[Webkit-unassigned] [Bug 121694] Assertion failure in Range::nodeWillBeRemoved
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 13 08:54:05 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=121694
Ryosuke Niwa <rniwa at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #220625|review?, commit-queue? |review-, commit-queue-
Flag| |
--- Comment #2 from Ryosuke Niwa <rniwa at webkit.org> 2014-01-13 08:51:44 PST ---
(From update of attachment 220625)
View in context: https://bugs.webkit.org/attachment.cgi?id=220625&action=review
Were you able to reproduce the assertion failure in WebKit without the fix?
> Source/WebCore/ChangeLog:8
> + This patch changes Range::nodeWillBeRemoved() to accept remove node by replacing ASSERT to if-statement. Range::nodeWillBeRemoved() might be called with removed node, Node::parentNode() == nullptr, when DOMNodeRemovedFromDocument event handler calls removeChild(), directly or indirectly, for node being removed.
Please wrap the line somewhere.
> Source/WebCore/dom/Range.cpp:2092
> - ASSERT(node->parentNode());
> +
> + // FIXME: Once DOMNodeRemovedFromDocument mutation event removed, we
> + // should change following if-statement to ASSERT(!node->parentNode).
> + if (!node->parentNode())
> + return;
This is a wrong fix. The problem here is that we're calling child.document().nodeWillBeRemoved after the node had already been removed in willRemoveChild (ContainerNode.cpp).
What we need to do instead is for every call site of dispatchChildRemovalEvents to check whether the mutation events had removed the parent,
and avoid calling Document::nodeWillBeRemoved if they did.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list