Bug 49583

User-Agent: Mozilla/5.0 (Linux; U; Android 2.2.1; en-us; MB520 Build/3.4.2_40) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 Reproduce steps: 1. Open below url on Android phone with google browser. http://www.google.com.hk/m/search?q=we&pbx=1&aq=&oq=&aqi=&fkt=&fsdt=&csll=&action=&site=images&gl=cn&source=mog&hl=zh-CN#i=1 2. Press Menu --> More --> Select text 3. Repeating select the area of pure image. Expected result: Nothing should be copied to clipboard. Actual result: Browser is crashed. Below is the tombstone. #00 pc 0007f018 /system/lib/libskia.so external/skia/src/core/SkPicture.cpp:179 #01 pc 000627e0 /system/lib/libskia.so external/skia/src/core/SkCanvas.cpp:1406 #02 pc 002b4af4 /system/lib/libwebcore.so external/webkit/WebKit/android/nav/SelectText.cpp:377 #03 pc 002b4b2e /system/lib/libwebcore.so external/webkit/WebKit/android/nav/SelectText.cpp:439 #04 pc 001af8b8 /system/lib/libwebcore.so external/webkit/WebKit/android/nav/WebView.cpp:946 #05 pc 00010e34 /system/lib/libdvm.so #06 pc 0003f370 /system/lib/libdvm.so #07 pc 00015d98 /system/lib/libdvm.so #08 pc 0001c7fc /system/lib/libdvm.so #09 pc 0001b69c /system/lib/libdvm.so #10 pc 0005692e /system/lib/libdvm.so #11 pc 0005ef14 /system/lib/libdvm.so #12 pc 00015d98 /system/lib/libdvm.so #13 pc 0001c7fc /system/lib/libdvm.so #14 pc 0001b69c /system/lib/libdvm.so #15 pc 0005676c /system/lib/libdvm.so #16 pc 00041d42 /system/lib/libdvm.so #17 pc 0002de0c /system/lib/libandroid_runtime.so #18 pc 0002ef08 /system/lib/libandroid_runtime.so #19 pc 00008ca8 /system/bin/app_process #20 pc 0000d410 /system/lib/libc.so #00 pc 0007b8f0 /system/lib/libskia.so external/skia/src/core/SkPath.cpp:934 #01 pc 00062e58 /system/lib/libskia.so external/skia/src/core/SkCanvas.cpp:859 #02 pc 000803dc /system/lib/libskia.so external/skia/src/core/SkPicturePlayback.cpp:541 Rootcause analysis: 1. This issue is involved by webkit upgrade when android base upgrades from eclair to froyo. There are many big design changes on webkit. Eclair implementation: commitCopy() -> {WebView::nativeGetSelection() --> GraphicsJNI::createRegion()}-> mWebViewCore.sendMessage(EventHub.GET_SELECTION, selection) --> WebViewCore::nativeGetSelection() --> WebViewCore::GetSelection() --> WebViewCore::getSelection() --> WebViewCore::findTextBoxIndex() --> CacheBuilder::GetGlobalOffset() Froyo implementation: commitCopy() --> WebView::nativeGetSelection() --> WebView::getSelection() --> SelectText::getSelection() --> CopyPaste::text() --> {SkCanvas::drawPicture --> SkPicture::draw() --> SkPicturePlayback::draw()} + TextExtractor::text() 2. The only thought for me till now is to roll back the implementation of this part to Eclair's. However, below interfaces have been deleted by froyo. It would be of high risk to roll back them. mWebViewCore.sendMessage(EventHub.GET_SELECTION, selection) --> WebViewCore::nativeGetSelection() --> WebViewCore::GetSelection() --> WebViewCore::getSelection() --> WebViewCore::findTextBoxIndex()