4025 2005-07-16 00:24:17 -0700 Reproducible crash (infinite recursion?) choosing Make Link from text field's contextual menu 2005-09-24 11:37:09 -0700 1 1 1 Unclassified WebKit Forms 412 Mac OS X 10.4 VERIFIED FIXED http://www.apple.com/ P1 Major --- 1 mitz darin oldest_to_newest 14733 0 mitz 2005-07-16 00:24:17 -0700 Safari crashes when you choose Make Link from a text field's contextual menu (the selected text in the field must be a URL). To reproduce: open testcase, select all text in the text field, control-click the selected text and choose Make Link from the contextual menu. Backtrace: Thread 0 Crashed: 0 com.apple.Foundation 0x92871570 -[NSInvocation getArgument:atIndex:] + 24 1 com.apple.Foundation 0x928786b4 -[NSInvocation invoke] + 60 2 com.apple.Foundation 0x92878fd8 -[NSInvocation invokeWithTarget:] + 64 3 com.apple.Foundation 0x92870dd4 -[NSObject(NSForwardInvocation) forward::] + 408 4 libobjc.A.dylib 0x909b20d0 _objc_msgForward + 176 5 com.apple.WebKit 0x959d56e0 -[WebView(WebViewEditing) undoManager] + 52 6 com.apple.AppKit 0x936f9bf8 -[NSTextView _getUndoManager:] + 208 7 com.apple.AppKit 0x936f9a64 -[NSTextView undoManager] + 40 8 com.apple.AppKit 0x93710e78 -[NSTextView(NSSharing) shouldChangeTextInRanges:replacementStrings:] + 312 9 com.apple.AppKit 0x93710d2c -[NSTextView(NSSharing) shouldChangeTextInRange:replacementString:] + 120 10 com.apple.WebCore 0x95d2d908 -[KWQTextFieldController textView:shouldChangeTextInRange:replacementString:] + 176 11 com.apple.WebCore 0x95d2dad0 -[KWQTextField textView:shouldChangeTextInRange:replacementString:] + 88 12 com.apple.AppKit 0x93711110 -[NSTextView(NSSharing) shouldChangeTextInRanges:replacementStrings:] + 976 13 com.apple.AppKit 0x93710d2c -[NSTextView(NSSharing) shouldChangeTextInRange:replacementString:] + 120 14 com.apple.WebCore 0x95d2d908 -[KWQTextFieldController textView:shouldChangeTextInRange:replacementString:] + 176 15 com.apple.WebCore 0x95d2dad0 -[KWQTextField textView:shouldChangeTextInRange:replacementString:] + 88 16 com.apple.AppKit 0x93711110 -[NSTextView(NSSharing) shouldChangeTextInRanges:replacementStrings:] + 976 17 com.apple.AppKit 0x93710d2c -[NSTextView(NSSharing) shouldChangeTextInRange:replacementString:] + 120 18 com.apple.WebCore 0x95d2d908 -[KWQTextFieldController textView:shouldChangeTextInRange:replacementString:] + 176 19 com.apple.WebCore 0x95d2dad0 -[KWQTextField textView:shouldChangeTextInRange:replacementString:] + 88 and so on for another 500 stack frames... 14734 1 2987 mitz 2005-07-16 00:27:14 -0700 Created attachment 2987 Testcase 15390 2 mrowe 2005-07-29 00:33:04 -0700 I can reproduce this with ToT WebKit by following the given instructions. 18695 3 darin 2005-09-04 13:30:43 -0700 The problem here is that the replacement string is nil in -[KWQTextFieldController textView:shouldChangeTextInRange:replacementString:]. That method calls -[NSString rangeOfCharacterFromSet:], which returns a random value when passed nil (as does any method that returns a structure). The fix is to check for nil. 18696 4 darin 2005-09-04 13:31:26 -0700 It's also a bug that Make Link shows up at all. This is a plain text field, so Make Link should not be there. But that won't be covered by this bug report. 18698 5 3762 darin 2005-09-04 13:36:10 -0700 Created attachment 3762 check for nil to avoid the infinite recursion 18761 6 mitz 2005-09-05 11:29:16 -0700 Added bug 4856 about "Make Link" being in the contextual menu in the first place. 2987 2005-07-16 00:27:14 -0700 2005-07-16 00:27:14 -0700 Testcase makeLink.html text/html 353 mitz PCFET0NUWVBFIEhUTUwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMDEgVHJhbnNpdGlvbmFs Ly9FTiIgCiJodHRwOi8vd3d3LnczLm9yZy9UUi9odG1sNC9sb29zZS5kdGQiPgo8aHRtbD4KPGhl YWQ+Cjx0aXRsZT5NYWtlIExpbms8L3RpdGxlPgo8L2hlYWQ+Cjxib2R5Pgo8cD5TZWxlY3QgYWxs IHRleHQgaW4gdGhlIHRleHQgZmllbGQsIGNvbnRyb2wtY2xpY2sgdGhlIHNlbGVjdGVkIHRleHQK YW5kIGNob29zZSBNYWtlIExpbmsgZnJvbSB0aGUgY29udGV4Y3R1YWwgbWVudS48L3A+CjxpbnB1 dCB0eXBlPSJ0ZXh0IiB2YWx1ZT0iaHR0cDovL3d3dy5hcHBsZS5jb20vIj48L2lucHV0Pgo8L2Jv ZHk+CjwvaHRtbD4= 3762 2005-09-04 13:36:10 -0700 2005-09-05 11:05:36 -0700 check for nil to avoid the infinite recursion MakeLinkCrashPatch.txt text/plain 682 darin SW5kZXg6IGt3cS9LV1FUZXh0RmllbGQubW0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQpSQ1MgZmlsZTogL2N2cy9yb290 L1dlYkNvcmUva3dxL0tXUVRleHRGaWVsZC5tbSx2CnJldHJpZXZpbmcgcmV2aXNpb24gMS44NQpk aWZmIC1wIC11IC1yMS44NSBrd3EvS1dRVGV4dEZpZWxkLm1tCi0tLSBrd3EvS1dRVGV4dEZpZWxk Lm1tCTE2IEF1ZyAyMDA1IDE5OjAzOjE5IC0wMDAwCTEuODUKKysrIGt3cS9LV1FUZXh0RmllbGQu bW0JNCBTZXAgMjAwNSAyMDozNTo1MCAtMDAwMApAQCAtNDQyLDYgKzQ0Miw4IEBACiAKIC0gKEJP T0wpdGV4dFZpZXc6KE5TVGV4dFZpZXcgKil0ZXh0VmlldyBzaG91bGRDaGFuZ2VUZXh0SW5SYW5n ZTooTlNSYW5nZSlyYW5nZSByZXBsYWNlbWVudFN0cmluZzooTlNTdHJpbmcgKilzdHJpbmcKIHsK KyAgICBpZiAoc3RyaW5nID09IG5pbCkKKyAgICAgICAgcmV0dXJuIFlFUzsKICAgICBOU1Jhbmdl IG5ld2xpbmUgPSBbc3RyaW5nIHJhbmdlT2ZDaGFyYWN0ZXJGcm9tU2V0OltOU0NoYXJhY3RlclNl dCBjaGFyYWN0ZXJTZXRXaXRoQ2hhcmFjdGVyc0luU3RyaW5nOkAiXHJcbiJdXTsKICAgICBpZiAo bmV3bGluZS5sb2NhdGlvbiA9PSBOU05vdEZvdW5kKSB7CiAgICAgICAgIHJldHVybiBZRVM7Cg==