[Webkit-unassigned] [Bug 37950] Crash in WebCore::TextIterator::handleTextNode() encountered in Google rich-text products

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=37950


mitz at webkit.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #54133|review?                     |review-
               Flag|                            |




--- Comment #8 from mitz at webkit.org  2010-04-22 23:35:54 PST ---
(From update of attachment 54133)
Thanks for tackling this bug!

> -    if (!renderer->firstTextBox() && str.length() > 0) {
> -        m_lastTextNodeEndedWithCollapsedSpace = true; // entire block is collapsed space
> +    if (!renderer->firstTextBox()) {
> +        if (str.length() > 0)
> +            m_lastTextNodeEndedWithCollapsedSpace = true; // entire block is collapsed space
>          return true;
>      }

I am afraid that this fix may be wrong, because it doesn’t reset m_textBox in
this case. I would feel much better with a fix that didn’t return early here,
but instead just changed this

m_textBox = renderer->containsReversedText() ? m_sortedTextBoxes[0] :
renderer->firstTextBox();

to say

m_textBox = renderer->containsReversedText() ? (m_sortedTextBoxes.size() ?
m_sortedTextBoxes[0] : 0) : renderer->firstTextBox();

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.