[Webkit-unassigned] [Bug 109220] [Chromium] Fix use after free in ContextMenuClientImpl.cpp
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Feb 8 11:15:25 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=109220
--- Comment #6 from Rouslan Solomakhin <rouslan+webkit at chromium.org> 2013-02-08 11:17:34 PST ---
(In reply to comment #5)
> It sounds like this is not a recent regression. Is it intentional that changing the selection can cause markers to be removed?
The comments in respondToChangedSelection() indicate that it re-checks spelling if the selection changed due to deletion. We are not deleting anything, so I am not sure why it is re-checking spelling.
> It seems like we should be able to make a regression test for this. Please upload a new patch (with explanation in the ChangeLog for the crash) once you've made a test.
Do we have address sanitizer in EWS? I am waiting for more detailed steps from the original bug reporter, because I have not been able to repro on my ASAN build. He says that the patch worked for him, though.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list