[webkit-reviews] review requested: [Bug 57743] REGRESSION(r81887): Crash in SplitElement : [Attachment 88833] fixes the bug

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Apr 8 10:00:32 PDT 2011


Darin Adler <darin at apple.com> has asked  for review:
Bug 57743: REGRESSION(r81887): Crash in SplitElement
https://bugs.webkit.org/show_bug.cgi?id=57743

Attachment 88833: fixes the bug
https://bugs.webkit.org/attachment.cgi?id=88833&action=review

------- Additional Comments from Darin Adler <darin at apple.com>
View in context: https://bugs.webkit.org/attachment.cgi?id=88833&action=review

> Source/WebCore/editing/ReplaceSelectionCommand.cpp:957
> +	   if (insertionPos.containerNode()->isTextNode() &&
insertionPos.offsetInContainerNode() &&
!insertionPos.atLastEditingPositionForNode()) {
> +	      
splitTextNodeContainingElement(static_cast<Text*>(insertionPos.anchorNode()),
insertionPos.offsetInContainerNode());

It would be clearer if we called insertionPos.containerNode() both times. To
someone reading the code the cast seems dangerous since the type of
insertionPos.containerNode() is checked and based on that the code does a
typecast of static_cast<Text*>(insertionPos.anchorNode()). Someone reading
should be able to see the type safety without knowing that one condition
guarantees the other.


More information about the webkit-reviews mailing list