Bug 138399

Summary: WebContent crash in WebPage::selectWithGesture()
Product: WebKit Reporter: Jon Honeycutt <jhoneycutt>
Component: WebKit Misc.Assignee: Jon Honeycutt <jhoneycutt>
Status: RESOLVED FIXED    
Severity: Normal CC: benjamin, enrica
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch simon.fraser: review+

Description Jon Honeycutt 2014-11-04 18:46:41 PST 
There is a difficult-to-reproduce null dereference crash that can occur when WebPage::selectWithGesture() receives a “TapAndAHalf” gesture with state “Changed” when having never received a “TapAndAHalf” gesture with state “Began”.


To reproduce:

1. Go to data:text/html,<input>
2. Continuously tap, and tap-press into the text field while simultaneously typing

<rdar://problem/18550631>
Comment 1 Jon Honeycutt 2014-11-04 18:49:12 PST 
Created attachment 240995 [details]
Patch
Comment 2 Jon Honeycutt 2014-11-05 12:55:15 PST 
Committed r175636: <http://trac.webkit.org/changeset/175636>