[Webkit-unassigned] [Bug 74585] Crash when navigating with arrow key into empty anchor block with padding
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Dec 30 07:45:10 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=74585
--- Comment #2 from Daniel Jalkut <jalkut at red-sweater.com> 2011-12-30 07:45:10 PST ---
The crash seems to stem from the assumption that a given InlineBox will have non-NULL leaf children.
InlineBox* RootInlineBox::closestLeafChildForLogicalLeftPosition(int leftPosition, bool onlyEditableLeaves)
{
InlineBox* firstLeaf = firstLeafChild();
InlineBox* lastLeaf = lastLeafChild();
if (firstLeaf == lastLeaf && (!onlyEditableLeaves || isEditableLeaf(firstLeaf)))
return firstLeaf;
Currently the behavior when this method is reached for a box with no children, is to crash hard later in the method, trying to dereference firstLeaf.
The implicit contract for closestLeafChildForLogicalLeftPosition seems to be that it will always return a non-NULL result (its callers blindly dereference the result). So what is the appropriate return value when a RootInlineBox with no children is asked for the closestLeafChildForLogicalLeftPosition? Is it just the box itself? What if "onlyEditableLeaves" is true but the box itself is not editable?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list