| Summary: | Crash in TextManipulationController::replace | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Ryosuke Niwa <rniwa> | ||||
| Component: | HTML Editing | Assignee: | Ryosuke Niwa <rniwa> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | cdumez, ews-watchlist, megan_gardner, mifenton, wenson_hsieh | ||||
| Priority: | P2 | Keywords: | InRadar | ||||
| Version: | WebKit Nightly Build | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Attachments: |
|
||||||
|
Description
Ryosuke Niwa
2020-03-12 15:02:16 PDT
Created attachment 393421 [details]
Fixes the bug
Comment on attachment 393421 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=393421&action=review > Source/WebCore/editing/TextManipulationController.cpp:580 > + Position insertionPoint = positionBeforeNode(firstContentNode.get()).parentAnchoredEquivalent(); Is it possible `firstContentNode` is null here? That would lead to a debug assertion in positionBeforeNode. (Seems like the answer is no because we’d already bail in the early return above…?) Comment on attachment 393421 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=393421&action=review >> Source/WebCore/editing/TextManipulationController.cpp:580 >> + Position insertionPoint = positionBeforeNode(firstContentNode.get()).parentAnchoredEquivalent(); > > Is it possible `firstContentNode` is null here? That would lead to a debug assertion in positionBeforeNode. > > > (Seems like the answer is no because we’d already bail in the early return above…?) I don't think so because to get here, we must have had at least one token, which means we must have had at least one content node. Committed r258371: <https://trac.webkit.org/changeset/258371> |