[Webkit-unassigned] [Bug 37115] New: REGRESSION(r56989): Crash in Mail in WebCore::Position::isCandidate when deleting block using block deletion UI

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 5 14:33:09 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=37115

           Summary: REGRESSION(r56989): Crash in Mail in
                    WebCore::Position::isCandidate when deleting block
                    using block deletion UI
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Mac OS X 10.6
            Status: NEW
          Keywords: Regression
          Severity: Normal
          Priority: P2
         Component: HTML Editing
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mrowe at apple.com
                CC: eric at webkit.org, mitz at webkit.org,
                    rolandsteiner at chromium.org, enrica at apple.com


When Mail is run against WebKit r56989 or newer attempting to delete a block
level element via the block deletion UI will crash.  This can be reproduced by
doing the following:
1) Run Mail against ToT WebKit.
2) Reply to a webkit-changes email message.
3) Place the caret in a diff hunk so that the block deletion UI appears.
4) Click on the delete button.

You’ll see a crash like so:

Thread 0 Crashed:
0   com.apple.WebCore                 0x00000001008f9118
WebCore::Position::isCandidate() const + 16 (PositionIterator.h:49)
1   com.apple.WebCore                 0x0000000100901728
WebCore::Frame::styleForSelectionStart(WebCore::Node*&) const + 196
(Frame.cpp:1305)
2   com.apple.WebCore                 0x0000000100901542
WebCore::Editor::fontForSelection(bool&) const + 52 (Editor.cpp:411)
3   com.apple.WebKit                  0x0000000100461f6a
-[WebHTMLView(WebInternal) _updateFontPanel] + 170 (WebHTMLView.mm:5042)
4   com.apple.WebKit                  0x00000001004649aa
-[WebHTMLView(WebInternal) _selectionChanged] + 42 (WebHTMLView.mm:5022)
5   com.apple.WebKit                  0x000000010046475e
WebEditorClient::respondToChangedSelection() + 28 (WebEditorClient.mm:284)
6   com.apple.WebCore                 0x00000001009014f1
WebCore::Editor::respondToChangedSelection(WebCore::VisibleSelection const&) +
69 (OwnPtr.h:63)
7   com.apple.WebCore                 0x00000001008fe05d
WebCore::Frame::respondToChangedSelection(WebCore::VisibleSelection const&,
bool) + 1525 (Frame.cpp:1745)
8   com.apple.WebCore                 0x0000000100f58c23
WebCore::SelectionController::setSelection(WebCore::VisibleSelection const&,
bool, bool, bool, WebCore::TextGranularity) + 395 (SelectionController.cpp:162)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list