[Webkit-unassigned] [Bug 19151] prepareForTextInsertion assumes Position is not null (even though it can be)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 20 14:16:29 PDT 2008


http://bugs.webkit.org/show_bug.cgi?id=19151





------- Comment #3 from eric at webkit.org  2008-05-20 14:16 PDT -------
Unfortunately I don't have a full backtrace anymore.  That paste buffer is long
gone. :(  In general my setup on windows sucks.  IIRC right above this was
document.execCommand called from JS.  The question is just how do you get the
document into a position where document.execCommand("removeFormat") is going to
cause this crash?

I was crashing on this line:
    if (!pos.node()->isTextNode()) {

pos.node() was NULL.

Which seems totally reasonable, looking back through how we got there.  input()
doesn't check the Postition and positionAvoidingSpecialElementBoundary() (which
is how we generated what position we use) just returns a null position back if
passed in one.

If I find out any more, I'll be sure to add it here.  Again, I expect the
fuzzer (attached to another bug) could probably repro this crash, but right now
there are way to many other ASSERTs and crashes in the way.  I guess I could
write a harness to enable a more complete search of the input space (w/o having
to do it all manually).


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list