89170 – [Shadow] Deleting list distributed to Shadow DOM does not work correctly.

RESOLVED FIXED 89170

[Shadow] Deleting list distributed to Shadow DOM does not work correctly.

https://bugs.webkit.org/show_bug.cgi?id=89170

Summary [Shadow] Deleting list distributed to Shadow DOM does not work correctly.

Shinya Kawanaka

Reported 2012-06-14 22:47:50 PDT

Created attachment 147736 [details] Repro Selects from LIST 1 to LIST 3, then press 'delete'. render_widget_host_view_gtk.cc(929): pos + n <= text.length() This is actual DCHECK in chromium, but WebKit might (or might not) have a bug. So file this bug here anyway.

Attachments
Repro (3.39 KB, text/html) 2012-06-14 22:47 PDT, Shinya Kawanaka	no flags	Details
Patch (4.21 KB, patch) 2012-06-25 15:02 PDT, Shinya Kawanaka	no flags	Details Formatted Diff Diff
Patch for landing (4.63 KB, patch) 2012-06-25 15:38 PDT, Shinya Kawanaka	no flags	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Shinya Kawanaka

Comment 1 2012-06-25 14:53:05 PDT

Though DRT does not crash in this test, but it behaves weird.

Shinya Kawanaka

Comment 2 2012-06-25 15:02:35 PDT

Created attachment 149364 [details] Patch

Shinya Kawanaka

Comment 3 2012-06-25 15:04:04 PDT

Indeed it was a bug in WebCore not in chromium.

Ryosuke Niwa

Comment 4 2012-06-25 15:06:39 PDT

Comment on attachment 149364 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=149364&action=review > LayoutTests/editing/shadow/delete-list-in-shadow-expected.txt:5 > +AB345 Can we replace this by PASS?

Ryosuke Niwa

Comment 5 2012-06-25 15:08:07 PDT

Maybe we should just replace all these rendererIsEditable by isContentEditable because we keep hitting these crashes. There are 64 other places where we call rendererIsEditable instead of isContentEditable according to shinyak, and I'm not certain if it's really productive for us to wait until fuzzer finds a reduction for us.

Shinya Kawanaka

Comment 6 2012-06-25 15:38:37 PDT

Created attachment 149373 [details] Patch for landing

WebKit Review Bot

Comment 7 2012-06-25 18:49:27 PDT

Comment on attachment 149373 [details] Patch for landing Clearing flags on attachment: 149373 Committed r121211: <http://trac.webkit.org/changeset/121211>

WebKit Review Bot

Comment 8 2012-06-25 18:49:32 PDT

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component HTML Editing

Assignee

Shinya Kawanaka

Reported

2012-06-14 22:47 PDT

Modified

2012-06-25 18:49 PDT History

CC List

8 users Show

URL

Keywords

Depends on

Blocks

82697

Dependencies

tree graph