[Webkit-unassigned] [Bug 32131] WebCore::canHaveChildrenForEditing ReadAV at NULL (cd05b3b20e0f4c6b3afe5d165a1798aa)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 15 00:00:00 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=32131
Tony Chang (Google) <tony at chromium.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |justin.garcia at apple.com,
| |tony at chromium.org
--- Comment #4 from Tony Chang (Google) <tony at chromium.org> 2010-01-14 23:59:59 PST ---
Here's what's happening:
insertorderedlist works by taking each paragraph and indenting them one by one.
It indents a paragraph by creating the new list item and moving the paragraph
from the old location to under the new list item. When moving a paragraph, it
puts a placeholder near the old location, moves the paragraph to the new
location, then tries to clean up the placeholder and placeholder's parent node.
When we delete a paragraph from the old location, we call
DeleteSelectionCommand::calculateTypingStyleAfterDelete. This can call
applyStyle(), which can move our endingSelection(). Unfortunately, we need the
endingSelection() position for removing the placeholder near the old location.
This can result in getting the wrong placeholder which causes us to delete the
wrong nodes.
Specifically, it's the text-align and display style on the div that causes
applyStyle to be called which leads to this crash.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list