[Webkit-unassigned] [Bug 27275] [Chromium] popup menus can crash when the selected index is -1
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jul 20 13:51:39 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=27275
Eric Seidel <eric at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #33102|review? |review+
Flag| |
--- Comment #11 from Eric Seidel <eric at webkit.org> 2009-07-20 13:51:38 PDT ---
(From update of attachment 33102)
I spoke w/ Paul at his desk.
The real bug here seems to be the API design for pointToRowIndex.
pointToRowIndex returns the special value "-1" which all other places which use
"int index" are forced to then handle.
+ if (index >= numItems())
+ return;
is not necessary. I can be an ASSERT, but doesn't seem otherwise needed.
+ if (index < 0) {
could be index == -1, since -1 is the only special value. It's OK as is
though.
- ASSERT(index >= 0 && index < numItems());
+ if (index < 0 || index >= numItems())
+ return;
This looks like it will crash in the future? Seems we need to handle at least
the -1 case.
bool PopupListBox::isSelectableItem(int index)
{
+ ASSERT(index >= 0 && index < numItems());
Since we know the source of the only invalid indices (pointToRowIndex), seems
we should fix the source of these invalid indices.
bool hitTest(IntPoint, int& hitRow);
seems like a better API than pointToRowIndex as it would force all callers to
handle the out-of bounds case.
r+ because this fixes the crash. Please consider filing a bug about the
re-archtecture, or post-ing a fix using the hitTest approach instead.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list