diff options
| author | finnur@google.com <finnur@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-02-03 22:49:26 +0000 |
|---|---|---|
| committer | finnur@google.com <finnur@google.com@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-02-03 22:49:26 +0000 |
| commit | c88620903fab9c32cb64b271b97b1fcd01bf820d (patch) | |
| tree | 0f70978b36107aded57ed910c76e7b2056f881ac | |
| parent | ce39c457611011707abc11a63ff8f91046ded031 (diff) | |
| download | chromium_src-c88620903fab9c32cb64b271b97b1fcd01bf820d.zip chromium_src-c88620903fab9c32cb64b271b97b1fcd01bf820d.tar.gz chromium_src-c88620903fab9c32cb64b271b97b1fcd01bf820d.tar.bz2 | |
Fix a crash where we would try to add a
DocumentMarker with the same start- and endOffset,
which AddMarker in WebKit will ignore. As a result,
our marker vector is empty and we try to access
the element with index -1.
Also added a check to avoid a NOTREACHED in debug
build, which can happen under normal circumstances
(when you navigate away from a page when a search
is in progress).
BUG=http://crbug.com/7250
TEST=We don't have reproduction steps for the
crash but if we stop seeing this on our crash
server we'll know that it is fixed.
Review URL: http://codereview.chromium.org/20028
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@9105 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | webkit/glue/webframe_impl.cc | 33 |
1 files changed, 18 insertions, 15 deletions
diff --git a/webkit/glue/webframe_impl.cc b/webkit/glue/webframe_impl.cc index 7cd10d6..b42b92b 100644 --- a/webkit/glue/webframe_impl.cc +++ b/webkit/glue/webframe_impl.cc @@ -957,20 +957,22 @@ void WebFrameImpl::AddMarker(WebCore::Range* range) { textPiece->endOffset(exception), "" }; - // Find the node to add a marker to and add it. - Node* node = textPiece->startContainer(exception); - frame()->document()->addMarker(node, marker); - - // Rendered rects for markers in WebKit are not populated until each time - // the markers are painted. However, we need it to happen sooner, because - // the whole purpose of tickmarks on the scrollbar is to show where matches - // off-screen are (that haven't been painted yet). - Vector<WebCore::DocumentMarker> markers = - frame()->document()->markersForNode(node); - frame()->document()->setRenderedRectForMarker( - textPiece->startContainer(exception), - markers[markers.size() - 1], - range->boundingBox()); + if (marker.endOffset > marker.startOffset) { + // Find the node to add a marker to and add it. + Node* node = textPiece->startContainer(exception); + frame()->document()->addMarker(node, marker); + + // Rendered rects for markers in WebKit are not populated until each time + // the markers are painted. However, we need it to happen sooner, because + // the whole purpose of tickmarks on the scrollbar is to show where + // matches off-screen are (that haven't been painted yet). + Vector<WebCore::DocumentMarker> markers = + frame()->document()->markersForNode(node); + frame()->document()->setRenderedRectForMarker( + textPiece->startContainer(exception), + markers[markers.size() - 1], + range->boundingBox()); + } } } @@ -1019,7 +1021,8 @@ void WebFrameImpl::ScopeStringMatches(FindInPageRequest request, resume_scoping_from_range_->startOffset(ec2) + 1, ec); if (ec != 0 || ec2 != 0) { - NOTREACHED(); + if (ec2 != 0) // A non-zero |ec| happens when navigating during search. + NOTREACHED(); return; } } |