[Webkit-unassigned] [Bug 161947] null m_lastNodeInserted dereference at ReplaceSelectionCommand::InsertedNodes::lastLeafInserted

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Sep 13 23:34:25 PDT 2016


https://bugs.webkit.org/show_bug.cgi?id=161947

Fujii Hironori <Hironori.Fujii at sony.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
            Summary|[GTK] SIGSEGV at            |null m_lastNodeInserted
                   |WebCore::Node::lastDescenda |dereference at
                   |nt in                       |ReplaceSelectionCommand::In
                   |editing/inserting/insert-ta |sertedNodes::lastLeafInsert
                   |ble-in-paragraph-crash.html |ed
          Component|WebKit Gtk                  |HTML Editing

--- Comment #2 from Fujii Hironori <Hironori.Fujii at sony.com> ---
m_lastNodeInserted was null at ReplaceSelectionCommand::InsertedNodes::lastLeafInserted.

I've confirmed this problem happens even in debug build of Gtk port If I apply following patch, 

> --- a/Source/WebCore/editing/ReplaceSelectionCommand.h
> +++ b/Source/WebCore/editing/ReplaceSelectionCommand.h
> @@ -68,7 +68,10 @@ private:
>          void didReplaceNode(Node*, Node* newNode);
>  
>          Node* firstNodeInserted() const { return m_firstNodeInserted.get(); }
> -        Node* lastLeafInserted() const { return m_lastNodeInserted->lastDescendant(); }
> +        Node* lastLeafInserted() const {
> +            ASSERT(m_lastNodeInserted);
> +            return m_lastNodeInserted->lastDescendant();
> +        }
>          Node* pastLastLeaf() const
>          {
>              if (m_lastNodeInserted) {

This bug doesn't seem Gtk port specific.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160914/fb57e000/attachment.html>


More information about the webkit-unassigned mailing list