[Webkit-unassigned] [Bug 193027] New: null pointer crash in webcore::CompositeEditCommand::moveParagraphs
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Dec 24 20:28:34 PST 2018
https://bugs.webkit.org/show_bug.cgi?id=193027
Bug ID: 193027
Summary: null pointer crash in
webcore::CompositeEditCommand::moveParagraphs
Product: WebKit
Version: WebKit Nightly Build
Hardware: PC
OS: macOS 10.13
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore Misc.
Assignee: webkit-unassigned at lists.webkit.org
Reporter: hellowuzekai at gmail.com
Created attachment 358052
--> https://bugs.webkit.org/attachment.cgi?id=358052&action=review
a html file to trigger this bug
In webcore::CompositeEditCommand::moveParagraphs function
auto editableRoot = destination.rootEditableElement();
...
Element* rootEditableElement() const { return m_deepPosition.isNotNull() ? m_deepPosition.deprecatedNode()->rootEditableElement() : 0; }
It set the editableRoot to null.
And then
RefPtr<Range> startToDestinationRange(Range::create(document(), firstPositionInNode(editableRoot), destination.deepEquivalent().parentAnchoredEquivalent()));
firstPositionInNode(editableRoot) will trigger a null pointer crash.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181225/3e2a1165/attachment.html>
More information about the webkit-unassigned
mailing list