[Webkit-unassigned] [Bug 47522] New: Crash in HTMLTextFormControlElement::selection()

Mon Oct 11 17:16:06 PDT 2010

https://bugs.webkit.org/show_bug.cgi?id=47522

           Summary: Crash in HTMLTextFormControlElement::selection()
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: HasReduction, NeedsRadar
          Severity: Normal
          Priority: P1
         Component: Forms
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rniwa at webkit.org
                CC: adele at apple.com, ap at webkit.org, tony at chromium.org,
                    ojan at chromium.org, tkent at chromium.org

Created an attachment (id=70498)
 --> (https://bugs.webkit.org/attachment.cgi?id=70498&action=review)
demo

Reproduction steps
1. Open the attached file
2. Press any arrow keys twice

The crash happens inside RenderTextControl::selection called by HTMLTextFormControlElement::selection.
It hits ASSERT(!m_deletionHasBegun) of m_innerText, which is a WebCore::TextControlInnerTextElement.

http://crbug.com/58741

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.