RESOLVED FIXED 8145
REGRESSION: Pasting text from TextEdit with a bold word into text field results in crash 
https://bugs.webkit.org/show_bug.cgi?id=8145
Summary REGRESSION: Pasting text from TextEdit with a bold word into text field resul...
Mark Rowe (bdash)
Reported 2006-04-02 15:20:41 PDT
Steps to reproduce: 1) Open TextEdit 2) Type a few words of text 3) Select a word and make it bold 4) Copy all of the text 5) Open http://www.google.com/ and paste the text into the search field 6) <crash> The crash log is attached.
Attachments
Crash log. (21.65 KB, text/plain)
2006-04-02 15:22 PDT, Mark Rowe (bdash) 		no flags
Details
Rough patch (1.48 KB, patch)
2006-04-02 17:18 PDT, Mark Rowe (bdash) 		darin: review-
DetailsFormatted DiffDiff
patch, changelog and layout tests (23.70 KB, patch)
2006-04-06 16:13 PDT, Justin Garcia 		no flags
DetailsFormatted DiffDiff
patch, changelog and layout tests (23.89 KB, patch)
2006-04-06 16:20 PDT, Justin Garcia 		no flags
DetailsFormatted DiffDiff
patch, changelog and layout tests (23.94 KB, patch)
2006-04-06 21:08 PDT, Justin Garcia 		justin.garcia: review+
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1 2006-04-02 15:22:14 PDT
Created attachment 7470 [details] Crash log.
Darin Adler
Comment 2 2006-04-02 17:17:44 PDT
Crash happens because a node is nil. This happens because of this code in ReplaceSelectionCommand::doApply: 702 } else if (m_lastNodeInserted && !m_fragment.isBlockFlow(refNode)) { 703 Position pos = visiblePos.next().deepEquivalent().downstream(); 704 insertNodeAtAndUpdateNodesInserted(refNode, pos.node(), pos.offset()); visiblePos.next() is null.
Mark Rowe (bdash)
Comment 3 2006-04-02 17:18:13 PDT
Created attachment 7471 [details] Rough patch The patch simply adds a NULL check before the call to insertNodeAtAndUpdateNodesInserted. I don't really understand the code in question so I am in no way confident that it is the right fix, however it prevents the crash and doesn't appear to change any other behaviour.
Darin Adler
Comment 4 2006-04-02 17:56:21 PDT
Comment on attachment 7471 [details] Rough patch I believe this is wrong and will result in the pasted text not being inserted at all! The right thing is to find a way to insert after visiblePos instead of before visiblePos.next() in this case.
Darin Adler
Comment 5 2006-04-02 18:53:50 PDT
Justin should probably handle this one himself.
Mark Rowe (bdash)
Comment 6 2006-04-02 20:23:28 PDT
The pasted text is definitely inserted correctly with that patch, but I'm more than willing to let Justin handle this.
Maciej Stachowiak
Comment 7 2006-04-02 23:25:45 PDT
These are all text field regressions so they should all be P1.
Darin Adler
Comment 8 2006-04-04 09:19:19 PDT
*** Bug 8149 has been marked as a duplicate of this bug. ***
Darin Adler
Comment 9 2006-04-04 09:20:16 PDT
Same as <rdar://problem/4499431>.
Justin Garcia
Comment 10 2006-04-06 16:13:27 PDT
Created attachment 7545 [details] patch, changelog and layout tests
Justin Garcia
Comment 11 2006-04-06 16:20:37 PDT
Created attachment 7546 [details] patch, changelog and layout tests
Justin Garcia
Comment 12 2006-04-06 17:49:01 PDT
Comment on attachment 7546 [details] patch, changelog and layout tests dave reviewed this in person, and he's going to look it over and do a final review tonight.
Justin Garcia
Comment 13 2006-04-06 21:08:04 PDT
Created attachment 7552 [details] patch, changelog and layout tests One more revision of my changelog and code comments.
Justin Garcia
Comment 14 2006-04-07 10:59:54 PDT
Comment on attachment 7552 [details] patch, changelog and layout tests dave reviewed this
Note You need to log in before you can comment on or make changes to this bug.