Bug 58910

Summary: REGRESSION(r83967): Crash in selectionExtentRespectingEditingBoundary
Product: WebKit Reporter: Ryosuke Niwa <rniwa>
Component: HTML EditingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: aboxhall, darin, enrica, eric, ojan, tkent, tony
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
fixes the crash none

Description Ryosuke Niwa 2011-04-19 11:22:51 PDT 
Chrome stack trace:
0x634ff603	 [chrome.dll	 - renderobject.cpp:1951	WebCore::RenderObject::localToAbsolute(WebCore::FloatPoint const &,bool,bool)
0x62ac95b1	 [chrome.dll	 - eventhandler.cpp:637	WebCore::selectionExtentRespectingEditingBoundary
0x62ac9686	 [chrome.dll	 - eventhandler.cpp:659	WebCore::EventHandler::updateSelectionForMouseDrag(WebCore::HitTestResult const &)
0x62ac9532	 [chrome.dll	 - eventhandler.cpp:622	WebCore::EventHandler::updateSelectionForMouseDrag()
0x6353366f	 [chrome.dll	 - renderlayer.cpp:1581	WebCore::RenderLayer::autoscroll()
0x6353c0f4	 [chrome.dll	 - rendertextcontrolsingleline.cpp:1034	WebCore::RenderTextControlSingleLine::autoscroll()
0x62ac99ac	 [chrome.dll	 - eventhandler.cpp:800	WebCore::EventHandler::autoscrollTimerFired(WebCore::Timer<WebCore::EventHandler> *)
0x62dacf4a	 [chrome.dll	 - timer.h:100	WebCore::Timer<WebCore::EventHandler>::fired()
0x62c290a4	 [chrome.dll	 - threadtimers.cpp:112	WebCore::ThreadTimers::sharedTimerFiredInternal()
0x62c29017	 [chrome.dll	 - threadtimers.cpp:90	WebCore::ThreadTimers::sharedTimerFired()
0x62f6d795	 [chrome.dll	 - message_loop.cc:371	MessageLoop::RunTask(Task *)
0x62f6d81c	 [chrome.dll	 - message_loop.cc:380	MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const &)
0x62f6dcb5	 [chrome.dll	 - message_loop.cc:611	MessageLoop::DoDelayedWork(base::TimeTicks *)
0x62f82920	 [chrome.dll	 - message_pump_default.cc:27	base::MessagePumpDefault::Run(base::MessagePump::Delegate *)
0x62f6d716	 [chrome.dll	 - message_loop.cc:346	MessageLoop::RunInternal()
0x62f6d69b	 [chrome.dll	 - message_loop.cc:319	MessageLoop::RunHandler()
0x62f6d58f	 [chrome.dll	 - message_loop.cc:243	MessageLoop::Run()
0x62f9b2e1	 [chrome.dll	 - renderer_main.cc:365	RendererMain(MainFunctionParams const &)
0x62a841de	 [chrome.dll	 - chrome_main.cc:813	ChromeMain
0x002221c6	 [chrome.exe	 - client_util.cc:288	MainDllLoader::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *)
0x002243e3	 [chrome.exe	 - chrome_exe_main_win.cc:46	wWinMain
Comment 1 Ryosuke Niwa 2011-04-19 11:23:15 PDT 
http://crbug.com/79875
Comment 2 Ryosuke Niwa 2011-04-19 11:31:52 PDT 
I failed in my review :( There's a null pointer check that's missing in http://trac.webkit.org/changeset/83967/trunk/Source/WebCore/page/EventHandler.cpp

I'll upload a patch in a minute.
Comment 3 Ryosuke Niwa 2011-04-19 11:48:43 PDT 
Created attachment 90232 [details]
fixes the crash
Comment 4 Ryosuke Niwa 2011-04-19 17:23:55 PDT 
Comment on attachment 90232 [details]
fixes the crash

Clearing flags on attachment: 90232

Committed r84320: <http://trac.webkit.org/changeset/84320>
Comment 5 Ryosuke Niwa 2011-04-19 17:23:58 PDT 
All reviewed patches have been landed.  Closing bug.