[Webkit-unassigned] [Bug 225795] REGRESSION(r277425): Crash in FrameSelection::selectFrameElementInParentIfFullySelected
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri May 14 00:06:22 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=225795
--- Comment #5 from Frédéric Wang (:fredw) <fred.wang at free.fr> ---
(In reply to Fujii Hironori from comment #4)
> I can't reproduce this crash with Mac port and GTK port.
OK, that's not going to be easy to reproduce/debug for me then...
(In reply to Fujii Hironori from comment #0)
> > void FrameSelection::selectFrameElementInParentIfFullySelected()
> > {
> > // Find the parent frame; if there is none, then we have nothing to do.
> > Frame* parent = m_document->frame()->tree().parent();
>
> m_document->frame()->tree() returned null.
mmh, this is not a pointer and its lifetime is the same as Frame. Isn't the problem that m_document->frame() is nullptr? That would be more consistent with comment 1...
Do you hit a debug failure if you add
ASSERT(m_document->frame()); at
https://webkit-search.igalia.com/webkit/rev/62e5b564774e1365c69e8a92909b0c6e340a27b9/Source/WebCore/editing/FrameSelection.cpp#379
?
If so, what are the values of the selection* booleans? And what about m_document/newSelection.document()/newSelection.document()->frame()?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210514/c30d3a9b/attachment.htm>
More information about the webkit-unassigned
mailing list