[Webkit-unassigned] [Bug 57755] New: chrome.dll!WebCore..EventTarget..dispatchEvent ReadAV at NULL (6c815dec64b94a3dde8974a25da7f213)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 4 07:57:10 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=57755

           Summary: chrome.dll!WebCore..EventTarget..dispatchEvent
                    ReadAV at NULL (6c815dec64b94a3dde8974a25da7f213)
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Windows Vista
            Status: NEW
          Severity: Normal
          Priority: P1
         Component: HTML Editing
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: skylined at chromium.org
                CC: rniwa at webkit.org


Created an attachment (id=88058)
 --> (https://bugs.webkit.org/attachment.cgi?id=88058&action=review)
Repro

Chromium: http://code.google.com/p/chromium/issues/detail?id=78320
"selection.rootEditableElement()" can return NULL, something that "canAppendNewLineFeed" does not handle:

static bool canAppendNewLineFeed(const VisibleSelection& selection)
{
    ExceptionCode ec = 0;
    RefPtr<BeforeTextInsertedEvent> event = BeforeTextInsertedEvent::create(String("\n"));
    selection.rootEditableElement()->dispatchEvent(event, ec); // CRASH
    return event->text().length();
}

Repro:
<body onload="go()">
<script>
  function go() {
    document.designMode="on";
    document.write("</");
    document.getSelection().addRange(document.createRange());
    document.execCommand("InsertLineBreak");
  }
</script>

id:             chrome.dll!WebCore::EventTarget::dispatchEvent ReadAV at NULL (6c815dec64b94a3dde8974a25da7f213)
description:    Attempt to read from unallocated NULL pointer in chrome.dll!WebCore::EventTarget::dispatchEvent
application:    Chromium 12.0.725.0
stack:          chrome.dll!WebCore::EventTarget::dispatchEvent
                chrome.dll!WebCore::canAppendNewLineFeed
                chrome.dll!WebCore::TypingCommand::insertLineBreak
                chrome.dll!WebCore::EditCommand::apply
                chrome.dll!WebCore::applyCommand
                chrome.dll!WebCore::TypingCommand::insertLineBreak
                chrome.dll!WebCore::executeInsertLineBreak
                chrome.dll!WebCore::Editor::Command::execute
                chrome.dll!WebCore::Document::execCommand
                chrome.dll!WebCore::DocumentInternal::execCommandCallback
                chrome.dll!v8::internal::HandleApiCallHelper<...>
                chrome.dll!v8::internal::Builtin_HandleApiCall
                chrome.dll!v8::internal::Invoke
                chrome.dll!v8::internal::Execution::Call
                ...

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list