VERIFIED FIXED 4025
Reproducible crash (infinite recursion?) choosing Make Link from text field's contextual menu 
https://bugs.webkit.org/show_bug.cgi?id=4025
Summary Reproducible crash (infinite recursion?) choosing Make Link from text field's...
mitz
Reported 2005-07-16 00:24:17 PDT
Safari crashes when you choose Make Link from a text field's contextual menu (the selected text in the field must be a URL). To reproduce: open testcase, select all text in the text field, control-click the selected text and choose Make Link from the contextual menu. Backtrace: Thread 0 Crashed: 0 com.apple.Foundation 0x92871570 -[NSInvocation getArgument:atIndex:] + 24 1 com.apple.Foundation 0x928786b4 -[NSInvocation invoke] + 60 2 com.apple.Foundation 0x92878fd8 -[NSInvocation invokeWithTarget:] + 64 3 com.apple.Foundation 0x92870dd4 -[NSObject(NSForwardInvocation) forward::] + 408 4 libobjc.A.dylib 0x909b20d0 _objc_msgForward + 176 5 com.apple.WebKit 0x959d56e0 -[WebView(WebViewEditing) undoManager] + 52 6 com.apple.AppKit 0x936f9bf8 -[NSTextView _getUndoManager:] + 208 7 com.apple.AppKit 0x936f9a64 -[NSTextView undoManager] + 40 8 com.apple.AppKit 0x93710e78 -[NSTextView(NSSharing) shouldChangeTextInRanges:replacementStrings:] + 312 9 com.apple.AppKit 0x93710d2c -[NSTextView(NSSharing) shouldChangeTextInRange:replacementString:] + 120 10 com.apple.WebCore 0x95d2d908 -[KWQTextFieldController textView:shouldChangeTextInRange:replacementString:] + 176 11 com.apple.WebCore 0x95d2dad0 -[KWQTextField textView:shouldChangeTextInRange:replacementString:] + 88 12 com.apple.AppKit 0x93711110 -[NSTextView(NSSharing) shouldChangeTextInRanges:replacementStrings:] + 976 13 com.apple.AppKit 0x93710d2c -[NSTextView(NSSharing) shouldChangeTextInRange:replacementString:] + 120 14 com.apple.WebCore 0x95d2d908 -[KWQTextFieldController textView:shouldChangeTextInRange:replacementString:] + 176 15 com.apple.WebCore 0x95d2dad0 -[KWQTextField textView:shouldChangeTextInRange:replacementString:] + 88 16 com.apple.AppKit 0x93711110 -[NSTextView(NSSharing) shouldChangeTextInRanges:replacementStrings:] + 976 17 com.apple.AppKit 0x93710d2c -[NSTextView(NSSharing) shouldChangeTextInRange:replacementString:] + 120 18 com.apple.WebCore 0x95d2d908 -[KWQTextFieldController textView:shouldChangeTextInRange:replacementString:] + 176 19 com.apple.WebCore 0x95d2dad0 -[KWQTextField textView:shouldChangeTextInRange:replacementString:] + 88 and so on for another 500 stack frames...
Attachments
Testcase (353 bytes, text/html)
2005-07-16 00:27 PDT, mitz 		no flags
Details
check for nil to avoid the infinite recursion (682 bytes, patch)
2005-09-04 13:36 PDT, Darin Adler 		sullivan: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
mitz
Comment 1 2005-07-16 00:27:14 PDT
Created attachment 2987 [details] Testcase
Mark Rowe (bdash)
Comment 2 2005-07-29 00:33:04 PDT
I can reproduce this with ToT WebKit by following the given instructions.
Darin Adler
Comment 3 2005-09-04 13:30:43 PDT
The problem here is that the replacement string is nil in -[KWQTextFieldController textView:shouldChangeTextInRange:replacementString:]. That method calls -[NSString rangeOfCharacterFromSet:], which returns a random value when passed nil (as does any method that returns a structure). The fix is to check for nil.
Darin Adler
Comment 4 2005-09-04 13:31:26 PDT
It's also a bug that Make Link shows up at all. This is a plain text field, so Make Link should not be there. But that won't be covered by this bug report.
Darin Adler
Comment 5 2005-09-04 13:36:10 PDT
Created attachment 3762 [details] check for nil to avoid the infinite recursion
mitz
Comment 6 2005-09-05 11:29:16 PDT
Added bug 4856 about "Make Link" being in the contextual menu in the first place.
Note You need to log in before you can comment on or make changes to this bug.