[Webkit-unassigned] [Bug 225795] REGRESSION(r277425): Crash in FrameSelection::selectFrameElementInParentIfFullySelected
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri May 14 00:32:18 PDT 2021
https://bugs.webkit.org/show_bug.cgi?id=225795
--- Comment #6 from Fujii Hironori <Hironori.Fujii at sony.com> ---
(In reply to Frédéric Wang (:fredw) from comment #5)
> (In reply to Fujii Hironori from comment #0)
> > > void FrameSelection::selectFrameElementInParentIfFullySelected()
> > > {
> > > // Find the parent frame; if there is none, then we have nothing to do.
> > > Frame* parent = m_document->frame()->tree().parent();
> >
> > m_document->frame()->tree() returned null.
>
> mmh, this is not a pointer and its lifetime is the same as Frame. Isn't the
> problem that m_document->frame() is nullptr? That would be more consistent
> with comment 1...
Yes, m_document->frame() was nullptr.
> Do you hit a debug failure if you add
>
> ASSERT(m_document->frame()); at
>
> https://webkit-search.igalia.com/webkit/rev/
> 62e5b564774e1365c69e8a92909b0c6e340a27b9/Source/WebCore/editing/
> FrameSelection.cpp#379
>
> ?
Yes, it hit.
> If so, what are the values of the selection* booleans? And what about
> m_document/newSelection.document()/newSelection.document()->frame()?
selection* booleans were all false.
m_document were non-null.
m_anchor, m_focus and m_base of newSelection were empty.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210514/a63b19ae/attachment.htm>
More information about the webkit-unassigned
mailing list