Originally reported as: http://code.google.com/p/chromium/issues/detail?id=43083 In short, if you... 1) FindInPage on a Google Sites page you have edit permissions on 2) (without closing the Find box in Chromium) you edit the Sites page 3) click FindNext Then you'll crash inside WebCore::Node::nodeIndex... 002cf084 69ad6b5a chrome_69aa0000!WebCore::Node::nodeIndex+0x7 002cf088 69ad9099 chrome_69aa0000!WebCore::RangeBoundaryPoint::offset+0xe 002cf094 69b32113 chrome_69aa0000!WebCore::Range::pastLastNode+0x30 002cf0c8 69cfbbaf chrome_69aa0000!WebCore::Document::setMarkersActive+0x42 002cf1dc 69e60393 chrome_69aa0000!WebKit::WebFrameImpl::find+0x5d 002cf264 69e68e66 chrome_69aa0000!RenderView::OnFind+0x13a What is happening is that setMarkersActive is not checking for collapsed ranges, so we use a range with invalid RangeBoundaryPoints. I have a fix.
Created attachment 55299 [details] Propsed fix
I should add that I tried for a few hours to create a reduced test case for this, but was unable to get it to repro the problem.
Comment on attachment 55299 [details] Propsed fix ok.
Comment on attachment 55299 [details] Propsed fix Clearing flags on attachment: 55299 Committed r58958: <http://trac.webkit.org/changeset/58958>
All reviewed patches have been landed. Closing bug.