Created attachment 43520 [details] Repro The following HTML triggers a NULL pointer in "WebCore::Range::surroundContents": <SCRIPT> range=document.createRange(); text=document.createTextNode(''); range.selectNodeContents(text); element=document.createElement("l"); range.surroundContents(element); </SCRIPT> Relevant call stack (in Chromium): WebCore::Range::surroundContents(class WTF::PassRefPtr<WebCore::Node> passNewParent = class WTF::PassRefPtr<WebCore::Node>, int * ec = 0x0012f220)+0x113 WebCore::RangeInternal::surroundContentsCallback(class v8::Arguments * args = 0x00000000)+0xac
Added online repro URL
Created attachment 45226 [details] patch v1
Added NULL guard null throws exception. Note that Firefox also throws an exception (NS_ERROR_UNEXPECTED) in the case.
style-queue ran check-webkit-style on attachment 45226 [details] without any errors.
Comment on attachment 45226 [details] patch v1 Clearing flags on attachment: 45226 Committed r52388: <http://trac.webkit.org/changeset/52388>
All reviewed patches have been landed. Closing bug.
Mass moving XML DOM bugs to the "DOM" Component.