[Webkit-unassigned] [Bug 7398] New: Crash in setFocusNode if the old focus node has been detached

Mon Feb 20 22:58:04 PST 2006

http://bugzilla.opendarwin.org/show_bug.cgi?id=7398

           Summary: Crash in setFocusNode if the old focus node has been
                    detached
           Product: WebKit
           Version: 420+ (nightly)
          Platform: Macintosh
        OS/Version: Mac OS X 10.4
            Status: NEW
          Severity: major
          Priority: P2
         Component: Layout and Rendering
        AssignedTo: webkit-unassigned at opendarwin.org
        ReportedBy: Graham.Dennis at gmail.com

While running Sandvox with the latest WebKit ToT, if one deletes all the text
in the site sub-title or 'parting words' editable divs, then the editing
delegate (in Sandvox) removes the text element (it becomes detached) before
setFocusNode() is called. When setFocusNode is called, there is a crash caused
by the assumption that if the node exists, and it isn't currently being
detached, that is must have a renderer. In this case, as it has been detached,
it no longer has a renderer. I have a patch which I'll attach.

The appropriate part of the crash report is below:
Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000000

Thread 0 Crashed:
0   com.apple.WebCore                   0x019bcb50
WebCore::DocumentImpl::setFocusNode(KXMLCore::PassRefPtr<WebCore::NodeImpl>) +
400 (DocumentImpl.cpp:2058)
1   com.apple.WebCore                   0x019b53a8
WebCore::FrameView::dispatchMouseEvent(WebCore::AtomicString const&,
WebCore::NodeImpl*, bool, int, QMouseEvent*, bool, int) + 1208
(FrameView.cpp:1038)

-- 
Configure bugmail: http://bugzilla.opendarwin.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.