193996 2019-01-29 16:37:09 -0800 iOS: Nullptr crash in WebPage::getPositionInformation dereferencing an input element for data list 2019-01-29 18:55:05 -0800 1 1 1 Unclassified WebKit WebKit2 WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 rniwa rniwa cdumez commit-queue ddkilzer wenson_hsieh oldest_to_newest 1499804 0 rniwa 2019-01-29 16:37:09 -0800 We're crashing in the middle in the following code because hitNode can be nullptr here. #if ENABLE(DATALIST_ELEMENT) if (is<HTMLInputElement>(*hitNode)) { const HTMLInputElement& input = downcast<HTMLInputElement>(*hitNode); if (input.list()) { HitTestResult result = m_page->mainFrame().eventHandler().hitTestResultAtPoint(request.point, HitTestRequest::ReadOnly | HitTestRequest::Active); if (result.innerNode() == input.dataListButtonElement()) info.preventTextInteraction = true; } } #endif <rdar://problem/31247273> 1499805 1 360524 rniwa 2019-01-29 16:38:08 -0800 Created attachment 360524 Fixes the bug 1499806 2 360524 wenson_hsieh 2019-01-29 16:39:07 -0800 Comment on attachment 360524 Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=360524&action=review > Source/WebKit/WebProcess/WebPage/ios/WebPageIOS.mm:2251 > + if (hitNode && is<HTMLInputElement>(*hitNode)) { Let's just check is<HTMLInputElement>(hitNode). 1499807 3 360525 rniwa 2019-01-29 16:39:41 -0800 Created attachment 360525 Patch for landing 1499808 4 360525 rniwa 2019-01-29 16:40:00 -0800 Comment on attachment 360525 Patch for landing Wait for EWS. 1499853 5 rniwa 2019-01-29 18:55:05 -0800 Committed r240702: <https://trac.webkit.org/changeset/240702> 360524 2019-01-29 16:38:08 -0800 2019-01-29 16:39:39 -0800 Fixes the bug bug-193996-20190129163807.patch text/plain 1522 rniwa SW5kZXg6IFNvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJL aXQvQ2hhbmdlTG9nCShyZXZpc2lvbiAyNDA2OTEpCisrKyBTb3VyY2UvV2ViS2l0L0NoYW5nZUxv Zwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE1IEBACisyMDE5LTAxLTI5ICBSeW9zdWtlIE5p d2EgIDxybml3YUB3ZWJraXQub3JnPgorCisgICAgICAgIGlPUzogTnVsbHB0ciBjcmFzaCBpbiBX ZWJQYWdlOjpnZXRQb3NpdGlvbkluZm9ybWF0aW9uIGRlcmVmZXJlbmNpbmcgYW4gaW5wdXQgZWxl bWVudCBmb3IgZGF0YSBsaXN0CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3df YnVnLmNnaT9pZD0xOTM5OTYKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4K KworICAgICAgICBBZGRlZCBhIG1pc3NpbmcgbnVsbHB0ciBjaGVjay4KKworICAgICAgICAqIFdl YlByb2Nlc3MvV2ViUGFnZS9pb3MvV2ViUGFnZUlPUy5tbToKKyAgICAgICAgKFdlYktpdDo6V2Vi UGFnZTo6Z2V0UG9zaXRpb25JbmZvcm1hdGlvbik6CisKIDIwMTktMDEtMjkgIFlvdWVubiBGYWJs ZXQgIDx5b3Vlbm5AYXBwbGUuY29tPgogCiAgICAgICAgIEFkb3B0IG5ldyBTUEkgdG8gZXZhbHVh dGUgc2VydmVyIGNlcnRpZmljYXRlIHRydXN0CkluZGV4OiBTb3VyY2UvV2ViS2l0L1dlYlByb2Nl c3MvV2ViUGFnZS9pb3MvV2ViUGFnZUlPUy5tbQo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViS2l0 L1dlYlByb2Nlc3MvV2ViUGFnZS9pb3MvV2ViUGFnZUlPUy5tbQkocmV2aXNpb24gMjQwNjQ2KQor KysgU291cmNlL1dlYktpdC9XZWJQcm9jZXNzL1dlYlBhZ2UvaW9zL1dlYlBhZ2VJT1MubW0JKHdv cmtpbmcgY29weSkKQEAgLTIyNDgsNyArMjI0OCw3IEBAIHZvaWQgV2ViUGFnZTo6Z2V0UG9zaXRp b25JbmZvcm1hdGlvbihjb24KIAogICAgIC8vIFByZXZlbnQgdGhlIGNhbGxvdXQgYmFyIGZyb20g c2hvd2luZyB3aGVuIHRhcHBpbmcgb24gdGhlIGRhdGFsaXN0IGJ1dHRvbi4KICNpZiBFTkFCTEUo REFUQUxJU1RfRUxFTUVOVCkKLSAgICBpZiAoaXM8SFRNTElucHV0RWxlbWVudD4oKmhpdE5vZGUp KSB7CisgICAgaWYgKGhpdE5vZGUgJiYgaXM8SFRNTElucHV0RWxlbWVudD4oKmhpdE5vZGUpKSB7 CiAgICAgICAgIGNvbnN0IEhUTUxJbnB1dEVsZW1lbnQmIGlucHV0ID0gZG93bmNhc3Q8SFRNTElu cHV0RWxlbWVudD4oKmhpdE5vZGUpOwogICAgICAgICBpZiAoaW5wdXQubGlzdCgpKSB7CiAgICAg ICAgICAgICBIaXRUZXN0UmVzdWx0IHJlc3VsdCA9IG1fcGFnZS0+bWFpbkZyYW1lKCkuZXZlbnRI YW5kbGVyKCkuaGl0VGVzdFJlc3VsdEF0UG9pbnQocmVxdWVzdC5wb2ludCwgSGl0VGVzdFJlcXVl c3Q6OlJlYWRPbmx5IHwgSGl0VGVzdFJlcXVlc3Q6OkFjdGl2ZSk7Cg== 360525 2019-01-29 16:39:41 -0800 2019-01-29 16:40:00 -0800 Patch for landing bug-193996-20190129163940.patch text/plain 1508 rniwa SW5kZXg6IFNvdXJjZS9XZWJLaXQvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJL aXQvQ2hhbmdlTG9nCShyZXZpc2lvbiAyNDA2OTEpCisrKyBTb3VyY2UvV2ViS2l0L0NoYW5nZUxv Zwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE1IEBACisyMDE5LTAxLTI5ICBSeW9zdWtlIE5p d2EgIDxybml3YUB3ZWJraXQub3JnPgorCisgICAgICAgIGlPUzogTnVsbHB0ciBjcmFzaCBpbiBX ZWJQYWdlOjpnZXRQb3NpdGlvbkluZm9ybWF0aW9uIGRlcmVmZXJlbmNpbmcgYW4gaW5wdXQgZWxl bWVudCBmb3IgZGF0YSBsaXN0CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3df YnVnLmNnaT9pZD0xOTM5OTYKKworICAgICAgICBSZXZpZXdlZCBieSBXZW5zb24gSHNpZWguCisK KyAgICAgICAgQWRkZWQgYSBtaXNzaW5nIG51bGxwdHIgY2hlY2suCisKKyAgICAgICAgKiBXZWJQ cm9jZXNzL1dlYlBhZ2UvaW9zL1dlYlBhZ2VJT1MubW06CisgICAgICAgIChXZWJLaXQ6OldlYlBh Z2U6OmdldFBvc2l0aW9uSW5mb3JtYXRpb24pOgorCiAyMDE5LTAxLTI5ICBZb3Vlbm4gRmFibGV0 ICA8eW91ZW5uQGFwcGxlLmNvbT4KIAogICAgICAgICBBZG9wdCBuZXcgU1BJIHRvIGV2YWx1YXRl IHNlcnZlciBjZXJ0aWZpY2F0ZSB0cnVzdApJbmRleDogU291cmNlL1dlYktpdC9XZWJQcm9jZXNz L1dlYlBhZ2UvaW9zL1dlYlBhZ2VJT1MubW0KPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL1dlYktpdC9X ZWJQcm9jZXNzL1dlYlBhZ2UvaW9zL1dlYlBhZ2VJT1MubW0JKHJldmlzaW9uIDI0MDY0NikKKysr IFNvdXJjZS9XZWJLaXQvV2ViUHJvY2Vzcy9XZWJQYWdlL2lvcy9XZWJQYWdlSU9TLm1tCSh3b3Jr aW5nIGNvcHkpCkBAIC0yMjQ4LDcgKzIyNDgsNyBAQCB2b2lkIFdlYlBhZ2U6OmdldFBvc2l0aW9u SW5mb3JtYXRpb24oY29uCiAKICAgICAvLyBQcmV2ZW50IHRoZSBjYWxsb3V0IGJhciBmcm9tIHNo b3dpbmcgd2hlbiB0YXBwaW5nIG9uIHRoZSBkYXRhbGlzdCBidXR0b24uCiAjaWYgRU5BQkxFKERB VEFMSVNUX0VMRU1FTlQpCi0gICAgaWYgKGlzPEhUTUxJbnB1dEVsZW1lbnQ+KCpoaXROb2RlKSkg eworICAgIGlmIChpczxIVE1MSW5wdXRFbGVtZW50PihoaXROb2RlKSkgewogICAgICAgICBjb25z dCBIVE1MSW5wdXRFbGVtZW50JiBpbnB1dCA9IGRvd25jYXN0PEhUTUxJbnB1dEVsZW1lbnQ+KCpo aXROb2RlKTsKICAgICAgICAgaWYgKGlucHV0Lmxpc3QoKSkgewogICAgICAgICAgICAgSGl0VGVz dFJlc3VsdCByZXN1bHQgPSBtX3BhZ2UtPm1haW5GcmFtZSgpLmV2ZW50SGFuZGxlcigpLmhpdFRl c3RSZXN1bHRBdFBvaW50KHJlcXVlc3QucG9pbnQsIEhpdFRlc3RSZXF1ZXN0OjpSZWFkT25seSB8 IEhpdFRlc3RSZXF1ZXN0OjpBY3RpdmUpOwo=