[Webkit-unassigned] [Bug 106280] New: Crash on VisibleSelection::adjustSelectionToAvoidCrossingShadowBoundaries

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jan 7 17:31:43 PST 2013 

https://bugs.webkit.org/show_bug.cgi?id=106280

           Summary: Crash on
                    VisibleSelection::adjustSelectionToAvoidCrossingShadow
                    Boundaries
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML Editing
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: morrita at google.com
                CC: webcomponents-bugzilla at chromium.org
            Blocks: 72352


Upstreamed from https://crbug.com/168558

0x014cb988     [Google Chrome Framework]     - Node.cpp:460]    WebCore::Node::treeScope
0x01dd6316     [Google Chrome Framework]     - VisibleSelection.cpp:467]    WebCore::VisibleSelection::adjustSelectionToAvoidCrossingShadowBoundaries
0x01dd2d19     [Google Chrome Framework]     - VisibleSelection.cpp:418]    WebCore::VisibleSelection::validate
0x01dd364b     [Google Chrome Framework]     - VisibleSelection.cpp:124]    WebCore::VisibleSelection::setExtent
0x01ef52b2     [Google Chrome Framework]     - EventHandler.cpp:831]    WebCore::EventHandler::updateSelectionForMouseDrag
0x01ef4497     [Google Chrome Framework]     - EventHandler.cpp:724]    WebCore::EventHandler::handleMouseDraggedEvent
0x01ef7d19     [Google Chrome Framework]     - EventHandler.cpp:1817]    WebCore::EventHandler::handleMouseMoveEvent
0x01ef7685     [Google Chrome Framework]     - EventHandler.cpp:1686]    WebCore::EventHandler::mouseMoved
0x01402f68     [Google Chrome Framework]     - PageWidgetDelegate.cpp:197]    WebKit::PageWidgetEventHandler::handleMouseMove
0x01402e56     [Google Chrome Framework]     - PageWidgetDelegate.cpp:118]    WebKit::PageWidgetDelegate::handleInputEvent
0x0144a4bc     [Google Chrome Framework]     - WebViewImpl.cpp:1953]    WebKit::WebViewImpl::handleInputEvent
0x004e27c6     [Google Chrome Framework]     - render_widget.cc:573]    RenderWidget::OnHandleInputEvent
0x004e15a8     [Google Chrome Framework]     - ../ipc/ipc_message.h:170]    RenderWidget::OnMessageReceived
0x004aed61     [Google Chrome Framework]     - render_view_impl.cc:1061]    RenderViewImpl::OnMessageReceived
0x0118e57c     [Google Chrome Framework]     - message_router.cc:47]    MessageRouter::RouteMessage
0x0118e520     [Google Chrome Framework]     - message_router.cc:39]    MessageRouter::OnMessageReceived
0x01108b1b     [Google Chrome Framework]     - child_thread.cc:275]    ChildThread::OnMessageReceived
0x00e7b624     [Google Chrome Framework]     - ipc_channel_proxy.cc:261]    IPC::ChannelProxy::Context::OnDispatchMessage

My suspicion is that adjustPositionForEnd() or adjustPositionForStart() touches null node.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list