[Webkit-unassigned] [Bug 222620] Nullptr crash in Node::isTextNode() via ApplyBlockElementCommand::endOfNextParagraphSplittingTextNodesIfNeeded

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Mar 5 16:30:05 PST 2021 

https://bugs.webkit.org/show_bug.cgi?id=222620

--- Comment #9 from Ryosuke Niwa <rniwa at webkit.org> ---
Comment on attachment 422449
  --> https://bugs.webkit.org/attachment.cgi?id=422449
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=422449&action=review

> Source/WebCore/ChangeLog:7
> +        In function ApplyBlockElementCommand::endOfNextParagraphSplittingTextNodes(..) there is a 
> +        null check missing when using the previous silbing call which is causing the crash.
> +        the return from previousSiblingOfText.
> +
> +        https://bugs.webkit.org/show_bug.cgi?id=222620

This is not the right format. See other entries in the change log.
The line above bugzilla URL should match bug's title, and this description should appear below "reviewed by ~" line below.

> LayoutTests/ChangeLog:6
> +        In function ApplyBlockElementCommand::endOfNextParagraphSplittingTextNodes(..) there is a 
> +        null check missing when using the previous silbing call which is causing the crash.
> +        the return from previousSiblingOfText.
> +
> +        https://bugs.webkit.org/show_bug.cgi?id=222620

Ditto. We should be saying something like "Adding a regression test" instead.

> LayoutTests/ChangeLog:11
> +        * editing/inserting/scrollingelement-indent-crash-expected.txt: Added.
> +        * editing/inserting/scrollingelement-indent-crash.html: Added.

This is nothing to do with scrolling element. It's about the text node not having a previous sibling.
Probably something like: indent-split-text-not-having-previous-sibling-crash.html or something like that.

> LayoutTests/editing/inserting/scrollingelement-indent-crash.html:3
> +.class8,input:required,#x12:read-only { white-space: pre-line;-webkit-text-stroke: 100%;-webkit-user-modify: read-only;contain: }

We should reduce this test case further.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210306/12ed6f21/attachment.htm>

More information about the webkit-unassigned mailing list