Bug 139506 - Null dereference performing a "TapAndAHalf" gesture in Google search field
Summary: Null dereference performing a "TapAndAHalf" gesture in Google search field
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Jon Honeycutt
URL: http://google.com
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2014-12-10 14:13 PST by Jon Honeycutt
Modified: 2014-12-10 17:09 PST (History)
2 users (show)

See Also:

Attachments
Patch (3.03 KB, patch)
2014-12-10 14:26 PST, Jon Honeycutt 		darin: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jon Honeycutt 2014-12-10 14:13:43 PST 
A null dereference can occur when performing a "TapAndAHalf" gesture in the Google search field.

Repro test case:

data:text/html,<input%20size="40"%20%20placeholder="Perform%20a%20tap%20and%20a%20half%20gesture%20in%20this%20field">

<rdar://problem/19028828>
Comment 1 Jon Honeycutt 2014-12-10 14:26:22 PST 
Created attachment 243066 [details]
Patch
Comment 2 Darin Adler 2014-12-10 16:56:28 PST 
Comment on attachment 243066 [details]
Patch

This change seems OK, but just a few lines later I see code that calls Range::create and dereferences the result unconditionally. I think we should consistently handle null in both places in this function instead of just in this one place.
Comment 3 Jon Honeycutt 2014-12-10 17:05:05 PST 
(In reply to comment #2)
> Comment on attachment 243066 [details]
> Patch
> 
> This change seems OK, but just a few lines later I see code that calls
> Range::create and dereferences the result unconditionally. I think we should
> consistently handle null in both places in this function instead of just in
> this one place.

This adds a null check for the result of wordRangeFromPosition before calling Range::create. Range::create doesn't return null.

Thanks for the review!
Comment 4 Jon Honeycutt 2014-12-10 17:09:24 PST 
Committed r177115: <http://trac.webkit.org/changeset/177115>