Bug 81581

Summary: visual word movement: crashes on CSS generated content
Product: WebKit Reporter: Xiaomei Ji <xji>
Component: HTML EditingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: rniwa, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 25298    
Attachments:
Description Flags
patch w/ layout test none

Xiaomei Ji
Reported 2012-03-19 16:08:47 PDT
visual word movement: crashes on CSS generated content
Attachments
patch w/ layout test (4.38 KB, patch)
2012-03-19 16:26 PDT, Xiaomei Ji 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Xiaomei Ji
Comment 1 2012-03-19 16:26:17 PDT
Created attachment 132710 [details] patch w/ layout test Ryosuke, Thanks for the bug report!
Xiaomei Ji
Comment 2 2012-03-19 16:32:02 PDT
I checked other pointer dereference codes, and I think they are mostly looks ok. How about the following when textBox is a not-null-InlineTextBox? textBox->textRenderer()->text()->characters() I think it is fine since InlineTextBox must have a text renderer. And it should have text()->characters() although it could be null. There is similar usage in https://cs.corp.google.com/#chrome/src/third_party/WebKit/Source/WebCore/rendering/InlineTextBox.cpp&q=textRenderer()%20package:%5Echrome$%20file:%5Esrc/third_party/WebKit/.*.cpp&type=cs&l=346
Ryosuke Niwa
Comment 3 2012-03-20 10:55:24 PDT
Comment on attachment 132710 [details] patch w/ layout test View in context: https://bugs.webkit.org/attachment.cgi?id=132710&action=review > LayoutTests/editing/selection/move-by-word-visually-crash-test-css-generated-content.html:1 > +<head> No DOCTYPE?
Xiaomei Ji
Comment 4 2012-03-20 16:22:51 PDT
Comment on attachment 132710 [details] patch w/ layout test View in context: https://bugs.webkit.org/attachment.cgi?id=132710&action=review >> LayoutTests/editing/selection/move-by-word-visually-crash-test-css-generated-content.html:1 >> +<head> > > No DOCTYPE? I will update all the tests in another patch.
WebKit Review Bot
Comment 5 2012-03-20 16:50:10 PDT
Comment on attachment 132710 [details] patch w/ layout test Clearing flags on attachment: 132710 Committed r111469: <http://trac.webkit.org/changeset/111469>
WebKit Review Bot
Comment 6 2012-03-20 16:50:15 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.