Bug 40154 - [Gtk] Cause segmentation fault when an user clicks right mouse button on a text input control.
Summary: [Gtk] Cause segmentation fault when an user clicks right mouse button on a te...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Linux
: P2 Normal
Assignee: Nobody
URL:
Keywords: Gtk
Depends on:
Blocks:
 
Reported: 2010-06-03 22:54 PDT by Takuro Ashie
Modified: 2017-03-11 11:02 PST (History)
1 user (show)

See Also:

Attachments
The patch to fix this problem (1.07 KB, patch)
2010-06-03 22:59 PDT, Takuro Ashie 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Takuro Ashie 2010-06-03 22:54:26 PDT 
Environment:
* Ubuntu 9.10
* use official deb package (Version: 1.1.15.2-1)

Step to reproduce:
1. Run a webkit based web browser without no libenchant dictionary.
2. Open http://www.google.com/.
3. Enter some words to the search entry.
4. Select the word by mouse dragging.
5. Click right mouse button on the word.

Expected result:
* The web browser should show a context menu.

Actual result:
* Segmentation fault


Here is the stack trace:

(gdb) bt
#0  0xb7583789 in WebKit::EditorClient::getGuessesForWord () from
/usr/lib/libwebkit-1.0.so.2
#1  0xb785a845 in WebCore::Editor::guessesForMisspelledSelection () from
/usr/lib/libwebkit-1.0.so.2
#2  0xb7862caf in WebCore::Editor::guessesForMisspelledOrUngrammaticalSelection
()
   from /usr/lib/libwebkit-1.0.so.2
#3  0xb79ed5dc in WebCore::ContextMenu::populate () from
/usr/lib/libwebkit-1.0.so.2
#4  0xb799f526 in WebCore::ContextMenuController::handleContextMenuEvent ()
from /usr/lib/libwebkit-1.0.so.2
#5  0xb780b81e in WebCore::Node::defaultEventHandler () from
/usr/lib/libwebkit-1.0.so.2
#6  0xb78f1faa in WebCore::HTMLInputElement::defaultEventHandler () from
/usr/lib/libwebkit-1.0.so.2
#7  0xb780a571 in WebCore::Node::dispatchGenericEvent () from
/usr/lib/libwebkit-1.0.so.2
#8  0xb780bc18 in WebCore::Node::dispatchEvent () from
/usr/lib/libwebkit-1.0.so.2
#9  0xb780c079 in WebCore::Node::dispatchMouseEvent () from
/usr/lib/libwebkit-1.0.so.2
#10 0xb780c884 in WebCore::Node::dispatchMouseEvent () from
/usr/lib/libwebkit-1.0.so.2
#11 0xb79b3d44 in WebCore::EventHandler::dispatchMouseEvent () from
/usr/lib/libwebkit-1.0.so.2
#12 0xb79b4040 in WebCore::EventHandler::sendContextMenuEvent () from
/usr/lib/libwebkit-1.0.so.2
#13 0xb7596e3d in webkit_web_view_forward_context_menu_event () from
/usr/lib/libwebkit-1.0.so.2
#14 0xb75986c6 in webkit_web_view_button_press_event () from
/usr/lib/libwebkit-1.0.so.2
...snip...
Comment 1 Takuro Ashie 2010-06-03 22:59:41 PDT 
Created attachment 57845 [details]
The patch to fix this problem

Here is the patch to fix this issue.
This problem is caused by an uninitialized variable.

enchant_dict_suggest() doesn't set any value for numberOfSuggestions when it has no dictionary.

I confirmed that this problem isn't fixed yet at latest version of webkit and libenchant.
Comment 2 Alexey Proskuryakov 2010-06-04 23:24:32 PDT 
Would you be willing to submit a patch for review? Our process for submitting patches is documented at <http://webkit.org/coding/contributing.html>.