[Webkit-unassigned] [Bug 109220] [Chromium] Fix use after free in ContextMenuClientImpl.cpp
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Feb 14 16:50:34 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=109220
Tony Chang <tony at chromium.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #188443|review? |review+
Flag| |
--- Comment #16 from Tony Chang <tony at chromium.org> 2013-02-14 16:52:51 PST ---
(From update of attachment 188443)
View in context: https://bugs.webkit.org/attachment.cgi?id=188443&action=review
> Source/WebKit/chromium/src/ContextMenuClientImpl.cpp:315
> + data.misspelledWord = selectMisspellingAsync(selectedFrame, marker);
I wonder if we should ASSERT that the markersInRange are the same as before the selection was changed.
> LayoutTests/editing/spelling/spelling-changed-text.html:16
> + "To test manually, launch Chromium compiled with Address Sanitizer, enable 'Ask Google for Suggestions', type 'Spell cheher. Is it broken?', delete the words 'Is it broken?', and context-click on the word 'cheher'. " +
> + "The test suceeds when the browser does not crash and shows suggestions in the context menu.");
Nit: + goes on the following line before the second part of the string (like && and ||) and indent only 4 spaces.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list