[webkit-changes] [203249] trunk

[bfulgham]

Title: [203249] trunk

Revision

203249

Author

bfulg...@apple.com

Date

2016-07-14 16:15:20 -0700 (Thu, 14 Jul 2016)

Log Message

editing/spelling/spellcheck-async.html sometimes crashes with GuardMalloc 
https://bugs.webkit.org/show_bug.cgi?id=142969
<rdar://problem/27331095>

Reviewed by Alex Christensen.

Fix based on a Blink change (patch by <rous...@chromium.org>):
<https://chromium.googlesource.com/chromium/blink/+/c713736b122c2224804b2db72f1f711cb47ee260%5E%21/#F1>

Source/WebCore:

Test: editing/spelling/copy-paste-crash.html
      editing/spelling/spellcheck-async.html

* editing/SpellChecker.cpp:
(WebCore::SpellCheckRequest::didSucceed):
(WebCore::SpellCheckRequest::didCancel):

LayoutTests:

* editing/spelling/copy-paste-crash-expected.txt: Added.
* editing/spelling/copy-paste-crash.html: Added.
* platform/platform/mac-wk2/TestExpectations: Skip test on mac-wk2 since all Spelling tests are
currently broken (see <https://webkit.org/b/105616>).

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/platform/mac-wk2/TestExpectations
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/editing/SpellChecker.cpp

Added Paths

• trunk/LayoutTests/editing/spelling/copy-paste-crash-expected.txt
• trunk/LayoutTests/editing/spelling/copy-paste-crash.html

Diff

Modified: trunk/LayoutTests/ChangeLog (203248 => 203249)

--- trunk/LayoutTests/ChangeLog	2016-07-14 23:04:29 UTC (rev 203248)
+++ trunk/LayoutTests/ChangeLog	2016-07-14 23:15:20 UTC (rev 203249)
@@ -1,3 +1,19 @@
+2016-07-14  Brent Fulgham  <bfulg...@apple.com>
+
+        editing/spelling/spellcheck-async.html sometimes crashes with GuardMalloc 
+        https://bugs.webkit.org/show_bug.cgi?id=142969
+        <rdar://problem/27331095>
+
+        Reviewed by Alex Christensen.
+
+        Fix based on a Blink change (patch by <rous...@chromium.org>):
+        <https://chromium.googlesource.com/chromium/blink/+/c713736b122c2224804b2db72f1f711cb47ee260%5E%21/#F1>
+
+        * editing/spelling/copy-paste-crash-expected.txt: Added.
+        * editing/spelling/copy-paste-crash.html: Added.
+        * platform/platform/mac-wk2/TestExpectations: Skip test on mac-wk2 since all Spelling tests are
+        currently broken (see <https://webkit.org/b/105616>).
+
 2016-07-14  Ryan Haddad  <ryanhad...@apple.com>
 
         Remove duplicate TestExpectations entry.

Added: trunk/LayoutTests/editing/spelling/copy-paste-crash-expected.txt (0 => 203249)

--- trunk/LayoutTests/editing/spelling/copy-paste-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/editing/spelling/copy-paste-crash-expected.txt	2016-07-14 23:15:20 UTC (rev 203249)
@@ -0,0 +1,9 @@
+Spell check does not crash after Ctrl-X/Ctrl-V/type text in ASAN. To test manually, type 'A', Ctrl-A, Ctrl-X, Ctrl-V, and start typing again. The test succeeds when there's no crash in the last step.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS internals.markerCountForNode(destination.childNodes[0], "spelling") became different from 0
+PASS Did not crash
+Spell wellcome. Is it broken?A simple test for a spell check.AA
+

Added: trunk/LayoutTests/editing/spelling/copy-paste-crash.html (0 => 203249)

--- trunk/LayoutTests/editing/spelling/copy-paste-crash.html	                        (rev 0)
+++ trunk/LayoutTests/editing/spelling/copy-paste-crash.html	2016-07-14 23:15:20 UTC (rev 203249)
@@ -0,0 +1,39 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script src=""
+<script src=""
+</head>
+<body>
+<div id="container">
+  <div id="destination" contentEditable>
+      A simple test for a spell check.
+  </div>
+</div>
+<script>
+if (window.testRunner)
+    testRunner.waitUntilDone();
+
+description("Spell check does not crash after Ctrl-X/Ctrl-V/type text in ASAN. "
+    + "To test manually, type 'A', Ctrl-A, Ctrl-X, Ctrl-V, and start typing again. "
+    + "The test succeeds when there's no crash in the last step.");
+
+initSpellTest("destination", "Spell wellcome. Is it broken?", function(textNode) {
+    var behaviors = ["win", "mac"];
+    for (var i = 0; i < behaviors.length; i++) {
+        internals.settings.setEditingBehavior(behaviors[i]);
+        document.execCommand("SelectAll");
+        document.execCommand("Cut");
+        document.execCommand("Paste");
+        document.execCommand("InsertText", false, "A");
+    }
+
+    log("PASS Did not crash");
+    if (window.testRunner)
+        testRunner.notifyDone();
+});
+</script>
+<div id="console"></div>
+<script src=""
+</body>
+</html>
\ No newline at end of file

Modified: trunk/LayoutTests/platform/mac-wk2/TestExpectations (203248 => 203249)

--- trunk/LayoutTests/platform/mac-wk2/TestExpectations	2016-07-14 23:04:29 UTC (rev 203248)
+++ trunk/LayoutTests/platform/mac-wk2/TestExpectations	2016-07-14 23:15:20 UTC (rev 203249)
@@ -131,6 +131,7 @@
 # [WK2] [Mac] Spellcheck tests don't seem to work
 webkit.org/b/105616 editing/spelling/context-menu-suggestions-multiword-selection.html
 webkit.org/b/105616 editing/spelling/context-menu-suggestions-subword-selection.html
+webkit.org/b/105616 editing/spelling/copy-paste-crash.html
 webkit.org/b/105616 editing/spelling/delete-into-misspelled-word.html
 webkit.org/b/105616 editing/spelling/editing-multiple-words-with-markers.html
 webkit.org/b/105616 editing/spelling/editing-word-with-marker-2.html

Modified: trunk/Source/WebCore/ChangeLog (203248 => 203249)

--- trunk/Source/WebCore/ChangeLog	2016-07-14 23:04:29 UTC (rev 203248)
+++ trunk/Source/WebCore/ChangeLog	2016-07-14 23:15:20 UTC (rev 203249)
@@ -1,3 +1,21 @@
+2016-07-14  Brent Fulgham  <bfulg...@apple.com>
+
+        editing/spelling/spellcheck-async.html sometimes crashes with GuardMalloc 
+        https://bugs.webkit.org/show_bug.cgi?id=142969
+        <rdar://problem/27331095>
+
+        Reviewed by Alex Christensen.
+
+        Fix based on a Blink change (patch by <rous...@chromium.org>):
+        <https://chromium.googlesource.com/chromium/blink/+/c713736b122c2224804b2db72f1f711cb47ee260%5E%21/#F1>
+
+        Test: editing/spelling/copy-paste-crash.html
+              editing/spelling/spellcheck-async.html
+
+        * editing/SpellChecker.cpp:
+        (WebCore::SpellCheckRequest::didSucceed):
+        (WebCore::SpellCheckRequest::didCancel):
+
 2016-07-14  Zalan Bujtas  <za...@apple.com>
 
         ImageBuffer's succes flag should be set to false at the very beginning of the c'tor.

Modified: trunk/Source/WebCore/editing/SpellChecker.cpp (203248 => 203249)

--- trunk/Source/WebCore/editing/SpellChecker.cpp	2016-07-14 23:04:29 UTC (rev 203248)
+++ trunk/Source/WebCore/editing/SpellChecker.cpp	2016-07-14 23:15:20 UTC (rev 203249)
@@ -76,6 +76,8 @@
 {
     if (!m_checker)
         return;
+
+    Ref<SpellCheckRequest> protectedThis(*this);
     m_checker->didCheckSucceed(m_requestData.sequence(), results);
     m_checker = nullptr;
 }
@@ -84,6 +86,8 @@
 {
     if (!m_checker)
         return;
+
+    Ref<SpellCheckRequest> protectedThis(*this);
     m_checker->didCheckCancel(m_requestData.sequence());
     m_checker = nullptr;
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes