Bug 67762

Summary: Crashes in WebCore::ReplaceSelectionCommand::doApply
Product: WebKit Reporter: Shinya Kawanaka <shinyak>
Component: HTML EditingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: rniwa, shinyak, tkent, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 67668    
Attachments:
Description Flags
Patch
none
Patch
none
Patch none

Shinya Kawanaka
Reported 2011-09-07 23:40:31 PDT
https://bugs.webkit.org/show_bug.cgi?id=67668 testcase1:: <feSpotLight><sub id="div" contenteditable="true"><script> var sel = window.getSelection(); sel.setPosition(div, 0); document.execCommand("InsertHTML", false, "<dl>"); </script>
Attachments
Patch (3.60 KB, patch)
2011-09-07 23:51 PDT, Shinya Kawanaka 		no flags
DetailsFormatted DiffDiff
Patch (3.59 KB, patch)
2011-09-08 00:09 PDT, Shinya Kawanaka 		no flags
DetailsFormatted DiffDiff
Patch (3.61 KB, patch)
2011-09-08 00:43 PDT, Shinya Kawanaka 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Shinya Kawanaka
Comment 1 2011-09-07 23:51:22 PDT
Created attachment 106700 [details] Patch
Kent Tamura
Comment 2 2011-09-07 23:54:06 PDT
Comment on attachment 106700 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=106700&action=review > LayoutTests/ChangeLog:11 > + * editing/inserting/insert-replaceselection-crash-expected.txt: Added. > + * editing/inserting/insert-replaceselection-crash.html: Added. It's better, but we had better describe a test case, rather than a crash location. How about insert-without-enclosing-block.html? > Source/WebCore/ChangeLog:10 > + Test: editing/inserting/insert-67668-crash.html Need to update.
Ryosuke Niwa
Comment 3 2011-09-07 23:56:36 PDT
Comment on attachment 106700 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=106700&action=review > LayoutTests/editing/inserting/insert-replaceselection-crash.html:7 > +var sel = window.getSelection(); > + > +sel.setPosition(div, 0); It seems redundant to declare sel.
Shinya Kawanaka
Comment 4 2011-09-08 00:09:09 PDT
Created attachment 106703 [details] Patch
Shinya Kawanaka
Comment 5 2011-09-08 00:09:51 PDT
Reflected the above comments.
Ryosuke Niwa
Comment 6 2011-09-08 00:11:20 PDT
Comment on attachment 106703 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=106703&action=review > LayoutTests/ChangeLog:11 > + * editing/inserting/insert-replaceselection-crash-expected.txt: Added. > + * editing/inserting/insert-replaceselection-crash.html: Added. You should rename the test as tkent suggested.
Shinya Kawanaka
Comment 7 2011-09-08 00:12:59 PDT
(In reply to comment #6) > (From update of attachment 106703 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=106703&action=review > > > LayoutTests/ChangeLog:11 > > + * editing/inserting/insert-replaceselection-crash-expected.txt: Added. > > + * editing/inserting/insert-replaceselection-crash.html: Added. > > You should rename the test as tkent suggested. Oops, sorry. I'll fix them soon.
Shinya Kawanaka
Comment 8 2011-09-08 00:43:35 PDT
Created attachment 106706 [details] Patch
WebKit Review Bot
Comment 9 2011-09-08 13:49:30 PDT
Comment on attachment 106706 [details] Patch Clearing flags on attachment: 106706 Committed r94793: <http://trac.webkit.org/changeset/94793>
WebKit Review Bot
Comment 10 2011-09-08 13:49:34 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.