of ownerless node is newly-created DocumentType object. This is similar to Bug 31680 and the fix on Bug 31680 will fix these. But we need regressions for that.

Attachments
to reproduce (326 bytes, text/html) 2010-03-30 02:40 PDT, Hajime Morrita	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Hajime Morrita

Comment 1 2010-03-30 02:40:28 PDT

Created attachment 52015 [details] to reproduce

Hajime Morrita

Comment 2 2010-04-01 22:33:17 PDT

Fixed at http://trac.webkit.org/changeset/56962

Note You need to log in before you can comment on or make changes to this bug.