[Webkit-unassigned] [Bug 224836] Crash in StyledMarkupAccumulator::traverseNodesForSerialization()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 20 17:59:33 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=224836
--- Comment #2 from Ryosuke Niwa <rniwa at webkit.org> ---
Comment on attachment 426604
--> https://bugs.webkit.org/attachment.cgi?id=426604
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=426604&action=review
> Source/WebCore/editing/markup.cpp:713
> + bool aboutToGoPastEnd = pastEnd && isDescendantOf(*pastEnd, *n) && !next;
> + if (aboutToGoPastEnd)
This isn't quite right. When pastEnd && isDescendantOf(*pastEnd, *n) is true,
we want to set next regardless of whether next is null or not when enterNode returned false.
We currently don't hit this case because canonicalization of position
will mostly avoid that situation to arise but I don't think we want to rely on that.
The case we care about is when both of the above conditions were false.
In that case, we've entered a node and it has children so we don't want to skip them here.
So, we probably want to define a new boolean indicating condition like this:
bool didEnterNode = false;
if (!enterNode(*n))
next = nextSkippingChildren(*n);
else if (!hasChildNodes(*n))
exitNode(*n);
else
didEnterNode = true;
bool aboutToGoPastEnd = pastEnd && (isDescendantOf(*pastEnd, *n) || (!next && !didEnterNode));
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210421/f1049a14/attachment-0001.htm>
More information about the webkit-unassigned
mailing list