[Webkit-unassigned] [Bug 71561] New: [Chromium] Crash in WebAccessibilityObject::lineBreaks

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=71561

           Summary: [Chromium] Crash in WebAccessibilityObject::lineBreaks
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Accessibility
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: dmazzoni at google.com


The problem is that WebCore::AccessibilityObject::lineForPosition returns -1, but WebAccessibilityObject::lineBreaks is assuming it's a number >= 0. The crash happens when it tries to allocate a WebVector of size -1.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.