delta/qt5/qtwebkit.git - code.qt.io: qt/qtwebkit.git

diff options

author	Ryosuke Niwa <rniwa@webkit.org>	2014-03-10 14:34:32 +0100
committer	The Qt Project <gerrit-noreply@qt-project.org>	2014-03-10 15:03:08 +0100
commit	ca53d4d38524fb765a6e4095d5d0ad4563c2a209 (patch)
tree	07b3bee4cff8e60b65b8d7438faeb02f18f1e2d3 /Source/JavaScriptCore/API/JSStringRefQt.cpp
parent	170372f09df04c19eb281cecd1550d6b2d297f3b (diff)
download	qtwebkit-ca53d4d38524fb765a6e4095d5d0ad4563c2a209.tar.gz

Assertion failure in Range::processContentsBetweenOffsets

https://bugs.webkit.org/show_bug.cgi?id=122777 Reviewed by Darin Adler. Source/WebCore: Merge https://chromium.googlesource.com/chromium/blink/+/c15de182774c7859c20d97126eb844ae97b792a4 This patch changes ASSERT statements for checking |endOffset| inbound in Range::processContentsBetweenOffsets() to limit |endOffset|. This is necessary when DOMNodeRemovedFromDocument event handler splits text nodes, Range::insertNode() on text node, in the range calling Range::deleteContents(). Test: fast/dom/Range/range-delete-contents-mutation-event-crash.html * dom/Range.cpp: (WebCore::Range::processContentsBetweenOffsets): Change-Id: Ibafd4e42cfc50b0a386f31a0c1b49072cdb220d5 git-svn-id: http://svn.webkit.org/repository/webkit/trunk@157431 268f45cc-cd09-0410-ab3c-d52691b4dbfc Reviewed-by: Michael Bruning <michael.bruning@digia.com>

Diffstat (limited to 'Source/JavaScriptCore/API/JSStringRefQt.cpp')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: