Bug 18506

Summary:

Crash when Ctrl C (copy) is pressed after a series of specific mouse events

Product:

WebKit

Reporter:

Rahul Kuchhal <kuchhal>

Component:

HTML Editing

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

Keywords:

InRadar

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
Testcase	none
Fixes the crash described in the bug.	none
Crash log for kuchal's repro steps	none
Layout test	none

Description Rahul Kuchhal 2008-04-14 16:47:26 PDT

To reproduce:
- open the attached html file
- hover the mouse over "Mouse Over" link
- Select the "Select" link in the popup box
- move mouse away so that popup disappears
- press Ctrl C - crash

Comment 1 Rahul Kuchhal 2008-04-14 16:48:20 PDT

Created attachment 20539 [details]
Testcase

Comment 2 Rahul Kuchhal 2008-04-14 16:53:54 PDT

Created attachment 20540 [details]
Fixes the crash described in the bug.

Comment 3 Mark Rowe (bdash) 2008-04-14 17:22:45 PDT

<rdar://problem/5863412>

Comment 4 Adele Peterson 2008-04-15 22:27:21 PDT

Comment on attachment 20540 [details]
Fixes the crash described in the bug.

Internally, we haven't been able to reproduce this.  But the null check is fine (and its done earlier in the function too).  Is there a way to make a layout test for this?

Comment 5 Rahul Kuchhal 2008-04-16 10:24:54 PDT

I can reproduce this 100% of the time but the steps are a little tricky. After mouse over, you need to jump quickly to the popup box and then select the dummy link using mouse. Now move mouse away (without clicking) so that popup disappears and pressing ctrl-c at that time causes crash.

I am trying to write layout test for this.

Comment 6 Eric Roman 2008-04-17 16:42:14 PDT

I am also able to reproduce this 100% of the time

To be clear, on Mac Os X you need to type "cmd-c" instead of "ctrl-c".

To re-iterate the repro steps:

(1) Mouse over the link called "Mouse Over"
(2) Quickly move the mouse into the yellow box (otherwise it closes before you reach it)
(3) Drag a selection around the "Select" word
(4) Move the mouse outside of yellow box and it will be dismissed
(5) If on mac os x, type cmd-c (copy)
else if on windows type ctrl-c (copy)
(6) Results in crashes in safari 3.1

Raised priority since it is a crash.

Comment 7 Eric Roman 2008-04-17 16:53:34 PDT

Created attachment 20655 [details]
Crash log for kuchal's repro steps

Comment 8 Rahul Kuchhal 2008-04-18 10:18:29 PDT

Created attachment 20669 [details]
Layout test

I have this layout test case which is rather complicated. I couldn't reduce it any further because there are multiple steps involved and making even any small changes renders the test useless by causing the crash to go away.

If this layout test is acceptable let me know and I will generate a patch for it.

Comment 9 Darin Adler 2008-06-08 13:45:05 PDT

Comment on attachment 20540 [details]
Fixes the crash described in the bug.

Clearing the review flag since this patch was landed.

Comment 10 Darin Adler 2008-06-08 13:46:06 PDT

r33583

It's great to try to work on a test case for this, but the bug is fixed so this should be closed. If you want an open bug to track the work, then it should be a separate bug report.