[Webkit-unassigned] [Bug 56004] chrome.dll!WebCore::lastPositionInNode ReadAV at NULL (23c8d35ca79c9994c6691ce3fa381d59)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 9 02:37:46 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=56004
--- Comment #1 from Berend-Jan Wever <skylined at chromium.org> 2011-03-09 02:37:46 PST ---
Offending code in "\Source\WebCore\editing\visible_units.cpp":
VisiblePosition nextLinePosition(const VisiblePosition &visiblePosition, int x)
{
<snip>
// Could not find a next line. This means we must already be on the last line.
// Move to the end of the content in this block, which effectively moves us
// to the end of the line we're on.
Element* rootElement = node->isContentEditable() ? node->rootEditableElement() : node->document()->documentElement();
return VisiblePosition(lastPositionInNode(rootElement), DOWNSTREAM);
}
"rootElement" can be NULL through "node->document()->documentElement()".
"lastPositionInNode" does not handle NULL ptrs.
A similar code construct exists in "previousLinePosition", but I couldn't get that to crash.
The comment in the code above seems to be incorrect; "Move to the end of the content in this block" should read "Move to the end of the document" as far as I can tell. Assuming this is the case, one could replace the code with a call to "endOfDocument". However, "endOfDocument" does not check for "node->isContentEditable()", or handle things differently if this is true.
In other words - I don't know exactly what the code should do, so I cannot fix this.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list