Bug 18506

Summary: Crash when Ctrl C (copy) is pressed after a series of specific mouse events
Product: WebKit Reporter: Rahul Kuchhal <kuchhal>
Component: HTML EditingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal Keywords: InRadar
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Testcase
none
Fixes the crash described in the bug.
none
Crash log for kuchal's repro steps
none
Layout test none

Rahul Kuchhal
Reported 2008-04-14 16:47:26 PDT
To reproduce: - open the attached html file - hover the mouse over "Mouse Over" link - Select the "Select" link in the popup box - move mouse away so that popup disappears - press Ctrl C - crash
Attachments
Testcase (9.09 KB, text/html)
2008-04-14 16:48 PDT, Rahul Kuchhal 		no flags
Details
Fixes the crash described in the bug. (1.22 KB, patch)
2008-04-14 16:53 PDT, Rahul Kuchhal 		no flags
DetailsFormatted DiffDiff
Crash log for kuchal's repro steps (19.07 KB, text/plain)
2008-04-17 16:53 PDT, Eric Roman 		no flags
Details
Layout test (10.60 KB, text/html)
2008-04-18 10:18 PDT, Rahul Kuchhal 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Rahul Kuchhal
Comment 1 2008-04-14 16:48:20 PDT
Created attachment 20539 [details] Testcase
Rahul Kuchhal
Comment 2 2008-04-14 16:53:54 PDT
Created attachment 20540 [details] Fixes the crash described in the bug.
Mark Rowe (bdash)
Comment 3 2008-04-14 17:22:45 PDT
<rdar://problem/5863412>
Adele Peterson
Comment 4 2008-04-15 22:27:21 PDT
Comment on attachment 20540 [details] Fixes the crash described in the bug. Internally, we haven't been able to reproduce this. But the null check is fine (and its done earlier in the function too). Is there a way to make a layout test for this?
Rahul Kuchhal
Comment 5 2008-04-16 10:24:54 PDT
I can reproduce this 100% of the time but the steps are a little tricky. After mouse over, you need to jump quickly to the popup box and then select the dummy link using mouse. Now move mouse away (without clicking) so that popup disappears and pressing ctrl-c at that time causes crash. I am trying to write layout test for this.
Eric Roman
Comment 6 2008-04-17 16:42:14 PDT
I am also able to reproduce this 100% of the time To be clear, on Mac Os X you need to type "cmd-c" instead of "ctrl-c". To re-iterate the repro steps: (1) Mouse over the link called "Mouse Over" (2) Quickly move the mouse into the yellow box (otherwise it closes before you reach it) (3) Drag a selection around the "Select" word (4) Move the mouse outside of yellow box and it will be dismissed (5) If on mac os x, type cmd-c (copy) else if on windows type ctrl-c (copy) (6) Results in crashes in safari 3.1 Raised priority since it is a crash.
Eric Roman
Comment 7 2008-04-17 16:53:34 PDT
Created attachment 20655 [details] Crash log for kuchal's repro steps
Rahul Kuchhal
Comment 8 2008-04-18 10:18:29 PDT
Created attachment 20669 [details] Layout test I have this layout test case which is rather complicated. I couldn't reduce it any further because there are multiple steps involved and making even any small changes renders the test useless by causing the crash to go away. If this layout test is acceptable let me know and I will generate a patch for it.
Darin Adler
Comment 9 2008-06-08 13:45:05 PDT
Comment on attachment 20540 [details] Fixes the crash described in the bug. Clearing the review flag since this patch was landed.
Darin Adler
Comment 10 2008-06-08 13:46:06 PDT
r33583 It's great to try to work on a test case for this, but the bug is fixed so this should be closed. If you want an open bug to track the work, then it should be a separate bug report.
Note You need to log in before you can comment on or make changes to this bug.