[Webkit-unassigned] [Bug 22634] Safari crashes when I try to do a drag-and-drop of selected text in Presently or Writely,

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Mar 2 13:28:49 PST 2009 

https://bugs.webkit.org/show_bug.cgi?id=22634





------- Comment #8 from sky at google.com  2009-03-02 13:28 PDT -------
This fixes the crashers I'm seeing:

Index: WebCore/editing/ReplaceSelectionCommand.cpp

===================================================================

--- WebCore/editing/ReplaceSelectionCommand.cpp (revision 10629)
+++ WebCore/editing/ReplaceSelectionCommand.cpp (working copy)
@@ -839,6 +839,11 @@

     fragment.removeNode(refNode);
     insertNodeAtAndUpdateNodesInserted(refNode, insertionPos);
+
+    if (!refNode->parent()) {
+        // Inserting the node resulted in deleting the node we're going to
move.
+        return;
+    }

     while (node) {
         Node* next = node->nextSibling();
@@ -896,8 +901,13 @@
         // Insert a line break just after the inserted content to separate it
from what 
         // comes after and prevent that from happening.
         VisiblePosition endOfInsertedContent =
positionAtEndOfInsertedContent();
-        if (startOfParagraph(endOfInsertedContent) == startOfParagraphToMove)
+        if (startOfParagraph(endOfInsertedContent) == startOfParagraphToMove)
{
             insertNodeAt(createBreakElement(document()).get(),
endOfInsertedContent.deepEquivalent());
+            if (!startOfParagraphToMove.deepEquivalent().node()->parent()) {
+                // Inserting the break resulted in deleting the node we're
going to move.
+                return;
+            }
+        }

         // FIXME: Maintain positions for the start and end of inserted content
instead of keeping nodes.  The nodes are
         // only ever used to create positions where inserted content
starts/ends.


Eric, if you think this is the right approach and looks good I'll clean it up,
try and create a layout test and submit a proper fix. What do you think?


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list