[Webkit-unassigned] [Bug 22168] Chromium is seeing crashes using TextIterator
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Nov 11 09:09:39 PST 2008
https://bugs.webkit.org/show_bug.cgi?id=22168
darin at apple.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #25036|review? |review+
Flag| |
------- Comment #4 from darin at apple.com 2008-11-11 09:09 PDT -------
(From update of attachment 25036)
I see no harm in adding this assertion, but little benefit in doing so. The
line that initializes m_lastCharacter will crash if str.characters() is 0; this
will move that crash up a few lines but not detect any additional failure
cases.
The evidence does not match the theory that renderer->text() is a null string.
In TextIterator::handleTextBox we've already fetched renderer->text() and
dereferenced it by calling str[runStart] before calling emitText. So there's no
real chance that it's a null string in that code path.
If characters() is 0x02 that does not indicate a null string. Instead it
indicates a StringImpl that has been deallocated or overwritten. characters()
is 0 in a null string.
r=me because there's no harm in adding the assertion.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list