RESOLVED FIXED10141
REGRESSION: Semi-reproducible crash inserting text in textarea in StringImpl::operator[](int) 
https://bugs.webkit.org/show_bug.cgi?id=10141
Summary REGRESSION: Semi-reproducible crash inserting text in textarea in StringImpl:...
David Kilzer (:ddkilzer)
Reported 2006-07-28 06:03:59 PDT
While editing a bug comment, I inserted some text into a textarea and WebKit crashed. Will attach the crash log next. Haven't figured out how to reproduce this yet. Happened on a locally-built debug build of WebKit r15648.
Attachments
Crash log (25.89 KB, text/plain)
2006-07-28 06:04 PDT, David Kilzer (:ddkilzer) 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2006-07-28 06:04:49 PDT
Created attachment 9737 [details] Crash log
David Kilzer (:ddkilzer)
Comment 2 2006-07-28 10:30:31 PDT
I'm pretty sure I was editing a reply to Bug 8278 Comment #5 as I was doing with Bug 10143 and Bug 10144. What I remember doing (roughly; these steps ARE NOT exact enough to reproduce the bug): 1. Hit "[reply]" link on Bug 8278 Comment #5. 2. Deleted "> " between the two paragraphs, then hit Enter a couple times to make three blank lines between the two quoted paragraphs. 3. Typed one sentence on the middle (second) of the three blank lines. The sentence wrapped to the next line on a rather large word (don't remember what it was; probalby 15-20 characters). 4. Used the mouse to place the cursor in the middle of the first line of the sentence to add more verbage, and when I went to type, Safari crashed with the attached crash log. I'll try to reproduce this tonight. I think what we really need is a "fuzzer" for textarea text editing that can generate random test scripts, then run them through Safari until it crashes or hangs. :)
David Kilzer (:ddkilzer)
Comment 3 2006-07-29 04:06:14 PDT
This bug is semi-reproducible, although after following the steps below this particular behavior probably only happens 1 in 10 times. It relies on the behavior from Bug 10143, which may be suspect in the first place. This bug may become unreproducible if Bug 10143 is fixed. Steps to reproduce: 1. Follow steps from Bug 10143 Comment #0: a. Open Bug 8278. b. Click "[reply]" link on Bug 8278 Comment #5. c. Put cursor on "blank" line between two paragraphs. d. Hit Delete key twice. 2. Use the mouse to place the cursor to the left of the greater-than character (">") on last line with a greater-than character (">"). 3. Holding the Shift key down, arrow down twice. This should highlight the entire last two lines in the textarea. 4. Hit the Delete key. 5. Use the mouse to place the cursor on the first of two blank lines (the top blank line) between the quoted paragraphs. 6. Hit Enter. Expected results: A blank line is added between the two quoted paragraphs. Actual results: One of the following: - A blank line is inserted with no crash or hang (expected resutls!). - A hang occurs (Bug 10148). - A crash occurs (this bug or a different crash). Note that if the expect results occur, do the following: A. Select all text in the textarea. B. Hit Delete. C. Start from Step 1b above. Regression: This does not occur on production Safari 2.0.4 (419.3) on Mac OS X 10.4.7 (8J135/PowerPC).
David Kilzer (:ddkilzer)
Comment 4 2007-01-26 16:24:23 PST
With Bug 10143 fixed, I don't see any "strange" behavior when following the steps in Comment #3, so I'm closing this as RESOLVED/FIXED.
Note You need to log in before you can comment on or make changes to this bug.