[Webkit-unassigned] [Bug 63440] ASSERTION FAILED in Range::Range causes a crash in QtTestBrowser
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jun 28 06:09:54 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=63440
--- Comment #5 from Ryosuke Niwa <rniwa at webkit.org> 2011-06-28 06:09:53 PST ---
(In reply to comment #1)
> The reason for the assertion is - In Range::checkNodeWOffset, the node is identified as Node::DOCUMENT_TYPE_NODE. This is because, the Node object is of the next document that is in the process of getting loaded. But the user is selecting the text in the document that is visible to the user which is the old document/Node object no longer available in Range::checkNodeWOffset. These assertions are not required (without them), the use case works fine. No selection is made on double clicking.
It makes no sense that this happens given the stack trace. handleMousePressEventDoubleClick shouldn't be setting one of the end points to the document node nor should it belong to a different node.
We need to identify why this is ever happening. In fact, if we're really putting an end point of a different "page", then it could be a security vulnerability.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list