[Webkit-unassigned] [Bug 74585] Crash when navigating with arrow key into empty anchor block with padding
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Dec 30 22:22:50 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=74585
Ryosuke Niwa <rniwa at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |eric at webkit.org,
| |leviw at chromium.org
--- Comment #17 from Ryosuke Niwa <rniwa at webkit.org> 2011-12-30 22:22:50 PST ---
(In reply to comment #16)
> (In reply to comment #15)
> > How can it have a child and not a leaf? Can you call box->showLineTreeForThis() and print out the line tree ?
>
> It seems that the RootInlineBox being targeted (the one that contains this pesky empty anchor node) contains only an "InlineFlowBox" which seems to have its "isLeaf()" hardcoded to false. I tried changing the implementation of isLeaf to return true if it has no children, but that seemed to cause logic problems elsewhere.
Okay. Thanks for the clarification. I think we need to deal it around line 677 and add a similar bail out as line 706: return VisiblePosition(pos, DOWNSTREAM);.
Also, I'd like to see a test case where we have some contents after the anchor. I bet your current patch won't work as expected in such case.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list