2009-04-24  Eric Roman  <eroman@chromium.org>

        Reviewed by Darin Adler.

        Initialize TextIterator::m_textLength to 0.

        This assures that TextIterator::length() will return 0 for cases when TextIterator's constructor returns early (because there is nothing to iterate over in the range).

        <https://bugs.webkit.org/show_bug.cgi?id=25335>

        Test: editing/selection/doubleclick-whitespace-img-crash.html

        * editing/TextIterator.cpp:
        (WebCore::TextIterator::TextIterator):

LayoutTests:

2009-04-24  Eric Roman  <eroman@chromium.org>

        Reviewed by Darin Adler.

        Add a test for <https://bugs.webkit.org/show_bug.cgi?id=25335>.

        To pass, this test must not access invalid memory when run (won't necessarily manifest as a crash for failures).

        * editing/selection/doubleclick-whitespace-img-crash-expected.txt: Added.
        * editing/selection/doubleclick-whitespace-img-crash.html: Added.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@42831 268f45cc-cd09-0410-ab3c-d52691b4dbfc