Bug 139506

Summary: Null dereference performing a "TapAndAHalf" gesture in Google search field
Product: WebKit Reporter: Jon Honeycutt <jhoneycutt>
Component: WebKit2Assignee: Jon Honeycutt <jhoneycutt>
Status: RESOLVED FIXED    
Severity: Normal CC: enrica, simon.fraser
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
URL: http://google.com
Attachments:
Description Flags
Patch darin: review+

Jon Honeycutt
Reported 2014-12-10 14:13:43 PST
A null dereference can occur when performing a "TapAndAHalf" gesture in the Google search field. Repro test case: data:text/html,<input%20size="40"%20%20placeholder="Perform%20a%20tap%20and%20a%20half%20gesture%20in%20this%20field"> <rdar://problem/19028828>
Attachments
Patch (3.03 KB, patch)
2014-12-10 14:26 PST, Jon Honeycutt 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Jon Honeycutt
Comment 1 2014-12-10 14:26:22 PST
Created attachment 243066 [details] Patch
Darin Adler
Comment 2 2014-12-10 16:56:28 PST
Comment on attachment 243066 [details] Patch This change seems OK, but just a few lines later I see code that calls Range::create and dereferences the result unconditionally. I think we should consistently handle null in both places in this function instead of just in this one place.
Jon Honeycutt
Comment 3 2014-12-10 17:05:05 PST
(In reply to comment #2) > Comment on attachment 243066 [details] > Patch > > This change seems OK, but just a few lines later I see code that calls > Range::create and dereferences the result unconditionally. I think we should > consistently handle null in both places in this function instead of just in > this one place. This adds a null check for the result of wordRangeFromPosition before calling Range::create. Range::create doesn't return null. Thanks for the review!
Jon Honeycutt
Comment 4 2014-12-10 17:09:24 PST
Committed r177115: <http://trac.webkit.org/changeset/177115>
Note You need to log in before you can comment on or make changes to this bug.