[Webkit-unassigned] [Bug 199224] Crash in WebCore::StyledMarkupAccumulator::traverseNodesForSerialization
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Aug 13 06:41:46 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=199224
--- Comment #13 from Carlos Garcia Campos <cgarcia at igalia.com> ---
Comment on attachment 406503
--> https://bugs.webkit.org/attachment.cgi?id=406503
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=406503&action=review
>> LayoutTests/editing/pasteboard/copy-across-shadow-boundaries-crash.html:2
>> +<body>
>
> Nit: you don't need those two. Simply use <!DOCTYPE html> and remove also the closing tags.
Does it matter?
>> Source/WebCore/editing/markup.cpp:671
>> + if (pastEnd && (isDescendantOf(*pastEnd, *n) || !next))
>
> Not sure if the !next check should be in a different if () block.
>
> For example what happens if !pastEnd and !next ? In theory we'd end up having n == nullptr in the next iteration leading to a crash, wouldn't we?
And what do we use then for next if pastEnd is also nullptr? I would need a test to understand that case, I'm afraid.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200813/7fd13058/attachment.htm>
More information about the webkit-unassigned
mailing list