[Webkit-unassigned] [Bug 137902] REGRESSION (r165385): Crash when text area exceeded
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Dec 17 17:57:08 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=137902
--- Comment #4 from Darin Adler <darin at apple.com> ---
Comment on attachment 243466
--> https://bugs.webkit.org/attachment.cgi?id=243466
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=243466&action=review
>> Source/WebCore/editing/TextIterator.cpp:1473
>> + return nullptr;
>
> This should be if (it.atEnd()) return nullptr; *before* calling it.range().
I think we might also need to check if (it.atEnd()) before calling it.advance()?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141218/355959dd/attachment-0002.html>
More information about the webkit-unassigned
mailing list