Issue 4123: Chrome: Crash Report - Stack Signature: memcpy-B63CAA http://code.google.com/p/chromium/issues/detail?id=4123
Comment #3 by [EMAIL PROTECTED]: Looked at this with Brett some. To hit the crash we're seeing, it seems that: void TextIterator::emitText(Node *textNode, int textStartOffset, int textEndOffset) would need to be called with textNode equal to a valid text Node, but for which the renderer returns a null string (String(), where String().characters() == NULL). textStartOffset would also have to equal 2 (because we see us crashing at 0x0002) I'm not sure if it's possible to have a RenderText in the renderTree which contains a null string, but if it is, then it may be possible to hit this bug, since in the bool TextIterator::handleTextNode() case we don't necessarily check that !textNode->renderer()->text().isNull() I guess I would first "fix" this by adding an ASSERT to see if we could catch this. This isn't happening for 1.0 though. -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-bugs" group. To post to this group, send email to chromium-bugs@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/chromium-bugs?hl=en -~----------~----~----~----~------~----~------~--~---