Crash accessing null renderer inside WebCore::DeleteSelectionCommand::doApply
<rdar://problem/21400186>
Created attachment 284188 [details] Fixes the bug
Comment on attachment 284188 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=284188&action=review > Source/WebCore/editing/DeleteSelectionCommand.cpp:867 > + if (textNode.length() && textNode.renderer()) Is it valid for ending position to be a node without renderer? Should there be an assertion to hopefully catch the root cause in the future?
Comment on attachment 284188 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=284188&action=review >> Source/WebCore/editing/DeleteSelectionCommand.cpp:867 >> + if (textNode.length() && textNode.renderer()) > > Is it valid for ending position to be a node without renderer? Should there be an assertion to hopefully catch the root cause in the future? We try to avoid selecting a node without renderer but I wouldn't be surprised if we ended up getting it. In general, I don't think m_endingPosition has any sort of guarantee like VisiblePosition's deepEquivalent.
Comment on attachment 284188 [details] Fixes the bug Clearing flags on attachment: 284188 Committed r203518: <http://trac.webkit.org/changeset/203518>
All reviewed patches have been landed. Closing bug.