[Webkit-unassigned] [Bug 33668] New: WebCore::InsertListCommand::modifyRange infinite loop (100% CPU usage)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jan 14 04:08:38 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=33668
Summary: WebCore::InsertListCommand::modifyRange infinite loop
(100% CPU usage)
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Windows Vista
Status: NEW
Severity: Normal
Priority: P1
Component: HTML Editing
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: skylined at chromium.org
CC: eric at webkit.org
from WebKit›WebCore›editing›InsertListCommand.cpp:
bool InsertListCommand::modifyRange()
{
VisibleSelection selection =
selectionForParagraphIteration(endingSelection());
ASSERT(selection.isRange());
VisiblePosition startOfSelection = selection.visibleStart();
VisiblePosition endOfSelection = selection.visibleEnd();
VisiblePosition startOfLastParagraph = startOfParagraph(endOfSelection);
if (startOfParagraph(startOfSelection) == startOfLastParagraph)
return false;
Node* startList = enclosingList(startOfSelection.deepEquivalent().node());
Node* endList = enclosingList(endOfSelection.deepEquivalent().node());
if (!startList || startList != endList)
m_forceCreateList = true;
setEndingSelection(startOfSelection);
doApply();
// Fetch the start of the selection after moving the first paragraph,
// because moving the paragraph will invalidate the original start.
// We'll use the new start to restore the original selection after
// we modified all selected paragraphs.
startOfSelection = endingSelection().visibleStart();
VisiblePosition startOfCurrentParagraph =
startOfNextParagraph(startOfSelection);
while (startOfCurrentParagraph != startOfLastParagraph) {
// doApply() may operate on and remove the last paragraph of the
selection from the document
// if it's in the same list item as startOfCurrentParagraph. Return
early to avoid an
// infinite loop and because there is no more work to be done.
// FIXME(<rdar://problem/5983974>): The endingSelection() may be
incorrect here. Compute
// the new location of endOfSelection and use it as the end of the new
selection.
if (!startOfLastParagraph.deepEquivalent().node()->inDocument())
return true;
setEndingSelection(startOfCurrentParagraph);
doApply();
startOfCurrentParagraph =
startOfNextParagraph(endingSelection().visibleStart());
}
setEndingSelection(endOfSelection);
doApply();
// Fetch the end of the selection, for the reason mentioned above.
endOfSelection = endingSelection().visibleEnd();
setEndingSelection(VisibleSelection(startOfSelection, endOfSelection));
m_forceCreateList = false;
return true;
}
The while loop will run forever using this repro:
<BODY></BODY>
<SCRIPT>
document.execCommand("selectall",false,true);
document.designMode="on";
document.execCommand("inserthorizontalrule",8);
document.execCommand("InsertImage",false,"");
document.execCommand("justifyleft",false,1);
document.execCommand("insertparagraph",false);
document.execCommand("SelectAll",false,undefined);
document.execCommand("InsertOrderedList",false,null);
</SCRIPT>
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list