67762 – Crashes in WebCore::ReplaceSelectionCommand::doApply

RESOLVED FIXED Bug 67762

Crashes in WebCore::ReplaceSelectionCommand::doApply

https://bugs.webkit.org/show_bug.cgi?id=67762

Summary Crashes in WebCore::ReplaceSelectionCommand::doApply

Shinya Kawanaka

Reported 2011-09-07 23:40:31 PDT

https://bugs.webkit.org/show_bug.cgi?id=67668 testcase1:: <feSpotLight><sub id="div" contenteditable="true"><script> var sel = window.getSelection(); sel.setPosition(div, 0); document.execCommand("InsertHTML", false, "<dl>"); </script>

Attachments
Patch (3.60 KB, patch) 2011-09-07 23:51 PDT, Shinya Kawanaka	no flags	Details Formatted Diff Diff
Patch (3.59 KB, patch) 2011-09-08 00:09 PDT, Shinya Kawanaka	no flags	Details Formatted Diff Diff
Patch (3.61 KB, patch) 2011-09-08 00:43 PDT, Shinya Kawanaka	no flags	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Shinya Kawanaka

Comment 1 2011-09-07 23:51:22 PDT

Created attachment 106700 [details] Patch

Kent Tamura

Comment 2 2011-09-07 23:54:06 PDT

Comment on attachment 106700 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=106700&action=review > LayoutTests/ChangeLog:11 > + * editing/inserting/insert-replaceselection-crash-expected.txt: Added. > + * editing/inserting/insert-replaceselection-crash.html: Added. It's better, but we had better describe a test case, rather than a crash location. How about insert-without-enclosing-block.html? > Source/WebCore/ChangeLog:10 > + Test: editing/inserting/insert-67668-crash.html Need to update.

Ryosuke Niwa

Comment 3 2011-09-07 23:56:36 PDT

Comment on attachment 106700 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=106700&action=review > LayoutTests/editing/inserting/insert-replaceselection-crash.html:7 > +var sel = window.getSelection(); > + > +sel.setPosition(div, 0); It seems redundant to declare sel.

Shinya Kawanaka

Comment 4 2011-09-08 00:09:09 PDT

Created attachment 106703 [details] Patch

Shinya Kawanaka

Comment 5 2011-09-08 00:09:51 PDT

Reflected the above comments.

Ryosuke Niwa

Comment 6 2011-09-08 00:11:20 PDT

Comment on attachment 106703 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=106703&action=review > LayoutTests/ChangeLog:11 > + * editing/inserting/insert-replaceselection-crash-expected.txt: Added. > + * editing/inserting/insert-replaceselection-crash.html: Added. You should rename the test as tkent suggested.

Shinya Kawanaka

Comment 7 2011-09-08 00:12:59 PDT

(In reply to comment #6) > (From update of attachment 106703 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=106703&action=review > > > LayoutTests/ChangeLog:11 > > + * editing/inserting/insert-replaceselection-crash-expected.txt: Added. > > + * editing/inserting/insert-replaceselection-crash.html: Added. > > You should rename the test as tkent suggested. Oops, sorry. I'll fix them soon.

Shinya Kawanaka

Comment 8 2011-09-08 00:43:35 PDT

Created attachment 106706 [details] Patch

WebKit Review Bot

Comment 9 2011-09-08 13:49:30 PDT

Comment on attachment 106706 [details] Patch Clearing flags on attachment: 106706 Committed r94793: <http://trac.webkit.org/changeset/94793>

WebKit Review Bot

Comment 10 2011-09-08 13:49:34 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component HTML Editing

Assignee

Nobody

Reported

2011-09-07 23:40 PDT

Modified

2011-09-08 13:49 PDT History

CC List

4 users Show

URL

Keywords

Depends on

Blocks

67668

Dependancies

tree graph