90640 – Reproducible crasher when pasting a 0x0 image into Mail

Bug 90640 - Reproducible crasher when pasting a 0x0 image into Mail

Summary: Reproducible crasher when pasting a 0x0 image into Mail

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	HTML Editing (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2012-07-05 15:59 PDT by Alice Cheng
Modified:	2012-07-10 09:54 PDT (History)
CC List:	1 user (show)

See Also:

Attachments
patch (1.39 KB, patch) 2012-07-05 16:23 PDT, Alice Cheng	gyuyoung.kim: commit-queue-	Details \| Formatted Diff \| Diff
patch (1.36 KB, patch) 2012-07-05 16:31 PDT, Alice Cheng	sam: review-	Details \| Formatted Diff \| Diff
patch (6.80 KB, patch) 2012-07-09 10:13 PDT, Alice Cheng	beidson: review-	Details \| Formatted Diff \| Diff
patch (6.60 KB, patch) 2012-07-09 16:59 PDT, Alice Cheng	no flags	Details \| Formatted Diff \| Diff
patch (6.60 KB, patch) 2012-07-09 17:09 PDT, Alice Cheng	no flags	Details \| Formatted Diff \| Diff
patch (6.60 KB, patch) 2012-07-09 17:17 PDT, Alice Cheng	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (5) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alice Cheng 2012-07-05 15:59:04 PDT

This bug seems to be reproducible when pasting a 0x0 image into Mail

>  1 com.apple.WebCore              0x7fff8a050a0e WebCore::KURL::createCFURL() const + 0xe
   2 com.apple.WebCore              0x7fff8a0509cb WebCore::KURL::operator NSURL*() const + 0xb
   3 com.apple.WebCore              0x7fff8aa80416 WebCore::documentFragmentWithImageResource(WebCore::Frame*, WTF::PassRefPtr<WebCore::ArchiveResource>) + 0xe6
   4 com.apple.WebCore              0x7fff8a34e212 WebCore::Pasteboard::documentFragment(WebCore::Frame*, WTF::PassRefPtr<WebCore::Range>, bool, bool&) + 0x1b62
   5 com.apple.WebCore              0x7fff8a34c22e WebCore::Editor::pasteWithPasteboard(WebCore::Pasteboard*, bool) + 0xce
   6 com.apple.WebCore              0x7fff8a34c12a WebCore::Editor::paste() + 0x9a
   7 com.apple.WebCore              0x7fff8a34c060 WebCore::executePaste(WebCore::Frame*, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) + 0x30
   8 com.apple.WebCore              0x7fff8a2e4ac4 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const + 0xc4
   9 com.apple.WebKit               0x7fff9341a01f -[WebHTMLView executeCoreCommandBySelector:] + 0x6f
  10 com.apple.AppKit               0x7fff8fa3bb39 -[NSApplication sendAction:to:from:] + 0xd6
  11 com.apple.AppKit               0x7fff8fb27ef8 -[NSMenuItem _corePerformAction] + 0x196
  12 com.apple.AppKit               0x7fff8fb27bea -[NSCarbonMenuImpl performActionWithHighlightingForItemAtIndex:] + 0x85
  13 com.apple.AppKit               0x7fff8faa736f -[NSMenu performKeyEquivalent:] + 0x10f
  14 com.apple.AppKit               0x7fff8faa61ba -[NSApplication _handleKeyEquivalent:] + 0x33d
  15 com.apple.AppKit               0x7fff8f99a5d9 -[NSApplication sendEvent:] + 0x117e
  16 com.apple.mail                 0x104980d43 -[MailApp sendEvent:] + 0x0 (/SourceCache/Mail/Mail-1445/Mail/Application/MailApp.m:429)
  17 com.apple.AppKit               0x7fff8f9389ba -[NSApplication run] + 0x27c
  18 com.apple.AppKit               0x7fff8fba850b NSApplicationMain + 0x365
  19 libdyld.dylib                  0x7fff94d4c7e1 start + 0x1

Comment 1 Alice Cheng 2012-07-05 15:59:48 PDT

<rdar://problem/11141920>

Comment 2 Alice Cheng 2012-07-05 16:23:18 PDT

Created attachment 150999 [details]
patch

check if resource is nil to prevent from crashing

Comment 3 WebKit Review Bot 2012-07-05 16:27:46 PDT

Attachment 150999 [details] did not pass style-queue:

Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'Source/WebCore/ChangeLog', u'Source/WebCor..." exit_code: 1
Source/WebCore/ChangeLog:11:  You should remove the 'No new tests' and either add and list tests, or explain why no new tests were possible.  [changelog/nonewtests] [5]
Total errors found: 1 in 2 files


If any of these errors are false positives, please file a bug against check-webkit-style.

Comment 4 Alice Cheng 2012-07-05 16:31:13 PDT

Created attachment 151002 [details]
patch

Check if resource is nil to prevent from crashing

Need advice on test case and how to determine if it is a regression

Comment 5 Brady Eidson 2012-07-05 16:32:23 PDT

Comment on attachment 150999 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=150999&action=review

> Source/WebCore/platform/mac/PasteboardMac.mm:373
> +    if(!resource.get())
> +        return 0;
> +    

Is this a restoration of the old behavior, or is it Yet Another New Behavior™?

Comment 6 Sam Weinig 2012-07-05 17:03:37 PDT

Comment on attachment 151002 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=151002&action=review

> Source/WebCore/platform/mac/PasteboardMac.mm:372
> +    if(!resource.get())
> +        return 0;

You need a space in between if and ( and you don't need to call .get().

Comment 7 Gyuyoung Kim 2012-07-05 20:19:49 PDT

Comment on attachment 150999 [details]
patch

Attachment 150999 [details] did not pass efl-ews (efl):
Output: http://queues.webkit.org/results/13142329

Comment 8 Alice Cheng 2012-07-09 10:13:00 PDT

Created attachment 151268 [details]
patch

check if resource is nil to prevent from crashing
add test case for the patch

Comment 9 Brady Eidson 2012-07-09 15:12:38 PDT

Comment on attachment 151268 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=151268&action=review

Close - Let's give it one more shot.

> Source/WebCore/ChangeLog:9
> +        Editing: Reproducible crasher when pasting a 0x0 image into Mail
> +        https://bugs.webkit.org/show_bug.cgi?id=90640
> +        <rdar://problem/11141920>
> +
> +        Reviewed by NOBODY (OOPS!).
> +
> +        patch the crash by checking for nil.

Can be a bit more descriptive here.

Something like:
"0x0 images don't get a resource representation in the WebArchive so we need a null check"

> Tools/ChangeLog:26
> +2012-07-09  Alice Cheng  <alice_cheng@apple.com>
> +
> +        Editing: Reproducible crasher when pasting a 0x0 image into Mail
> +        https://bugs.webkit.org/show_bug.cgi?id=90640
> +        <rdar://problem/11141920>
> +
> +        Reviewed by NOBODY (OOPS!).
> +
> +        Test cases for the patch that checks for nil.
> +
> +        * TestWebKitAPI/Tests/mac/0.png: Added.
> +        * TestWebKitAPI/Tests/mac/WebViewCanPasteZeroPng.mm: Added.
> +        (TestWebKitAPI):
> +        (TestWebKitAPI::TEST):
> +
> +2012-07-09  Alice Cheng  <alice_cheng@apple.com>
> +
> +        Need a short description and bug URL (OOPS!)
> +
> +        Reviewed by NOBODY (OOPS!).
> +
> +        * TestWebKitAPI/Tests/mac/0.png: Added.
> +        * TestWebKitAPI/Tests/mac/WebViewCanPasteZeroPng.mm: Added.
> +        (TestWebKitAPI):
> +        (TestWebKitAPI::TEST):
> +

Some leftover ChangeLog cruft here.

Comment 10 Alice Cheng 2012-07-09 16:59:49 PDT

Created attachment 151357 [details]
patch

Modified the ChangeLog according to the review comments

Comment 11 Alice Cheng 2012-07-09 17:09:38 PDT

Created attachment 151360 [details]
patch

submit for commit queue

Comment 12 Alice Cheng 2012-07-09 17:17:09 PDT

Created attachment 151362 [details]
patch

submit for commit queue

Comment 13 WebKit Review Bot 2012-07-10 09:18:55 PDT

Comment on attachment 151357 [details]
patch

Clearing flags on attachment: 151357

Committed r122228: <http://trac.webkit.org/changeset/122228>

Comment 14 WebKit Review Bot 2012-07-10 09:19:00 PDT

All reviewed patches have been landed.  Closing bug.