Bug 58910

Summary: REGRESSION(r83967): Crash in selectionExtentRespectingEditingBoundary
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: HTML EditingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: aboxhall, darin, enrica, eric, ojan, tkent, tony
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
fixes the crash none

Ryosuke Niwa
Reported 2011-04-19 11:22:51 PDT
Chrome stack trace: 0x634ff603 [chrome.dll - renderobject.cpp:1951 WebCore::RenderObject::localToAbsolute(WebCore::FloatPoint const &,bool,bool) 0x62ac95b1 [chrome.dll - eventhandler.cpp:637 WebCore::selectionExtentRespectingEditingBoundary 0x62ac9686 [chrome.dll - eventhandler.cpp:659 WebCore::EventHandler::updateSelectionForMouseDrag(WebCore::HitTestResult const &) 0x62ac9532 [chrome.dll - eventhandler.cpp:622 WebCore::EventHandler::updateSelectionForMouseDrag() 0x6353366f [chrome.dll - renderlayer.cpp:1581 WebCore::RenderLayer::autoscroll() 0x6353c0f4 [chrome.dll - rendertextcontrolsingleline.cpp:1034 WebCore::RenderTextControlSingleLine::autoscroll() 0x62ac99ac [chrome.dll - eventhandler.cpp:800 WebCore::EventHandler::autoscrollTimerFired(WebCore::Timer<WebCore::EventHandler> *) 0x62dacf4a [chrome.dll - timer.h:100 WebCore::Timer<WebCore::EventHandler>::fired() 0x62c290a4 [chrome.dll - threadtimers.cpp:112 WebCore::ThreadTimers::sharedTimerFiredInternal() 0x62c29017 [chrome.dll - threadtimers.cpp:90 WebCore::ThreadTimers::sharedTimerFired() 0x62f6d795 [chrome.dll - message_loop.cc:371 MessageLoop::RunTask(Task *) 0x62f6d81c [chrome.dll - message_loop.cc:380 MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const &) 0x62f6dcb5 [chrome.dll - message_loop.cc:611 MessageLoop::DoDelayedWork(base::TimeTicks *) 0x62f82920 [chrome.dll - message_pump_default.cc:27 base::MessagePumpDefault::Run(base::MessagePump::Delegate *) 0x62f6d716 [chrome.dll - message_loop.cc:346 MessageLoop::RunInternal() 0x62f6d69b [chrome.dll - message_loop.cc:319 MessageLoop::RunHandler() 0x62f6d58f [chrome.dll - message_loop.cc:243 MessageLoop::Run() 0x62f9b2e1 [chrome.dll - renderer_main.cc:365 RendererMain(MainFunctionParams const &) 0x62a841de [chrome.dll - chrome_main.cc:813 ChromeMain 0x002221c6 [chrome.exe - client_util.cc:288 MainDllLoader::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *) 0x002243e3 [chrome.exe - chrome_exe_main_win.cc:46 wWinMain
Attachments
fixes the crash (2.49 KB, patch)
2011-04-19 11:48 PDT, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1 2011-04-19 11:23:15 PDT
http://crbug.com/79875
Ryosuke Niwa
Comment 2 2011-04-19 11:31:52 PDT
I failed in my review :( There's a null pointer check that's missing in http://trac.webkit.org/changeset/83967/trunk/Source/WebCore/page/EventHandler.cpp I'll upload a patch in a minute.
Ryosuke Niwa
Comment 3 2011-04-19 11:48:43 PDT
Created attachment 90232 [details] fixes the crash
Ryosuke Niwa
Comment 4 2011-04-19 17:23:55 PDT
Comment on attachment 90232 [details] fixes the crash Clearing flags on attachment: 90232 Committed r84320: <http://trac.webkit.org/changeset/84320>
Ryosuke Niwa
Comment 5 2011-04-19 17:23:58 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.