Bug 74843

Summary:

Editing OOM/NULL ptr

Product:

WebKit

Reporter:

Berend-Jan Wever <skylined>

Component:

HTML Editing

Assignee:

Nobody <webkit-unassigned>

Status:

NEW

Severity:

Normal

CC:

rniwa

Priority:

Version:

528+ (Nightly build)

Hardware:

OS:

Windows Vista

Attachments:

Description	Flags
Repro	none

Berend-Jan Wever

Reported 2011-12-19 00:28:23 PST

Created attachment 119830 [details] Repro Chromium: http://code.google.com/p/chromium/issues/detail?id=108027 <html xmlns="http://www.w3.org/1999/xhtml"> <head> <style> * { -webkit-user-modify: read-write; } </style> <script> window.onload = function(){ document.execCommand("SelectAll") document.execCommand("Indent"); document.execCommand("outdent"); document.execCommand("Delete", false); }; </script> </head> <frameset> <frame/> </frameset> </html> This causes OOM on stable and a NULL ptr in debug builds.

Attachments
Repro (433 bytes, application/xhtml+xml) 2011-12-19 00:28 PST, Berend-Jan Wever	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Note You need to log in before you can comment on or make changes to this bug.