[Webkit-unassigned] [Bug 137902] REGRESSION (r165385): Crash when text area exceeded
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Dec 17 18:19:04 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=137902
--- Comment #6 from Enrica Casucci <enrica at apple.com> ---
(In reply to comment #3)
> Comment on attachment 243466 [details]
> Patch
>
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=243466&action=review
>
> > Source/WebCore/editing/TextIterator.cpp:1098
> > - ASSERT(!atEnd());
> > + if (atEnd())
> > + return nullptr;
>
> It’s the caller’s responsibility to check atEnd(). This is a design change.
> I don’t think we should change the design of TextIterator. Instead we should
> fix the caller that is not checking atEnd(). In fact, I think this function
> should return Ref<Range> and not PassRefPtr<Range> in the future.
Ok, I understand now. I'll change it.
>
> > Source/WebCore/editing/TextIterator.cpp:1389
> > - ASSERT(!atEnd());
> > + if (atEnd())
> > + return nullptr;
>
> Ditto.
>
> > Source/WebCore/editing/TextIterator.cpp:1473
> > + if (!start)
> > + return nullptr;
>
> This should be if (it.atEnd()) return nullptr; *before* calling it.range().
>
> > Source/WebCore/editing/TextIterator.cpp:1479
> > + if (!end)
> > + return nullptr;
>
> Ditto.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141218/461ecf87/attachment-0002.html>
More information about the webkit-unassigned
mailing list