36800 – Ownerless nodes leads a crash on DOMSelection APIs

RESOLVED FIXED Bug 36800

Ownerless nodes leads a crash on DOMSelection APIs

https://bugs.webkit.org/show_bug.cgi?id=36800

Summary Ownerless nodes leads a crash on DOMSelection APIs

Hajime Morrita

Reported 2010-03-29 19:25:24 PDT

Passing ownerless node to DOMSelection APIs including collapse(), extend(), selectAllChildren(), setPosition() causes a crash. One type of ownerless node is newly-created DocumentType object. This is similar to Bug 31680 and the fix on Bug 31680 will fix these. But we need regressions for that.

Attachments
to reproduce (326 bytes, text/html) 2010-03-30 02:40 PDT, Hajime Morrita	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Hajime Morrita

Comment 1 2010-03-30 02:40:28 PDT

Created attachment 52015 [details] to reproduce

Hajime Morrita

Comment 2 2010-04-01 22:33:17 PDT

Fixed at http://trac.webkit.org/changeset/56962

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS OS X 10.5

Product WebKit

Component HTML Editing

Assignee

Nobody

Reported

2010-03-29 19:25 PDT

Modified

2010-04-01 22:33 PDT History

CC List

0 users

URL

Keywords

Depends on

Blocks