[Webkit-unassigned] [Bug 224518] Editing null pointer dereference while resolving command
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 13 18:26:45 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=224518
--- Comment #3 from Ryosuke Niwa <rniwa at webkit.org> ---
Comment on attachment 425933
--> https://bugs.webkit.org/attachment.cgi?id=425933
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=425933&action=review
> Source/WebCore/editing/DeleteSelectionCommand.cpp:869
> + RefPtr<Node> node = makeRefPtr(m_endingPosition.containerNode());
> + RefPtr<Node> rootNode = makeRefPtr(node->rootEditableElement());
Use auto?
> Source/WebCore/editing/DeleteSelectionCommand.cpp:871
> + while (node && (node != rootNode)) {
We don't usually nest parentheses like this.
> Source/WebCore/editing/DeleteSelectionCommand.cpp:877
> - node = m_endingPosition.anchorNode();
> + node = makeRefPtr(m_endingPosition.anchorNode());
No need to call makeRefPtr since node is already of type RefPtr<Node>.
> Source/WebCore/editing/DeleteSelectionCommand.cpp:879
> - node = node->parentNode();
> + node = makeRefPtr(node->parentNode());
Ditto.
> LayoutTests/editing/execCommand/remove-node-during-command-crash.html:24
> + document.write('PASS')
Missing semicolon at the end.
Also, can we say that this test passes if WebKit doesn't crash?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210414/beb510d4/attachment.htm>
More information about the webkit-unassigned
mailing list