On Apr 21, 2012, at 9:45 AM, Antti Koivisto wrote: > Sat, Apr 21, 2012 at 8:13 AM, John Yani <van...@gmail.com> wrote: > 2316 if (selector->relation() != CSSSelector::SubSelector) > 2317 break; > 2318 selector = selector->tagHistory(); > 2319 }; > > Now selector is null and we are trying to call tagHistory(): > > This is not possible. If selector->relation() == CSSSelector::SubSelector > then there will always be a subselector in tagHistory. > > 2321 for (selector = selector->tagHistory(); selector; selector = > > Which will result in segfault. > > That would indicate a serious bug in CSS parser. The crash would allow us to > catch and fix the bug. Now the bug is hidden. We have also lost some > documentation (in form of code) on how our data structures look like. The > only sensible change here would have been ASSERT(selector) for documentation > purposes.
Or change the first loop to while(true) instead of while(selector) to make clear that it can't actually exit with selector being null. - Maciej
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo.cgi/webkit-dev
