151900 – Crash when secondary clicking on a link on yahoo.com

Bug 151900 - Crash when secondary clicking on a link on yahoo.com

Summary: Crash when secondary clicking on a link on yahoo.com

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Anders Carlsson

URL:
Keywords:

Depends on:
Blocks:

Reported:	2015-12-04 17:36 PST by Anders Carlsson
Modified:	2015-12-07 10:59 PST (History)
CC List:	1 user (show)

See Also:

Attachments
Patch (2.14 KB, patch) 2015-12-04 17:38 PST, Anders Carlsson	bdakin: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Anders Carlsson 2015-12-04 17:36:45 PST

Crash when secondary clicking on a link on yahoo.com

Comment 1 Anders Carlsson 2015-12-04 17:38:00 PST

Created attachment 266693 [details]
Patch

Comment 2 Anders Carlsson 2015-12-04 17:45:42 PST

Committed r193499: <http://trac.webkit.org/changeset/193499>

Comment 3 Darin Adler 2015-12-07 10:59:41 PST

Comment on attachment 266693 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=266693&action=review

> Source/WebKit2/UIProcess/mac/WebContextMenuProxyMac.mm:271
> +        auto absoluteLinkURL = URL(ParsedURLString, hitTestData.absoluteLinkURL);

I’m a bit surprised at the use of ParsedURLString here. Does this string com from something that the WebCore URL class produced in the other process that was shipped over by XPC? If so, then I suppose ParsedURLString is correct, but I worry slight if the URL “can be trusted” and thus how the use of ParsedURLString might be risky in some way.