[Webkit-unassigned] [Bug 127424] Crashes in setTextForIterator
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 22 10:50:10 PST 2014
https://bugs.webkit.org/show_bug.cgi?id=127424
--- Comment #10 from peavo at outlook.com 2014-01-22 10:47:40 PST ---
(In reply to comment #9)
> Thank you for tracking down the cause of this problem. After talking your patch over with a couple of the other people on the team, I *think* the correct solution is to remove the "+1" from the various places where UTextWithBufferInlineCapacity is used.
>
> Note also that this method:
> static UText* uTextLatin1Clone(UText* destination, const UText* source, UBool deep, UErrorCode* status)
>
> calls utext_setup with a +1, unlike all other uses of utext_setup in the code base.
>
> Looks like you found a nasty little off-by-one we've been living with for some time!
Thanks for looking into this :) Will update the patch.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list