RESOLVED FIXED Bug 38591
[Chromium]: FindInPage crash on sites.google.com 
https://bugs.webkit.org/show_bug.cgi?id=38591
Summary [Chromium]: FindInPage crash on sites.google.com
Finnur Thorarinsson
Reported 2010-05-05 09:48:11 PDT
Originally reported as: http://code.google.com/p/chromium/issues/detail?id=43083 In short, if you... 1) FindInPage on a Google Sites page you have edit permissions on 2) (without closing the Find box in Chromium) you edit the Sites page 3) click FindNext Then you'll crash inside WebCore::Node::nodeIndex... 002cf084 69ad6b5a chrome_69aa0000!WebCore::Node::nodeIndex+0x7 002cf088 69ad9099 chrome_69aa0000!WebCore::RangeBoundaryPoint::offset+0xe 002cf094 69b32113 chrome_69aa0000!WebCore::Range::pastLastNode+0x30 002cf0c8 69cfbbaf chrome_69aa0000!WebCore::Document::setMarkersActive+0x42 002cf1dc 69e60393 chrome_69aa0000!WebKit::WebFrameImpl::find+0x5d 002cf264 69e68e66 chrome_69aa0000!RenderView::OnFind+0x13a What is happening is that setMarkersActive is not checking for collapsed ranges, so we use a range with invalid RangeBoundaryPoints. I have a fix.
Attachments
Propsed fix (1.32 KB, patch)
2010-05-06 14:44 PDT, Finnur Thorarinsson 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Finnur Thorarinsson
Comment 1 2010-05-06 14:44:59 PDT
Created attachment 55299 [details] Propsed fix
Finnur Thorarinsson
Comment 2 2010-05-06 14:46:07 PDT
I should add that I tried for a few hours to create a reduced test case for this, but was unable to get it to repro the problem.
Dimitri Glazkov (Google)
Comment 3 2010-05-06 14:54:25 PDT
Comment on attachment 55299 [details] Propsed fix ok.
WebKit Commit Bot
Comment 4 2010-05-07 11:06:03 PDT
Comment on attachment 55299 [details] Propsed fix Clearing flags on attachment: 55299 Committed r58958: <http://trac.webkit.org/changeset/58958>
WebKit Commit Bot
Comment 5 2010-05-07 11:06:08 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.