[Webkit-unassigned] [Bug 55290] REGRESSION: Webkit crash on dojo theme tester page
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Feb 26 03:18:26 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=55290
--- Comment #3 from Ryosuke Niwa <rniwa at webkit.org> 2011-02-26 03:18:26 PST ---
(In reply to comment #1)
> Confirmed with nightly r79488. Suspecting <http://trac.webkit.org/r79398>.
>
> 0 com.apple.WebCore 0x0000000100ef1e1d WebCore::Editor::selectionStartCSSPropertyValue(int) + 45
> 1 com.apple.WebCore 0x0000000100efdc18 WebCore::valueStyle(WebCore::Frame*, int) + 24
> 2 com.apple.WebCore 0x0000000100efdca6 WebCore::valueFontName(WebCore::Frame*, WebCore::Event*) + 22
> 3 com.apple.WebCore 0x0000000100eff1df WebCore::Editor::Command::value(WebCore::Event*) const + 111
> 4 com.apple.WebCore 0x0000000100e060c9 WebCore::Document::queryCommandValue(WTF::String const&) + 41
> 5 com.apple.WebCore 0x00000001011d8c36 WebCore::jsDocumentPrototypeFunctionQueryCommandValue(JSC::ExecState*) + 278
Oops! Yes, it's missing a null check. http://trac.webkit.org/browser/trunk/Source/WebCore/editing/Editor.cpp#L1043
RefPtr<EditingStyle> selectionStyle = selectionStartStyle();
if (!selectionStyle->style())
return String();
should be
RefPtr<EditingStyle> selectionStyle = selectionStartStyle();
if (!selectionStyle || !selectionStyle->style())
return String();
instead.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list