RESOLVED FIXED 239909
CrashTracer: com.apple.WebKit.WebContent at com.apple.WebKit: WebKit::TextCheckingControllerProxy::annotatedSubstringBetweenPositions
https://bugs.webkit.org/show_bug.cgi?id=239909
Summary CrashTracer: com.apple.WebKit.WebContent at com.apple.WebKit: WebKit::TextChe...
Devin Rousso
Reported 2022-04-29 13:23:04 PDT
an `NSRangeException` is thrown inside `-[NSConcreteMutableAttributedString addAttribute:value:range:]`
Attachments
Patch (6.96 KB, patch)
2022-04-29 13:36 PDT, Devin Rousso
no flags
Patch (17.23 KB, patch)
2022-05-16 17:27 PDT, Devin Rousso
no flags
Patch (17.23 KB, patch)
2022-05-16 20:04 PDT, Devin Rousso
no flags
Devin Rousso
Comment 1 2022-04-29 13:23:23 PDT
Devin Rousso
Comment 2 2022-04-29 13:36:05 PDT
Alexey Proskuryakov
Comment 3 2022-04-29 14:20:25 PDT
Comment on attachment 458605 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=458605&action=review > Source/WebCore/ChangeLog:3 > + CrashTracer: com.apple.WebKit.WebContent at com.apple.WebKit: WebKit::TextCheckingControllerProxy::annotatedSubstringBetweenPositions A subtle TextIterator fix like this seems like it strongly requires a regression test.
Devin Rousso
Comment 4 2022-04-29 14:29:21 PDT
Comment on attachment 458605 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=458605&action=review >> Source/WebCore/ChangeLog:3 >> + CrashTracer: com.apple.WebKit.WebContent at com.apple.WebKit: WebKit::TextCheckingControllerProxy::annotatedSubstringBetweenPositions > > A subtle TextIterator fix like this seems like it strongly requires a regression test. yeah im working on that now i put this up to let EWS munch on it :)
Darin Adler
Comment 5 2022-04-29 14:53:49 PDT
Comment on attachment 458605 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=458605&action=review >>> Source/WebCore/ChangeLog:3 >>> + CrashTracer: com.apple.WebKit.WebContent at com.apple.WebKit: WebKit::TextCheckingControllerProxy::annotatedSubstringBetweenPositions >> >> A subtle TextIterator fix like this seems like it strongly requires a regression test. > > yeah im working on that now > > i put this up to let EWS munch on it :) I think it would be best to have some TextIterator tests for this bug that do *not* involve NSAttributedString; this underlying issue is not specific to the NSAttributedString code path, and can be tested without involving the NSAttributedString code path. I also think the NSAttributedString code path might benefit from additional defensive range checking rather than relying on the subtle and complex TextIterator machinery to never create something with an incorrect offset. We may want to fix this bug both ways, with: a) defensive code in the code that deals with NSAttributedString that would prevent this kind of incorrect text offset computation from causing a crash, and b) this TextIterator change that gives us a correct result that is valuable in and of itself. Unfortunately the (b) change would make it a little harder to test (a) since we would no longer be able to use this bug to test the defensive checks are necessary.
Devin Rousso
Comment 6 2022-05-16 17:27:30 PDT
Devin Rousso
Comment 7 2022-05-16 17:29:23 PDT
Comment on attachment 459466 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=459466&action=review > Source/WebCore/editing/TextIterator.cpp:638 > + if (runStart >= runEnd && m_behaviors.contains(TextIteratorBehavior::IgnoresWhiteSpaceAtEndOfRun)) { > + m_textRun = nextTextRun; > + continue; > + } I think this is actually the correct behavior that should _always_ be used, but since this is a regression I'd rather target my fix to just that and then (perhaps) remove the check later on so that if there is a problem, rollouts are less conflicting (i.e. fixes one bug only to introduce another)
Devin Rousso
Comment 8 2022-05-16 20:04:55 PDT
Devin Rousso
Comment 9 2022-05-17 11:31:44 PDT
EWS
Comment 10 2022-05-27 14:51:15 PDT
Committed r294955 (251061@main): <https://commits.webkit.org/251061@main> Reviewed commits have been landed. Closing PR #681 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.