26076 – Custom highlighting (via -webkit-highlight) can crash

RESOLVED CONFIGURATION CHANGED 26076

Custom highlighting (via -webkit-highlight) can crash

https://bugs.webkit.org/show_bug.cgi?id=26076

Summary Custom highlighting (via -webkit-highlight) can crash

Kai Brüning

Reported 2009-05-29 03:08:34 PDT

The functions WebChromeClient::customHighlightRect() and WebChromeClient::paintCustomHighlight() get passed a node. With Changeset 40871 (committed 2009-02-11), the passed node can be 0, which results in a crash. I include a test case which crashes when opening.

Attachments
Test case - crashes on loading (475 bytes, application/xhtml+xml) 2009-05-29 03:09 PDT, Kai Brüning	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Kai Brüning

Comment 1 2009-05-29 03:09:28 PDT

Created attachment 30771 [details] Test case - crashes on loading

Kai Brüning

Comment 2 2009-05-29 03:16:37 PDT

I forgot to mention that the problem is triggered by having generated content in the document (via h1:empty:before {content:"some text";} in this case). I do not know whether this is the only way to trigger the problem, though.

mitz

Comment 3 2017-06-16 22:32:22 PDT

paintCustomHighlight and the SPI that relied on it have been removed via bug 128456.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution CONFIGURATION CHANGED

Priority P2

Severity Major

Classification Unclassified

Version 528+ (Nightly build)

Hardware Mac

OS OS X 10.5

Product WebKit

Component WebKit API

Assignee

Nobody

Reported

2009-05-29 03:08 PDT

Modified

2017-06-16 22:32 PDT History

CC List

1 user Show

URL

Keywords Regression

Depends on

Blocks