138399 – WebContent crash in WebPage::selectWithGesture()

Bug 138399 - WebContent crash in WebPage::selectWithGesture()

Summary: WebContent crash in WebPage::selectWithGesture()

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit Misc. (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Jon Honeycutt

URL:
Keywords:

Depends on:
Blocks:

Reported:	2014-11-04 18:46 PST by Jon Honeycutt
Modified:	2014-11-05 12:55 PST (History)
CC List:	2 users (show)

See Also:

Attachments
Patch (1.89 KB, patch) 2014-11-04 18:49 PST, Jon Honeycutt	simon.fraser: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Jon Honeycutt 2014-11-04 18:46:41 PST

There is a difficult-to-reproduce null dereference crash that can occur when WebPage::selectWithGesture() receives a “TapAndAHalf” gesture with state “Changed” when having never received a “TapAndAHalf” gesture with state “Began”.


To reproduce:

1. Go to data:text/html,<input>
2. Continuously tap, and tap-press into the text field while simultaneously typing

<rdar://problem/18550631>

Comment 1 Jon Honeycutt 2014-11-04 18:49:12 PST

Created attachment 240995 [details]
Patch

Comment 2 Jon Honeycutt 2014-11-05 12:55:15 PST

Committed r175636: <http://trac.webkit.org/changeset/175636>