Bug 59155

Summary:

[Mac] correctionPanelTimerFired() crashes due to rangeToBeReplaced being cleared.

Product:

WebKit

Reporter:

Jia Pu <jiapu.mail>

Component:

New Bugs

Assignee:

Jia Pu <jiapu.mail>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue

Priority:

Keywords:

InRadar

Version:

528+ (Nightly build)

Hardware:

Mac (Intel)

OS:

OS X 10.6

Attachments:

Description	Flags
Patch (v1)	none

Description Jia Pu 2011-04-21 16:56:58 PDT

In some situation, m_correctionPanelInfo.rangeToBeReplaced has been cleared when entering SpellingCorrectionController::correctionPanelTimerFired(), in which case, calling windowRectForRange() on the range will crash.

<rdar://problem/9261698>

Comment 1 Jia Pu 2011-04-21 17:01:56 PDT

Created attachment 90636 [details]
Patch (v1)

Comment 2 Maciej Stachowiak 2011-04-21 17:15:27 PDT

Comment on attachment 90636 [details]
Patch (v1)

r=me

Is it possible to make a regression test for this?

Comment 3 Jia Pu 2011-04-21 17:21:39 PDT

(In reply to comment #2)
> (From update of attachment 90636 [details])
> r=me
> 
> Is it possible to make a regression test for this?

I will add one if I can nail down the exact sequence of actions that leads to the crash.

Comment 4 WebKit Commit Bot 2011-04-21 19:49:37 PDT

Comment on attachment 90636 [details]
Patch (v1)

Clearing flags on attachment: 90636

Committed r84592: <http://trac.webkit.org/changeset/84592>

Comment 5 WebKit Commit Bot 2011-04-21 19:49:41 PDT

All reviewed patches have been landed.  Closing bug.