Bug 146009 - [iOS] Crash long pressing on <input type=file>
Summary: [iOS] Crash long pressing on <input type=file>
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: HTML Editing (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Jon Honeycutt
URL:
Keywords: InRadar, PlatformOnly
Depends on:
Blocks:
 
Reported: 2015-06-16 00:01 PDT by Jon Honeycutt
Modified: 2015-06-16 14:40 PDT (History)
4 users (show)

See Also:

Attachments
Patch (3.84 KB, patch)
2015-06-16 00:07 PDT, Jon Honeycutt 		rniwa: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Jon Honeycutt 2015-06-16 00:01:36 PDT 
The web process crashes when trying to long press on an <input type=file> control.

<rdar://problem/21234453>
Comment 1 Jon Honeycutt 2015-06-16 00:07:01 PDT 
Created attachment 254941 [details]
Patch
Comment 2 Ryosuke Niwa 2015-06-16 02:10:32 PDT 
Comment on attachment 254941 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=254941&action=review

> Source/WebCore/ChangeLog:5
> +
> +        <https://bugs.webkit.org/show_bug.cgi?id=146009>

We don't usually place a blank line between the bug title and the bugzilla URL.
Also, we don't normally warp a bugzilla URL with < & > unlike a rdar URL.

> ChangeLog:5
> +
> +        <https://bugs.webkit.org/show_bug.cgi?id=146009>

Ditto.

> ChangeLog:10
> +        * ManualTests/ios/long-press-input-type-file-crash.html: Added.

It's sad we can't automate this :(

> ManualTests/ios/long-press-input-type-file-crash.html:1
> +<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">

Why don't we use <!DOCTYPE html> instead?
Comment 3 Darin Adler 2015-06-16 10:50:05 PDT 
Comment on attachment 254941 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=254941&action=review

> Source/WebCore/ChangeLog:13
> +        * dom/Position.cpp:
> +        (WebCore::Position::atStartOfTree):
> +        (WebCore::Position::atEndOfTree):
> +        Null check the container node before passing it to findParent().

If findParent doesn’t work on null, it should take a reference rather than a pointer. Or we could put the check for null inside findParent.
Comment 4 Jon Honeycutt 2015-06-16 14:34:05 PDT 
(In reply to comment #2)
> Comment on attachment 254941 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=254941&action=review
> 
> > Source/WebCore/ChangeLog:5
> > +
> > +        <https://bugs.webkit.org/show_bug.cgi?id=146009>
> 
> We don't usually place a blank line between the bug title and the bugzilla
> URL.
> Also, we don't normally warp a bugzilla URL with < & > unlike a rdar URL.
> 
> > ChangeLog:5
> > +
> > +        <https://bugs.webkit.org/show_bug.cgi?id=146009>
> 
> Ditto.

Fixed.

> 
> > ChangeLog:10
> > +        * ManualTests/ios/long-press-input-type-file-crash.html: Added.
> 
> It's sad we can't automate this :(
> 
> > ManualTests/ios/long-press-input-type-file-crash.html:1
> > +<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
> 
> Why don't we use <!DOCTYPE html> instead?

Fixed.

Thanks for the review!
Comment 5 Jon Honeycutt 2015-06-16 14:35:18 PDT 
(In reply to comment #3)
> Comment on attachment 254941 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=254941&action=review
> 
> > Source/WebCore/ChangeLog:13
> > +        * dom/Position.cpp:
> > +        (WebCore::Position::atStartOfTree):
> > +        (WebCore::Position::atEndOfTree):
> > +        Null check the container node before passing it to findParent().
> 
> If findParent doesn’t work on null, it should take a reference rather than a
> pointer. Or we could put the check for null inside findParent.

I’m going to land this as-is and make a follow-up patch that does one of the two.
Comment 6 Jon Honeycutt 2015-06-16 14:40:36 PDT 
Committed r185613: <http://trac.webkit.org/changeset/185613>