[Webkit-unassigned] [Bug 51389] New: Crash after removing a selection in keydown handler

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Dec 21 05:17:34 PST 2010 

https://bugs.webkit.org/show_bug.cgi?id=51389

           Summary: Crash after removing a selection in keydown handler
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Windows 7
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML Editing
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: apavlov at chromium.org


Created an attachment (id=77103)
 --> (https://bugs.webkit.org/attachment.cgi?id=77103&action=review)
Test case

Open the attached page, drag-select the second word in the editbox up to the end of the text content, hit any alpha key on the keyboard. The following crash occurs:

>	WebKit.dll!WebCore::DeleteFromTextNodeCommand::DeleteFromTextNodeCommand(WTF::PassRefPtr<WebCore::Text> node=NULL, unsigned int offset=6, unsigned int count=1)  Line 42 + 0x44 bytes	C++
     WebKit.dll!WebCore::DeleteFromTextNodeCommand::create(WTF::PassRefPtr<WebCore::Text> node=NULL, unsigned int offset=6, unsigned int count=1)  Line 39 + 0x32 bytes    C++
     WebKit.dll!WebCore::CompositeEditCommand::replaceTextInNode(WTF::PassRefPtr<WebCore::Text> node={...}, unsigned int offset=6, unsigned int count=1, const WTF::String & replacementText={...})  Line 339 + 0x22 bytes    C++
     WebKit.dll!WebCore::InsertTextCommand::performTrivialReplace(const WTF::String & text={...}, bool selectInsertedText=false)  Line 94    C++
     WebKit.dll!WebCore::InsertTextCommand::input(const WTF::String & text={...}, bool selectInsertedText=false)  Line 120 + 0x10 bytes    C++
     WebKit.dll!WebCore::TypingCommand::insertTextRunWithoutNewlines(const WTF::String & text={...}, bool selectInsertedText=false)  Line 390    C++
     WebKit.dll!WebCore::TypingCommand::insertText(const WTF::String & text={...}, bool selectInsertedText=false)  Line 366    C++
     WebKit.dll!WebCore::TypingCommand::doApply()  Line 290    C++
     WebKit.dll!WebCore::EditCommand::apply()  Line 92 + 0xf bytes    C++
     WebKit.dll!WebCore::applyCommand(WTF::PassRefPtr<WebCore::EditCommand> command={m_document={m_styleSelector={...} m_didCalculateStyleSelector=true m_frame=0x00a6c318 ...} m_startingSelection={...} m_endingSelection={...} ...})  Line 215    C++
     WebKit.dll!WebCore::TypingCommand::insertText(WebCore::Document * document=0x06c7f980, const WTF::String & text={...}, const WebCore::VisibleSelection & selectionForInsertion={...}, bool selectInsertedText=false, bool insertedTextIsComposition=false)  Line 194 + 0x14 bytes    C++
     WebKit.dll!WebCore::Editor::insertTextWithoutSendingTextEvent(const WTF::String & text={...}, bool selectInsertedText=false, WebCore::Event * triggeringEvent=0x06d9f748)  Line 1196 + 0x1c bytes    C++
     WebKit.dll!WebCore::Editor::handleTextEvent(WebCore::TextEvent * event=0x06d9f748)  Line 203 + 0x12 bytes    C++
     WebKit.dll!WebCore::EventHandler::defaultTextInputEventHandler(WebCore::TextEvent * event=0x06d9f748)  Line 2704 + 0x15 bytes    C++
     WebKit.dll!WebCore::Node::defaultEventHandler(WebCore::Event * event=0x06d9f748)  Line 2952    C++
     WebKit.dll!WebCore::Node::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event> prpEvent=NULL)  Line 2666 + 0x1b bytes    C++
     WebKit.dll!WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event> prpEvent=NULL)  Line 2580 + 0x12 bytes    C++
     WebKit.dll!WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event> event=NULL, int & ec=-858993460)  Line 289 + 0x19 bytes    C++
     WebKit.dll!WebCore::EventHandler::handleTextInputEvent(const WTF::String & text={...}, WebCore::Event * underlyingEvent=0x06dad6a8, bool isLineBreak=false, bool isBackTab=false)  Line 2680    C++
     WebKit.dll!WebCore::Editor::insertText(const WTF::String & text={...}, WebCore::Event * triggeringEvent=0x06dad6a8)  Line 1172    C++
     WebKit.dll!WebView::handleEditingKeyboardEvent(WebCore::KeyboardEvent * evt=0x06dad6a8)  Line 1888 + 0x27 bytes    C++
     WebKit.dll!WebEditorClient::handleKeyboardEvent(WebCore::KeyboardEvent * evt=0x06dad6a8)  Line 614 + 0xf bytes    C++
     WebKit.dll!WebCore::Editor::handleKeyboardEvent(WebCore::KeyboardEvent * event=0x06dad6a8)  Line 172 + 0x16 bytes    C++
     WebKit.dll!WebCore::EventHandler::defaultKeyboardEventHandler(WebCore::KeyboardEvent * event=0x06dad6a8)  Line 2428    C++
     WebKit.dll!WebCore::Node::defaultEventHandler(WebCore::Event * event=0x06dad6a8)  Line 2938    C++
     WebKit.dll!WebCore::Node::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event> prpEvent=NULL)  Line 2666 + 0x1b bytes    C++
     WebKit.dll!WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event> prpEvent=NULL)  Line 2580 + 0x12 bytes    C++
     WebKit.dll!WebCore::Node::dispatchKeyEvent(const WebCore::PlatformKeyboardEvent & key={...})  Line 2724 + 0x19 bytes    C++
     WebKit.dll!WebCore::EventHandler::keyEvent(const WebCore::PlatformKeyboardEvent & initialKeyEvent={...})  Line 2316 + 0x13 bytes    C++
     WebKit.dll!WebView::keyPress(unsigned int charCode=102, long keyData=2162689, bool systemKeyDown=false)  Line 1971 + 0x13 bytes    C++
     WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd=0x02190514, unsigned int message=258, unsigned int wParam=102, long lParam=2162689)  Line 2096 + 0x12 bytes    C++

This crash requires a workaround in the Web Inspector code (WebCore/inspector/front-end/StylesSidebarPane.js).

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list