60071 2011-05-03 15:27:08 -0700 Crash in SpellingCorrectionController::respondToChangedSelection 2011-05-03 16:42:09 -0700 1 1 1 Unclassified WebKit HTML Editing 528+ (Nightly build) Mac OS X 10.5 RESOLVED FIXED InRadar, PlatformOnly P2 Normal --- 1 enrica enrica ap rniwa oldest_to_newest 397454 0 enrica 2011-05-03 15:27:08 -0700 Probably caused by not validating the selection bounds. <rdar://problem/9358190> 397477 1 92152 enrica 2011-05-03 15:58:37 -0700 Created attachment 92152 Patch 397482 2 92152 rniwa 2011-05-03 16:02:37 -0700 Comment on attachment 92152 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=92152&action=review > Source/WebCore/editing/SpellingCorrectionController.cpp:390 > + // Creating a Visible position triggers a layout and there is no > + // guarantee that the selection is still valid. Seems odd that layout cases a position to become null but okay. 397503 3 ap 2011-05-03 16:19:21 -0700 Is the _selection_ actually becoming invalid? The comment seems slightly confusing. 397521 4 enrica 2011-05-03 16:34:09 -0700 The selection is in a text field that gets hidden. The spelling code builds a VisiblePosition from the start position of the selection, producing a null position. 397524 5 92152 rniwa 2011-05-03 16:36:00 -0700 Comment on attachment 92152 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=92152&action=review > LayoutTests/editing/selection/undo-crash-expected.txt:2 > +SUCCEEDED PASS might be more consistent with the rest of editing tests. 397525 6 rniwa 2011-05-03 16:36:11 -0700 (In reply to comment #4) > The selection is in a text field that gets hidden. The spelling code builds a VisiblePosition from the start position of the selection, producing a null position. Makes sense. 397528 7 enrica 2011-05-03 16:42:09 -0700 http://trac.webkit.org/changeset/85687 92152 2011-05-03 15:58:37 -0700 2011-05-03 16:36:00 -0700 Patch undocrash.txt text/plain 4311 enrica SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDg1Njc1KQorKysgU291cmNlL1dlYkNvcmUvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTkgQEAKKzIwMTEtMDUtMDMgIEVucmljYSBD YXN1Y2NpICA8ZW5yaWNhQGFwcGxlLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkg KE9PUFMhKS4KKworICAgICAgICBDcmFzaCBpbiBTcGVsbGluZ0NvcnJlY3Rpb25Db250cm9sbGVy OjpyZXNwb25kVG9DaGFuZ2VkU2VsZWN0aW9uLgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0 Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NjAwNzEKKyAgICAgICAgPHJkYXI6Ly9wcm9ibGVtLzkzNTgx OTA+CisKKyAgICAgICAgQ3JlYXRpbmcgYSBWaXNpYmxlIHBvc2l0aW9uIGNvdWxkIHRyaWdnZXIg YSBsYXlvdXQgYW5kIHRoZXJlIGlzIG5vCisgICAgICAgIGd1YXJhbnRlZSB0aGF0IHRoZSBzZWxl Y3Rpb24gaXMgc3RpbGwgdmFsaWQgYWZ0ZXIgdGhhdC4KKworICAgICAgICBUZXN0czogZWRpdGlu Zy9zZWxlY3Rpb24vdW5kby1jcmFzaC5odG1sCisKKyAgICAgICAgKiBlZGl0aW5nL1NwZWxsaW5n Q29ycmVjdGlvbkNvbnRyb2xsZXIuY3BwOgorICAgICAgICAoV2ViQ29yZTo6U3BlbGxpbmdDb3Jy ZWN0aW9uQ29udHJvbGxlcjo6cmVzcG9uZFRvQ2hhbmdlZFNlbGVjdGlvbik6CisKIDIwMTEtMDUt MDMgIEFudG9uIE11aGluICA8YW50b25tQGNocm9taXVtLm9yZz4KIAogICAgICAgICBSZXZpZXdl ZCBieSBZdXJ5IFNlbWlraGF0c2t5LgpJbmRleDogU291cmNlL1dlYkNvcmUvZWRpdGluZy9TcGVs bGluZ0NvcnJlY3Rpb25Db250cm9sbGVyLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViQ29y ZS9lZGl0aW5nL1NwZWxsaW5nQ29ycmVjdGlvbkNvbnRyb2xsZXIuY3BwCShyZXZpc2lvbiA4NTY2 MikKKysrIFNvdXJjZS9XZWJDb3JlL2VkaXRpbmcvU3BlbGxpbmdDb3JyZWN0aW9uQ29udHJvbGxl ci5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTM4NSw2ICszODUsMTIgQEAgdm9pZCBTcGVsbGluZ0Nv cnJlY3Rpb25Db250cm9sbGVyOjpyZXNwbwogICAgICAgICByZXR1cm47CiAKICAgICBWaXNpYmxl UG9zaXRpb24gc2VsZWN0aW9uUG9zaXRpb24gPSBjdXJyZW50U2VsZWN0aW9uLnN0YXJ0KCk7Cisg ICAgCisgICAgLy8gQ3JlYXRpbmcgYSBWaXNpYmxlIHBvc2l0aW9uIHRyaWdnZXJzIGEgbGF5b3V0 IGFuZCB0aGVyZSBpcyBubworICAgIC8vIGd1YXJhbnRlZSB0aGF0IHRoZSBzZWxlY3Rpb24gaXMg c3RpbGwgdmFsaWQuCisgICAgaWYgKHNlbGVjdGlvblBvc2l0aW9uLmlzTnVsbCgpKQorICAgICAg ICByZXR1cm47CisgICAgCiAgICAgVmlzaWJsZVBvc2l0aW9uIGVuZFBvc2l0aW9uT2ZXb3JkID0g ZW5kT2ZXb3JkKHNlbGVjdGlvblBvc2l0aW9uLCBMZWZ0V29yZElmT25Cb3VuZGFyeSk7CiAgICAg aWYgKHNlbGVjdGlvblBvc2l0aW9uICE9IGVuZFBvc2l0aW9uT2ZXb3JkKQogICAgICAgICByZXR1 cm47CkluZGV4OiBMYXlvdXRUZXN0cy9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVz dHMvQ2hhbmdlTG9nCShyZXZpc2lvbiA4NTY3NikKKysrIExheW91dFRlc3RzL0NoYW5nZUxvZwko d29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE0IEBACisyMDExLTA1LTAzICBFbnJpY2EgQ2FzdWNj aSAgPGVucmljYUBhcHBsZS5jb20+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BT ISkuCisKKyAgICAgICAgQ3Jhc2ggaW4gU3BlbGxpbmdDb3JyZWN0aW9uQ29udHJvbGxlcjo6cmVz cG9uZFRvQ2hhbmdlZFNlbGVjdGlvbi4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcv c2hvd19idWcuY2dpP2lkPTYwMDcxCisgICAgICAgIDxyZGFyOi8vcHJvYmxlbS85MzU4MTkwPgor CisgICAgICAgICogZWRpdGluZy9zZWxlY3Rpb24vdW5kby1jcmFzaC1leHBlY3RlZC50eHQ6IEFk ZGVkLgorICAgICAgICAqIGVkaXRpbmcvc2VsZWN0aW9uL3VuZG8tY3Jhc2guaHRtbDogQWRkZWQu CisKIDIwMTEtMDUtMDMgIERhbiBCZXJuc3RlaW4gIDxtaXR6QGFwcGxlLmNvbT4KIAogICAgICAg ICBSdWJiZXItc3RhbXBlZCBieSBEYXJpbiBBZGxlci4KSW5kZXg6IExheW91dFRlc3RzL2VkaXRp bmcvc2VsZWN0aW9uL3VuZG8tY3Jhc2gtZXhwZWN0ZWQudHh0Cj09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIExheW91 dFRlc3RzL2VkaXRpbmcvc2VsZWN0aW9uL3VuZG8tY3Jhc2gtZXhwZWN0ZWQudHh0CShyZXZpc2lv biAwKQorKysgTGF5b3V0VGVzdHMvZWRpdGluZy9zZWxlY3Rpb24vdW5kby1jcmFzaC1leHBlY3Rl ZC50eHQJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEsMiBAQAorVG8gcnVuIHRoaXMgdGVzdCBtYW51 YWxseSwgdHlwZSBzb21lIHRleHQgaW4gdGhlIGlucHV0IGZpZWxkLCB0aGVuIGNsaWNrIHRoZSAi Q3Jhc2ggbWUiIGJ1dHRvbi4gIAorU1VDQ0VFREVECkluZGV4OiBMYXlvdXRUZXN0cy9lZGl0aW5n L3NlbGVjdGlvbi91bmRvLWNyYXNoLmh0bWwKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvZWRp dGluZy9zZWxlY3Rpb24vdW5kby1jcmFzaC5odG1sCShyZXZpc2lvbiAwKQorKysgTGF5b3V0VGVz dHMvZWRpdGluZy9zZWxlY3Rpb24vdW5kby1jcmFzaC5odG1sCShyZXZpc2lvbiAwKQpAQCAtMCww ICsxLDQ0IEBACis8aHRtbD48aGVhZD4KKzx0aXRsZT5VbmRvIGNyYXNoPC90aXRsZT4KKzwvaGVh ZD4KKzxib2R5IG9ubG9hZD0ibG9hZCgpIj4KK1RvIHJ1biB0aGlzIHRlc3QgbWFudWFsbHksIHR5 cGUgc29tZSB0ZXh0IGluIHRoZSBpbnB1dCBmaWVsZCwgdGhlbiBjbGljayB0aGUgIkNyYXNoIG1l IiBidXR0b24uCis8aW5wdXQgaWQ9InRlc3RpbnB1dCIgdHlwZT0idGV4dCI+PC9pbnB1dD4KKzxp bnB1dCBpZD0ndGVzdGJ1dHRvbicgdHlwZT0iYnV0dG9uIiB2YWx1ZT0iQ3Jhc2ggbWUiIG9uY2xp Y2s9ImNyYXNoKCkiPgorPHVsIGlkPSJjb25zb2xlIj48L3VsPgorPHNjcmlwdD4KKworZnVuY3Rp b24gbG9hZCgpCit7CisgICAgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoJ3Rlc3RpbnB1dCcpLmZv Y3VzKCk7CisgICAgaWYgKHdpbmRvdy5sYXlvdXRUZXN0Q29udHJvbGxlcikKKyAgICAgICAgbGF5 b3V0VGVzdENvbnRyb2xsZXIuZHVtcEFzVGV4dCgpOworICAgIGRvY3VtZW50LmV4ZWNDb21tYW5k KCdJbnNlcnRUZXh0JywgZmFsc2UsICdiJyk7CisgICAgZG9jdW1lbnQuZXhlY0NvbW1hbmQoJ0lu c2VydFRleHQnLCBmYWxzZSwgJ2wnKTsKKyAgICBkb2N1bWVudC5leGVjQ29tbWFuZCgnSW5zZXJ0 VGV4dCcsIGZhbHNlLCAnYScpOworICAgIGRvY3VtZW50LmV4ZWNDb21tYW5kKCdJbnNlcnRUZXh0 JywgZmFsc2UsICdoJyk7CisgICAgaWYgKGV2ZW50U2VuZGVyKSB7CisgICAgICAgIHZhciBidXR0 b24gPSBkb2N1bWVudC5nZXRFbGVtZW50QnlJZCgndGVzdGJ1dHRvbicpOworICAgICAgICBldmVu dFNlbmRlci5tb3VzZU1vdmVUbyhidXR0b24ub2Zmc2V0TGVmdCArIDEwLCBidXR0b24ub2Zmc2V0 VG9wICsgNSkKKyAgICAgICAgZXZlbnRTZW5kZXIubW91c2VEb3duKCk7CisgICAgICAgIGV2ZW50 U2VuZGVyLm1vdXNlVXAoKTsKKyAgICB9Cit9CisKK2Z1bmN0aW9uIGNyYXNoKCkKK3sKKyAgICB2 YXIgZWxlbSA9IGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCd0ZXN0aW5wdXQnKTsKKyAgICBlbGVt LnN0eWxlLmRpc3BsYXkgPSAnbm9uZSc7CisgICAgZG9jdW1lbnQuZXhlY0NvbW1hbmQoJ3VuZG8n KTsKKyAgICBsb2coIlNVQ0NFRURFRCIpOworfQorCitmdW5jdGlvbiBsb2coc3RyKSB7CisgICAg dmFyIGxpID0gZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgibGkiKTsKKyAgICBsaS5hcHBlbmRDaGls ZChkb2N1bWVudC5jcmVhdGVUZXh0Tm9kZShzdHIpKTsKKyAgICB2YXIgY29uc29sZSA9IGRvY3Vt ZW50LmdldEVsZW1lbnRCeUlkKCJjb25zb2xlIik7CisgICAgY29uc29sZS5hcHBlbmRDaGlsZChs aSk7Cit9Cis8L3NjcmlwdD4KKzwvYm9keT4KKzwvaHRtbD4K