/[blink]
Chromium logo

Revision 171440


Jump to revision: Previous Next
Author: yosin@chromium.org
Date: Mon Apr 14 08:24:16 2014 UTC (9 years, 1 month ago)
Changed paths: 3
Log Message:
Avoid using cross RenderView selection rendering

This patch makes sure we pass |RenderObject| belong to RenderView in
|RenderView::setSelection|, which takes two |RenderObject|s for start and end of
selection, in |FrameSeleciton::updateAppearance|.

The bug is caused by |VisibleSelection::base| and |VisibleSelection::start|
are in different document, |base| points to IFRAME and |start| points |TextNode|
in IFRAME. This causes |RenderView|, which holds |RenderObject|s of selection
start points and end points, have dangling |RenderObject|'s. Because,
|RenderView| doesn't know destructed |RenderObject| belongs to another
|RenderView|.

BUG=356690
TEST=LayoutTests/undo/execCommand/crash-redo-with-iframes.html

Review URL: https://codereview.chromium.org/234463003

Changed paths

Path Details
Directorytrunk/LayoutTests/editing/undo/crash-redo-with-iframes-expected.txt added
Directorytrunk/LayoutTests/editing/undo/crash-redo-with-iframes.html added
Directorytrunk/Source/core/editing/FrameSelection.cpp modified , text changed

Properties

Name Value
commit-bot commit-bot@chromium.org

Powered by ViewVC 1.1.26 ViewVC Help