[Webkit-unassigned] [Bug 139383] New: Hang in TextCheckingHelper when checking a document with no characters

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Dec 7 20:28:39 PST 2014 

https://bugs.webkit.org/show_bug.cgi?id=139383

            Bug ID: 139383
           Summary: Hang in TextCheckingHelper when checking a document
                    with no characters
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML Editing
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: jalkut at red-sweater.com

Created attachment 242783
  --> https://bugs.webkit.org/attachment.cgi?id=242783&action=review
Example HTML to reproduce the hang.

NOTE: I reported this bug via Radar (#10338685) 3+ years ago, but I'm revisiting it now with a bug report here on the WebKit's own issue tracker because I've put work into it that may lead to a successful patch.

The gist of the bug is TextCheckingHelper::findFirstMisspellingOrBadGrammar is liable to hang when spell-checking is conducted on content that has multiple paragraphs but no bona fide text content. The problem seems to lie in the length of the selection being computed in that method before the target range is "expanded". The result being that a loop intent on evaluating all the text in the selection will never complete because the length is later determined to be 0.

To reproduce:

1. Open attached SpellingHang.html in MiniBrowser, Safari, or any other WebKit view host.
2. Click in the editable section (where the bogus IMG elements reside)
3. Right-click to select "Spelling and Grammar" -> "Check Document Now"

Result: hard hang in TextCheckingHelper::findFirstMisspellingOrBadGrammar, within the loop that is governed by the test:

while (totalLengthProcessed < totalRangeLength)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141208/ff458688/attachment-0002.html>

More information about the webkit-unassigned mailing list