Bug 76258

Summary: NULL ptr in WebCore::ContainerNode::parserAddChild
Product: WebKit Reporter: Berend-Jan Wever <skylined>
Component: HTML EditingAssignee: Adam Barth <abarth>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, commit-queue, eric, rniwa, webkit.review.bot
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows Vista   
Attachments:
Description Flags
Repro
none
Patch
none
Patch for landing none

Berend-Jan Wever
Reported 2012-01-13 02:04:04 PST
Created attachment 122396 [details] Repro Chromium: http://code.google.com/p/chromium/issues/detail?id=110146 Repro: x<h4><strike>x <script> window.onload=function(){ document.execCommand("SelectAll"); document.designMode="on"; document.execCommand("Indent"); document.execCommand("InsertOrderedList", false); }; document.addEventListener("DOMSubtreeModified",function(){ document.execCommand("outdent", false); },false); </script>
Attachments
Repro (348 bytes, text/html)
2012-01-13 02:04 PST, Berend-Jan Wever 		no flags
Details
Patch (4.32 KB, patch)
2012-01-26 16:52 PST, Adam Barth 		no flags
DetailsFormatted DiffDiff
Patch for landing (4.31 KB, patch)
2012-01-26 16:55 PST, Adam Barth 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Adam Barth
Comment 1 2012-01-26 16:12:08 PST
I can reproduce the crash.
Adam Barth
Comment 2 2012-01-26 16:52:13 PST
Created attachment 124216 [details] Patch
Eric Seidel (no email)
Comment 3 2012-01-26 16:54:59 PST
Comment on attachment 124216 [details] Patch OK.
Adam Barth
Comment 4 2012-01-26 16:55:55 PST
Created attachment 124218 [details] Patch for landing
WebKit Review Bot
Comment 5 2012-01-26 17:55:54 PST
Comment on attachment 124218 [details] Patch for landing Clearing flags on attachment: 124218 Committed r106072: <http://trac.webkit.org/changeset/106072>
WebKit Review Bot
Comment 6 2012-01-26 17:55:58 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.