RESOLVED FIXED Bug 139506
Null dereference performing a "TapAndAHalf" gesture in Google search field 
https://bugs.webkit.org/show_bug.cgi?id=139506
Summary Null dereference performing a "TapAndAHalf" gesture in Google search field
Jon Honeycutt
Reported 2014-12-10 14:13:43 PST
A null dereference can occur when performing a "TapAndAHalf" gesture in the Google search field. Repro test case: data:text/html,<input%20size="40"%20%20placeholder="Perform%20a%20tap%20and%20a%20half%20gesture%20in%20this%20field"> <rdar://problem/19028828>
Attachments
Patch (3.03 KB, patch)
2014-12-10 14:26 PST, Jon Honeycutt 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Jon Honeycutt
Comment 1 2014-12-10 14:26:22 PST
Created attachment 243066 [details] Patch
Darin Adler
Comment 2 2014-12-10 16:56:28 PST
Comment on attachment 243066 [details] Patch This change seems OK, but just a few lines later I see code that calls Range::create and dereferences the result unconditionally. I think we should consistently handle null in both places in this function instead of just in this one place.
Jon Honeycutt
Comment 3 2014-12-10 17:05:05 PST
(In reply to comment #2) > Comment on attachment 243066 [details] > Patch > > This change seems OK, but just a few lines later I see code that calls > Range::create and dereferences the result unconditionally. I think we should > consistently handle null in both places in this function instead of just in > this one place. This adds a null check for the result of wordRangeFromPosition before calling Range::create. Range::create doesn't return null. Thanks for the review!
Jon Honeycutt
Comment 4 2014-12-10 17:09:24 PST
Committed r177115: <http://trac.webkit.org/changeset/177115>
Note You need to log in before you can comment on or make changes to this bug.