UNCONFIRMED 49583
Crash in WebView.commitCopy() when selecting text on a pure image. 
https://bugs.webkit.org/show_bug.cgi?id=49583
Summary Crash in WebView.commitCopy() when selecting text on a pure image.
sky
Reported 2010-11-16 01:06:57 PST
User-Agent: Mozilla/5.0 (Linux; U; Android 2.2.1; en-us; MB520 Build/3.4.2_40) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1 Reproduce steps: 1. Open below url on Android phone with google browser. http://www.google.com.hk/m/search?q=we&pbx=1&aq=&oq=&aqi=&fkt=&fsdt=&csll=&action=&site=images&gl=cn&source=mog&hl=zh-CN#i=1 2. Press Menu --> More --> Select text 3. Repeating select the area of pure image. Expected result: Nothing should be copied to clipboard. Actual result: Browser is crashed. Below is the tombstone. #00 pc 0007f018 /system/lib/libskia.so external/skia/src/core/SkPicture.cpp:179 #01 pc 000627e0 /system/lib/libskia.so external/skia/src/core/SkCanvas.cpp:1406 #02 pc 002b4af4 /system/lib/libwebcore.so external/webkit/WebKit/android/nav/SelectText.cpp:377 #03 pc 002b4b2e /system/lib/libwebcore.so external/webkit/WebKit/android/nav/SelectText.cpp:439 #04 pc 001af8b8 /system/lib/libwebcore.so external/webkit/WebKit/android/nav/WebView.cpp:946 #05 pc 00010e34 /system/lib/libdvm.so #06 pc 0003f370 /system/lib/libdvm.so #07 pc 00015d98 /system/lib/libdvm.so #08 pc 0001c7fc /system/lib/libdvm.so #09 pc 0001b69c /system/lib/libdvm.so #10 pc 0005692e /system/lib/libdvm.so #11 pc 0005ef14 /system/lib/libdvm.so #12 pc 00015d98 /system/lib/libdvm.so #13 pc 0001c7fc /system/lib/libdvm.so #14 pc 0001b69c /system/lib/libdvm.so #15 pc 0005676c /system/lib/libdvm.so #16 pc 00041d42 /system/lib/libdvm.so #17 pc 0002de0c /system/lib/libandroid_runtime.so #18 pc 0002ef08 /system/lib/libandroid_runtime.so #19 pc 00008ca8 /system/bin/app_process #20 pc 0000d410 /system/lib/libc.so #00 pc 0007b8f0 /system/lib/libskia.so external/skia/src/core/SkPath.cpp:934 #01 pc 00062e58 /system/lib/libskia.so external/skia/src/core/SkCanvas.cpp:859 #02 pc 000803dc /system/lib/libskia.so external/skia/src/core/SkPicturePlayback.cpp:541 Rootcause analysis: 1. This issue is involved by webkit upgrade when android base upgrades from eclair to froyo. There are many big design changes on webkit. Eclair implementation: commitCopy() -> {WebView::nativeGetSelection() --> GraphicsJNI::createRegion()}-> mWebViewCore.sendMessage(EventHub.GET_SELECTION, selection) --> WebViewCore::nativeGetSelection() --> WebViewCore::GetSelection() --> WebViewCore::getSelection() --> WebViewCore::findTextBoxIndex() --> CacheBuilder::GetGlobalOffset() Froyo implementation: commitCopy() --> WebView::nativeGetSelection() --> WebView::getSelection() --> SelectText::getSelection() --> CopyPaste::text() --> {SkCanvas::drawPicture --> SkPicture::draw() --> SkPicturePlayback::draw()} + TextExtractor::text() 2. The only thought for me till now is to roll back the implementation of this part to Eclair's. However, below interfaces have been deleted by froyo. It would be of high risk to roll back them. mWebViewCore.sendMessage(EventHub.GET_SELECTION, selection) --> WebViewCore::nativeGetSelection() --> WebViewCore::GetSelection() --> WebViewCore::getSelection() --> WebViewCore::findTextBoxIndex()
Attachments
Add attachment proposed patch, testcase, etc.
Note You need to log in before you can comment on or make changes to this bug.