[Webkit-unassigned] [Bug 43071] New: Indenting certain HTML causes NULL pointer crash.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jul 27 13:03:57 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=43071
Summary: Indenting certain HTML causes NULL pointer crash.
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
URL: http://code.google.com/p/chromium/issues/detail?id=504
04
OS/Version: Windows Vista
Status: NEW
Severity: Normal
Priority: P1
Component: HTML Editing
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: skylined at chromium.org
CC: eric at webkit.org
Created an attachment (id=62732)
--> (https://bugs.webkit.org/attachment.cgi?id=62732)
Repro - WebCore::AppendNodeCommand::AppendNodeCommand ReadAV at NULL (ae8a44eb1a4d3115a1236246b62cf2d1)
<html>
<head>
<script>
document.designMode="on";
document.writeln('x<isIndex/><x><object>x</object>');
selection=window.getSelection();
selection.selectAllChildren(document);
document.execCommand("indent");
</script>
</head>
<body onload="go()">
</body>
</html>
The above causes a NULL pointer crash:
id: WebCore::AppendNodeCommand::AppendNodeCommand ReadAV at NULL (ae8a44eb1a4d3115a1236246b62cf2d1)
description: Attempt to read from NULL pointer (+0x14) in WebCore::AppendNodeCommand::AppendNodeCommand
stack: WebCore::AppendNodeCommand::AppendNodeCommand
WebCore::AppendNodeCommand::create
WebCore::CompositeEditCommand::appendNode
WebCore::CompositeEditCommand::cloneParagraphUnderNewElement
WebCore::CompositeEditCommand::moveParagraphWithClones
WebCore::IndentOutdentCommand::indentIntoBlockquote
WebCore::IndentOutdentCommand::indentRegion
WebCore::IndentOutdentCommand::doApply
WebCore::EditCommand::apply
WebCore::applyCommand
WebCore::executeIndent
WebCore::Editor::Command::execute
WebCore::Document::execCommand
...
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list