RESOLVED FIXED 71561
[Chromium] Crash in WebAccessibilityObject::lineBreaks 
https://bugs.webkit.org/show_bug.cgi?id=71561
Summary [Chromium] Crash in WebAccessibilityObject::lineBreaks
Dominic Mazzoni
Reported 2011-11-04 08:15:59 PDT
The problem is that WebCore::AccessibilityObject::lineForPosition returns -1, but WebAccessibilityObject::lineBreaks is assuming it's a number >= 0. The crash happens when it tries to allocate a WebVector of size -1.
Attachments
Patch (1.31 KB, patch)
2011-11-04 09:30 PDT, Dominic Mazzoni 		no flags
DetailsFormatted DiffDiff
Patch (5.67 KB, patch)
2011-11-04 15:43 PDT, Dominic Mazzoni 		no flags
DetailsFormatted DiffDiff
Patch for landing (5.67 KB, patch)
2011-11-09 13:59 PST, Dominic Mazzoni 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Dominic Mazzoni
Comment 1 2011-11-04 09:30:09 PDT
Created attachment 113666 [details] Patch
Dimitri Glazkov (Google)
Comment 2 2011-11-04 13:30:11 PDT
Comment on attachment 113666 [details] Patch Can haz layout test?
Dominic Mazzoni
Comment 3 2011-11-04 15:43:55 PDT
Created attachment 113721 [details] Patch
Dimitri Glazkov (Google)
Comment 4 2011-11-09 12:23:02 PST
Comment on attachment 113721 [details] Patch pretty.
Dominic Mazzoni
Comment 5 2011-11-09 13:59:52 PST
Created attachment 114362 [details] Patch for landing
WebKit Review Bot
Comment 6 2011-11-09 15:28:32 PST
Comment on attachment 114362 [details] Patch for landing Clearing flags on attachment: 114362 Committed r99770: <http://trac.webkit.org/changeset/99770>
WebKit Review Bot
Comment 7 2011-11-09 15:28:37 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.