[webkit-reviews] review requested: [Bug 57743] REGRESSION(r81887): Crash in SplitElement : [Attachment 88833] fixes the bug
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 8 10:00:32 PDT 2011
Darin Adler <darin at apple.com> has asked for review:
Bug 57743: REGRESSION(r81887): Crash in SplitElement
https://bugs.webkit.org/show_bug.cgi?id=57743
Attachment 88833: fixes the bug
https://bugs.webkit.org/attachment.cgi?id=88833&action=review
------- Additional Comments from Darin Adler <darin at apple.com>
View in context: https://bugs.webkit.org/attachment.cgi?id=88833&action=review
> Source/WebCore/editing/ReplaceSelectionCommand.cpp:957
> + if (insertionPos.containerNode()->isTextNode() &&
insertionPos.offsetInContainerNode() &&
!insertionPos.atLastEditingPositionForNode()) {
> +
splitTextNodeContainingElement(static_cast<Text*>(insertionPos.anchorNode()),
insertionPos.offsetInContainerNode());
It would be clearer if we called insertionPos.containerNode() both times. To
someone reading the code the cast seems dangerous since the type of
insertionPos.containerNode() is checked and based on that the code does a
typecast of static_cast<Text*>(insertionPos.anchorNode()). Someone reading
should be able to see the type safety without knowing that one condition
guarantees the other.
More information about the webkit-reviews
mailing list