138023 2014-10-23 14:38:08 -0700 WebContent crash in WebKit::WebPage::expandedRangeFromHandle 2014-12-17 09:45:21 -0800 1 1 1 Unclassified WebKit WebKit2 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 rniwa rniwa barraclough darin ddkilzer enrica sam oldest_to_newest 1043836 0 rniwa 2014-10-23 14:38:08 -0700 Continuing the bug 136969. There are more nullptr checks to be added here: Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed: 0 WebKit 0x0000000187596328 WebKit::WebPage::expandedRangeFromHandle(WebCore::Range*, WebKit::SelectionHandlePosition) + 576 (Ref.h:60) 1 WebKit 0x0000000187596318 WebKit::WebPage::expandedRangeFromHandle(WebCore::Range*, WebKit::SelectionHandlePosition) + 560 (WebPageIOS.mm:1140) 2 WebKit 0x0000000187597084 WebKit::WebPage::computeExpandAndShrinkThresholdsForHandle(WebCore::IntPoint const&, WebKit::SelectionHandlePosition, float&, float&) + 132 (WebPageIOS.mm:1330) 3 WebKit 0x000000018759750c WebKit::WebPage::updateBlockSelectionWithTouch(WebCore::IntPoint const&, unsigned int, unsigned int) + 160 (WebPageIOS.mm:1430) 4 WebKit 0x0000000187693ca0 void IPC::handleMessage<Messages::WebPage::UpdateBlockSelectionWithTouch, WebKit::WebPage, void (WebKit::WebPage::*)(WebCore::IntPoint const&, unsigned int, unsigned int)>(IPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebCore::IntPoint const&, unsigned int, unsigned int)) + 72 (HandleMessage.h:16) 5 WebKit 0x0000000187690f6c WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection*, IPC::MessageDecoder&) + 2556 (WebPageMessageReceiver.cpp:267) 6 WebKit 0x00000001875c4b74 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection*, IPC::MessageDecoder&) + 116 (MessageReceiverMap.cpp:87) 7 WebKit 0x00000001876ce954 WebKit::WebProcess::didReceiveMessage(IPC::Connection*, IPC::MessageDecoder&) + 36 (WebProcess.cpp:595) 8 WebKit 0x0000000187551590 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 124 (Connection.cpp:809) 9 WebKit 0x000000018755353c IPC::Connection::dispatchOneMessage() + 116 (Connection.cpp:856) 10 JavaScriptCore 0x0000000183c9a088 WTF::RunLoop::performWork() + 800 11 JavaScriptCore 0x0000000183c9a558 WTF::RunLoop::performWork(void*) + 36 12 CoreFoundation 0x00000001823b57c4 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 20 (CFRunLoop.c:1763) 13 CoreFoundation 0x00000001823b4a68 __CFRunLoopDoSources0 + 260 (CFRunLoop.c:1809) 14 CoreFoundation 0x00000001823b2b18 __CFRunLoopRun + 708 (CFRunLoop.c:2526) 15 CoreFoundation 0x00000001822e13e0 CFRunLoopRunSpecific + 392 (CFRunLoop.c:2795) 16 Foundation 0x00000001831e6100 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 312 (NSRunLoop.m:366) 17 Foundation 0x00000001832407d4 -[NSRunLoop(NSRunLoop) run] + 92 (NSRunLoop.m:388) 18 libxpc.dylib 0x00000001937fc34c _xpc_objc_main + 704 (main.m:172) 19 libxpc.dylib 0x00000001937fe070 xpc_main + 196 (init.c:1434) 20 com.apple.WebKit.WebContent 0x0000000100077a7c main + 16 (XPCServiceMain.mm:77) 21 libdyld.dylib 0x0000000193616a04 start + 0 (start_glue.s:78) 1043839 1 240368 rniwa 2014-10-23 14:46:19 -0700 Created attachment 240368 Fixes the crash 1043841 2 rniwa 2014-10-23 14:51:03 -0700 Committed r175143: <http://trac.webkit.org/changeset/175143> 1044359 3 enrica 2014-10-27 17:00:49 -0700 There is still one case that needs to be covered. 1044360 4 240512 enrica 2014-10-27 17:06:27 -0700 Created attachment 240512 Additional fix 1044361 5 240512 cdumez 2014-10-27 17:19:05 -0700 Comment on attachment 240512 Additional fix View in context: https://bugs.webkit.org/attachment.cgi?id=240512&action=review > Source/WebKit2/ChangeLog:9 > + We must change that we have a valid currentRange before trying nit: s/change/check 1044368 6 enrica 2014-10-27 17:39:06 -0700 Committed revision 175235. 1044385 7 240512 simon.fraser 2014-10-27 19:22:20 -0700 Comment on attachment 240512 Additional fix Do we know how all these nulls can happen? It's pretty easy to reproduce. 1056349 8 ddkilzer 2014-12-17 09:45:21 -0800 <rdar://problem/18692335> 240368 2014-10-23 14:46:19 -0700 2014-10-23 14:48:01 -0700 Fixes the crash bug-138023-20141023144738.patch text/plain 2854 rniwa SW5kZXg6IFNvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi S2l0Mi9DaGFuZ2VMb2cJKHJldmlzaW9uIDE3NTE0MikKKysrIFNvdXJjZS9XZWJLaXQyL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDIwIEBACisyMDE0LTEwLTIzICBSeW9zdWtl IE5pd2EgIDxybml3YUB3ZWJraXQub3JnPgorCisgICAgICAgIFdlYkNvbnRlbnQgY3Jhc2ggaW4g V2ViS2l0OjpXZWJQYWdlOjpleHBhbmRlZFJhbmdlRnJvbUhhbmRsZQorICAgICAgICBodHRwczov L2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTM4MDIzCisKKyAgICAgICAgUmV2aWV3 ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgVGhlIGNyYXNoZXMgYXJlIGNhdXNlZCBi eSByYW5nZUZvckJsb2NrQXRQb2ludCByZXR1cm5pbmcgYSBudWxsIFJhbmdlLgorICAgICAgICBF eGl0IGVhcmx5IG9yIGNvbnRpbnVlIGlmIGEgcmFuZ2UgaXMgbnVsbCBpbiB2YXJpb3VzIHBsYWNl cy4KKworICAgICAgICAqIFdlYlByb2Nlc3MvV2ViUGFnZS9pb3MvV2ViUGFnZUlPUy5tbToKKyAg ICAgICAgKFdlYktpdDo6V2ViUGFnZTo6ZXhwYW5kZWRSYW5nZUZyb21IYW5kbGUpOiBDb250aW51 ZSBsb29raW5nIGZvciBhbm90aGVyIHBvaW50IGlmIHRoZSByYW5nZSByZXR1cm5lZCBieQorICAg ICAgICByYW5nZUZvckJsb2NrQXRQb2ludCBpcyBudWxsLgorICAgICAgICAoV2ViS2l0OjpXZWJQ YWdlOjpjb250cmFjdGVkUmFuZ2VGcm9tSGFuZGxlKTogRGl0dG8uCisgICAgICAgIChXZWJLaXQ6 OldlYlBhZ2U6OmNvbXB1dGVFeHBhbmRBbmRTaHJpbmtUaHJlc2hvbGRzRm9ySGFuZGxlKTogUmVt b3ZlZCB0aGUgRklYTUUgbm93IHRoYXQgRW5yaWNhIGhhcworICAgICAgICB2ZXJpZmllZCB0aGF0 IHRoaXMgZWFybHkgZXhpdCBhZGRlZCBpbiByMTczNzg4IGlzIGNvcnJlY3QuCisKIDIwMTQtMTAt MjMgIEpvc2VwaCBQZWNvcmFybyAgPHBlY29yYXJvQGFwcGxlLmNvbT4KIAogICAgICAgICBbaU9T XSBpUGhvbmUgdW5zZWxlY3RpbmcgaXRlbXMgaW4gPHNlbGVjdCBtdWx0aXBsZT4gc2hvd3MgaW5j b3JyZWN0IHZhbHVlcyBzZWxlY3RlZApJbmRleDogU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9X ZWJQYWdlL2lvcy9XZWJQYWdlSU9TLm1tCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJLaXQyL1dl YlByb2Nlc3MvV2ViUGFnZS9pb3MvV2ViUGFnZUlPUy5tbQkocmV2aXNpb24gMTc0NzExKQorKysg U291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9XZWJQYWdlL2lvcy9XZWJQYWdlSU9TLm1tCSh3b3Jr aW5nIGNvcHkpCkBAIC0xMTM5LDcgKzExMzksNyBAQCBQYXNzUmVmUHRyPFJhbmdlPiBXZWJQYWdl OjpleHBhbmRlZFJhbmdlCiAKICAgICAgICAgUmVmUHRyPFJhbmdlPiBuZXdSYW5nZTsKICAgICAg ICAgUmVmUHRyPFJhbmdlPiByYW5nZUF0UG9zaXRpb24gPSByYW5nZUZvckJsb2NrQXRQb2ludCh0 ZXN0UG9pbnQpOwotICAgICAgICBpZiAoJmN1cnJlbnRSYW5nZS0+b3duZXJEb2N1bWVudCgpICE9 ICZyYW5nZUF0UG9zaXRpb24tPm93bmVyRG9jdW1lbnQoKSkKKyAgICAgICAgaWYgKCFyYW5nZUF0 UG9zaXRpb24gfHwgJmN1cnJlbnRSYW5nZS0+b3duZXJEb2N1bWVudCgpICE9ICZyYW5nZUF0UG9z aXRpb24tPm93bmVyRG9jdW1lbnQoKSkKICAgICAgICAgICAgIGNvbnRpbnVlOwogCiAgICAgICAg IGlmIChjb250YWluc1JhbmdlKHJhbmdlQXRQb3NpdGlvbi5nZXQoKSwgY3VycmVudFJhbmdlKSkK QEAgLTEyNTksNyArMTI1OSw3IEBAIFBhc3NSZWZQdHI8UmFuZ2U+IFdlYlBhZ2U6OmNvbnRyYWN0 ZWRSYW4KICAgICAgICAgZGlzdGFuY2UgKj0gbXVsdGlwbGU7CiAKICAgICAgICAgUmVmUHRyPFJh bmdlPiBuZXdSYW5nZSA9IHJhbmdlRm9yQmxvY2tBdFBvaW50KHRlc3RQb2ludCk7Ci0gICAgICAg IGlmICgmbmV3UmFuZ2UtPm93bmVyRG9jdW1lbnQoKSAhPSAmY3VycmVudFJhbmdlLT5vd25lckRv Y3VtZW50KCkpCisgICAgICAgIGlmICghbmV3UmFuZ2UgfHwgJm5ld1JhbmdlLT5vd25lckRvY3Vt ZW50KCkgIT0gJmN1cnJlbnRSYW5nZS0+b3duZXJEb2N1bWVudCgpKQogICAgICAgICAgICAgY29u dGludWU7CiAKICAgICAgICAgaWYgKGhhbmRsZVBvc2l0aW9uID09IFNlbGVjdGlvbkhhbmRsZVBv c2l0aW9uOjpUb3AgfHwgaGFuZGxlUG9zaXRpb24gPT0gU2VsZWN0aW9uSGFuZGxlUG9zaXRpb246 OkxlZnQpCkBAIC0xMzI3LDggKzEzMjcsNiBAQCB2b2lkIFdlYlBhZ2U6OmNvbXB1dGVFeHBhbmRB bmRTaHJpbmtUaHJlCiAgICAgRnJhbWUmIGZyYW1lID0gbV9wYWdlLT5mb2N1c0NvbnRyb2xsZXIo KS5mb2N1c2VkT3JNYWluRnJhbWUoKTsKICAgICBSZWZQdHI8UmFuZ2U+IGN1cnJlbnRSYW5nZSA9 IG1fY3VycmVudEJsb2NrU2VsZWN0aW9uID8gbV9jdXJyZW50QmxvY2tTZWxlY3Rpb24uZ2V0KCkg OiBmcmFtZS5zZWxlY3Rpb24oKS5zZWxlY3Rpb24oKS50b05vcm1hbGl6ZWRSYW5nZSgpOwogCi0g ICAgLy8gRklYTUU6IFRoaXMgdXNlZCB0byBiZSBhbiBhc3NlcnRpb24gYnV0IHRoZXJlIGFwcGVh cnMgdG8gYmUgc29tZSByYWNlIGNvbmRpdGlvbiB1bmRlciB3aGljaCB3ZSBnZXQgYSBudWxsIHJh bmdlLgotICAgIC8vIFNob3VsZCB3ZSBkbyBvdGhlciB0aGluZ3MgaW4gYWRkaXRpb24gdG8gdGhl IG51bGwgY2hlY2sgaGVyZT8KICAgICBpZiAoIWN1cnJlbnRSYW5nZSkKICAgICAgICAgcmV0dXJu OwogCg== 240512 2014-10-27 17:06:27 -0700 2014-10-27 17:18:37 -0700 Additional fix changeBlock-crash.txt text/plain 1658 enrica SW5kZXg6IFNvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi S2l0Mi9DaGFuZ2VMb2cJKHJldmlzaW9uIDE3NTIzNCkKKysrIFNvdXJjZS9XZWJLaXQyL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE3IEBACisyMDE0LTEwLTI3ICBFbnJpY2Eg Q2FzdWNjaSAgPGVucmljYUBhcHBsZS5jb20+CisKKyAgICAgICAgV2ViQ29udGVudCBjcmFzaCBp biBXZWJLaXQ6OldlYlBhZ2U6OmV4cGFuZGVkUmFuZ2VGcm9tSGFuZGxlLgorICAgICAgICBodHRw czovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTM4MDIzCisgICAgICAgIHJkYXI6 Ly9wcm9ibGVtLzE4Nzg3NDEyCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISku CisKKyAgICAgICAgV2UgbXVzdCBjaGFuZ2UgdGhhdCB3ZSBoYXZlIGEgdmFsaWQgY3VycmVudFJh bmdlIGJlZm9yZSB0cnlpbmcKKyAgICAgICAgdG8gZXhwYW5kIG9yIGNvbnRyYWN0LgorCisgICAg ICAgICogV2ViUHJvY2Vzcy9XZWJQYWdlL2lvcy9XZWJQYWdlSU9TLm1tOgorICAgICAgICAoV2Vi S2l0OjpXZWJQYWdlOjpjaGFuZ2VCbG9ja1NlbGVjdGlvbik6CisKIDIwMTQtMTAtMjcgIEFsZXhl eSBQcm9za3VyeWFrb3YgIDxhcEBhcHBsZS5jb20+CiAKICAgICAgICAgaHR0cC90ZXN0cy9jb29r aWVzL3RoaXJkLXBhcnR5LWNvb2tpZS1yZWxheGluZy5odG1sIGlzIGZsYWt5IG9uIGJvdHMKSW5k ZXg6IFNvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3MvV2ViUGFnZS9pb3MvV2ViUGFnZUlPUy5tbQo9 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNzL1dlYlBhZ2UvaW9zL1dlYlBh Z2VJT1MubW0JKHJldmlzaW9uIDE3NTIzMikKKysrIFNvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3Mv V2ViUGFnZS9pb3MvV2ViUGFnZUlPUy5tbQkod29ya2luZyBjb3B5KQpAQCAtMTQwNiw2ICsxNDA2 LDggQEAgUGFzc1JlZlB0cjxXZWJDb3JlOjpSYW5nZT4gV2ViUGFnZTo6Y2hhbgogewogICAgIEZy YW1lJiBmcmFtZSA9IG1fcGFnZS0+Zm9jdXNDb250cm9sbGVyKCkuZm9jdXNlZE9yTWFpbkZyYW1l KCk7CiAgICAgUmVmUHRyPFJhbmdlPiBjdXJyZW50UmFuZ2UgPSBtX2N1cnJlbnRCbG9ja1NlbGVj dGlvbiA/IG1fY3VycmVudEJsb2NrU2VsZWN0aW9uLmdldCgpIDogZnJhbWUuc2VsZWN0aW9uKCku c2VsZWN0aW9uKCkudG9Ob3JtYWxpemVkUmFuZ2UoKTsKKyAgICBpZiAoIWN1cnJlbnRSYW5nZSkK KyAgICAgICAgcmV0dXJuIG51bGxwdHI7CiAgICAgUmVmUHRyPFJhbmdlPiBuZXdSYW5nZSA9IHNo b3VsZEV4cGFuZChoYW5kbGVQb3NpdGlvbiwgc2VsZWN0aW9uQm94Rm9yUmFuZ2UoY3VycmVudFJh bmdlLmdldCgpKSwgcG9pbnQpID8gZXhwYW5kZWRSYW5nZUZyb21IYW5kbGUoY3VycmVudFJhbmdl LmdldCgpLCBoYW5kbGVQb3NpdGlvbikgOiBjb250cmFjdGVkUmFuZ2VGcm9tSGFuZGxlKGN1cnJl bnRSYW5nZS5nZXQoKSwgaGFuZGxlUG9zaXRpb24sIGZsYWdzKTsKIAogICAgIGlmIChuZXdSYW5n ZSkgewo=