[Webkit-unassigned] [Bug 109220] [Chromium] Fix use after free in ContextMenuClientImpl.cpp
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Feb 18 08:50:16 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=109220
--- Comment #20 from Rouslan Solomakhin <rouslan+webkit at chromium.org> 2013-02-18 08:52:37 PST ---
(In reply to comment #16)
> (From update of attachment 188443 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=188443&action=review
>
> > Source/WebKit/chromium/src/ContextMenuClientImpl.cpp:315
> > + data.misspelledWord = selectMisspellingAsync(selectedFrame, marker);
>
> I wonder if we should ASSERT that the markersInRange are the same as before the selection was changed.
The rest of the spellcheck does not use ASSERT. I am worried that it will cause unnecessary crashes in an edge case that we do not foresee.
> > LayoutTests/editing/spelling/spelling-changed-text.html:16
> > + "To test manually, launch Chromium compiled with Address Sanitizer, enable 'Ask Google for Suggestions', type 'Spell cheher. Is it broken?', delete the words 'Is it broken?', and context-click on the word 'cheher'. " +
> > + "The test suceeds when the browser does not crash and shows suggestions in the context menu.");
>
> Nit: + goes on the following line before the second part of the string (like && and ||) and indent only 4 spaces.
Done.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list