[Webkit-unassigned] [Bug 226398] Crash in HTMLConverter::_addLinkForElement()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jun 2 17:44:49 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=226398
--- Comment #8 from Ryosuke Niwa <rniwa at webkit.org> ---
Comment on attachment 430412
--> https://bugs.webkit.org/attachment.cgi?id=430412
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=430412&action=review
> Source/WebCore/editing/cocoa/HTMLConverter.mm:2218
> - _exitElement(element, depth, startIndex);
> + _exitElement(element, depth, [_attrStr length]);
Oh, this isn't quite right. startIndex is named so because we're adding more stuff to _attrStr.
What's wrong with the existing code is that startIndex can be less than [_attrStr length].
So I think we need to use std::min(startIndex, [_attrStr length]) here.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210603/23f1ca08/attachment.htm>
More information about the webkit-unassigned
mailing list