Bug 60071 - Crash in SpellingCorrectionController::respondToChangedSelection
Summary: Crash in SpellingCorrectionController::respondToChangedSelection
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: HTML Editing (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.5
: P2 Normal
Assignee: Enrica Casucci
URL:
Keywords: InRadar, PlatformOnly
Depends on:
Blocks:
 
Reported: 2011-05-03 15:27 PDT by Enrica Casucci
Modified: 2011-05-03 16:42 PDT (History)
2 users (show)

See Also:

Attachments
Patch (4.21 KB, patch)
2011-05-03 15:58 PDT, Enrica Casucci 		rniwa: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Enrica Casucci 2011-05-03 15:27:08 PDT 
Probably caused by not validating the selection bounds.

<rdar://problem/9358190>
Comment 1 Enrica Casucci 2011-05-03 15:58:37 PDT 
Created attachment 92152 [details]
Patch
Comment 2 Ryosuke Niwa 2011-05-03 16:02:37 PDT 
Comment on attachment 92152 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=92152&action=review

> Source/WebCore/editing/SpellingCorrectionController.cpp:390
> +    // Creating a Visible position triggers a layout and there is no
> +    // guarantee that the selection is still valid.

Seems odd that layout cases a position to become null but okay.
Comment 3 Alexey Proskuryakov 2011-05-03 16:19:21 PDT 
Is the _selection_ actually becoming invalid? The comment seems slightly confusing.
Comment 4 Enrica Casucci 2011-05-03 16:34:09 PDT 
The selection is in a text field that gets hidden. The spelling code builds a VisiblePosition from the start position of the selection, producing a null position.
Comment 5 Ryosuke Niwa 2011-05-03 16:36:00 PDT 
Comment on attachment 92152 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=92152&action=review

> LayoutTests/editing/selection/undo-crash-expected.txt:2
> +SUCCEEDED

PASS might be more consistent with the rest of editing tests.
Comment 6 Ryosuke Niwa 2011-05-03 16:36:11 PDT 
(In reply to comment #4)
> The selection is in a text field that gets hidden. The spelling code builds a VisiblePosition from the start position of the selection, producing a null position.

Makes sense.
Comment 7 Enrica Casucci 2011-05-03 16:42:09 PDT 
http://trac.webkit.org/changeset/85687