22160 – Nil deref because nextLinePosition (previousLinePosition, too) uses a nil node

RESOLVED FIXED 22160

Nil deref because nextLinePosition (previousLinePosition, too) uses a nil node

https://bugs.webkit.org/show_bug.cgi?id=22160

Summary Nil deref because nextLinePosition (previousLinePosition, too) uses a nil node

Darin Adler

Reported 2008-11-10 10:59:12 PST

Chris Fleizach noticed this crash while in a mail message. looks like a node needs to be checked for nil somewhere Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x0000000000000000 0x000000010113bf1a in WebCore::Node::hasTagName (this=0x0, name=@0x10224b698) at Node.h:95 95 bool hasTagName(const QualifiedName& name) const { return virtualHasTagName(name); } (gdb) bt #0 0x000000010113bf1a in WebCore::Node::hasTagName (this=0x0, name=@0x10224b698) at Node.h:95 #1 0x00000001017d87ec in WebCore::canHaveChildrenForEditing (node=0x0) at /Volumes/data/WebKit/WebCore/editing/htmlediting.cpp:78 #2 0x00000001017d895b in WebCore::editingIgnoresContent (node=0x0) at /Volumes/data/WebKit/WebCore/editing/htmlediting.cpp:62 #3 0x00000001017fcfa0 in WebCore::nextLinePosition (visiblePosition=@0x7fff5fbfe4a0, x=95) at /Volumes/data/WebKit/WebCore/editing/visible_units.cpp:605 #4 0x0000000101755d62 in WebCore::SelectionController::modifyMovingForward (this=0x7fff5fbfe580, granularity=WebCore::LineGranularity) at /Volumes/data/WebKit/WebCore/editing/SelectionController.cpp:335 etc.

Attachments
patch (2.78 KB, patch) 2008-11-10 11:03 PST, Darin Adler	mitz: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Darin Adler

Comment 1 2008-11-10 11:03:22 PST

Created attachment 25022 [details] patch

mitz

Comment 2 2008-11-10 11:06:51 PST

Comment on attachment 25022 [details] patch r=me

Darin Adler

Comment 3 2008-11-11 10:00:20 PST

http://trac.webkit.org/changeset/38304

David Kilzer (:ddkilzer)

Comment 4 2008-11-29 11:28:01 PST