[Webkit-unassigned] [Bug 60090] New: REGRESSION(r73886): crash in replaceSelectionWithFragment

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 3 17:22:24 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=60090

           Summary: REGRESSION(r73886): crash in
                    replaceSelectionWithFragment
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: P2
         Component: HTML Editing
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rniwa at webkit.org
                CC: ojan at chromium.org, enrica at apple.com,
                    morrita at google.com


It's missing a null pointer check for m_spellChecker.

stack trace:

Thread 0 *CRASHED* ( EXC_BAD_ACCESS / KERN_INVALID_ADDRESS @ 0x1f0f6602 )

0x1f0f6602            
0x01d36cf5     [Google Chrome Framework     - Editor.cpp:443]    WebCore::Editor::replaceSelectionWithFragment
0x01d3c299     [Google Chrome Framework     - Editor.cpp:448]    WebCore::Editor::replaceSelectionWithText
0x01d43381     [Google Chrome Framework     - Editor.cpp:197]    WebCore::Editor::handleTextEvent
0x01eb038f     [Google Chrome Framework     - EventHandler.cpp:2762]    WebCore::EventHandler::defaultTextInputEventHandler
0x01cd0dcf     [Google Chrome Framework     - Node.cpp:3054]    WebCore::Node::defaultEventHandler
0x01ccc191     [Google Chrome Framework     - Node.cpp:2748]    WebCore::Node::dispatchGenericEvent
0x01ccc988     [Google Chrome Framework     - Node.cpp:2646]    WebCore::Node::dispatchEvent
0x01cba659     [Google Chrome Framework     - EventTarget.cpp:297]    WebCore::EventTarget::dispatchEvent
0x01d3a646     [Google Chrome Framework     - Editor.cpp:372]    WebCore::Editor::pasteAsPlainText
0x01d3c6ad     [Google Chrome Framework     - Editor.cpp:393]    WebCore::Editor::pasteAsPlainTextWithPasteboard
0x01d3c944     [Google Chrome Framework     - Editor.cpp:1299]    WebCore::Editor::paste
0x01d485b5     [Google Chrome Framework     - EditorCommand.cpp:888]    WebCore::executePaste
0x01d4944e     [Google Chrome Framework     - EditorCommand.cpp:1644]    WebCore::Editor::Command::execute
0x01662c9b     [Google Chrome Framework     - WebFrameImpl.cpp:1199]    WebKit::WebFrameImpl::executeCommand
0x007e2fb1     [Google Chrome Framework     - render_view.cc:1562]    RenderView::OnPaste
0x007e4a83     [Google Chrome Framework     - ../base/tuple.h:558]    RenderView::OnMessageReceived
0x011ffae2     [Google Chrome Framework     - message_router.cc:46]    MessageRouter::RouteMessage
0x011ff683     [Google Chrome Framework     - message_router.cc:38]    MessageRouter::OnMessageReceived
0x011f0881     [Google Chrome Framework     - child_thread.cc:167]    ChildThread::OnMessageReceived
0x0120f38a     [Google Chrome Framework     - ../base/tuple.h:551]    RunnableMethod<IPC::ChannelProxy::Context,void (IPC::ChannelProxy::Context::*)(const IPC::Message&),Tuple1<IPC::Message> >::Run

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list