UI process sometimes crashes under -[WKContentView _lookupForWebView:]
authortimothy_horton@apple.com <timothy_horton@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 4 Feb 2018 03:35:18 +0000 (03:35 +0000)
committertimothy_horton@apple.com <timothy_horton@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Sun, 4 Feb 2018 03:35:18 +0000 (03:35 +0000)
https://bugs.webkit.org/show_bug.cgi?id=182460
<rdar://problem/33260602>

Reviewed by Wenson Hsieh.

* UIProcess/ios/WKContentViewInteraction.mm:
(-[WKContentView _lookupForWebView:]):
If you have a range selection, but no rects for the selection, retrieving
the 0th element of selectionRects will crash the UI process. To fix, in
this case, use the rect for the starting caret instead.

It doesn't seem like the presentationRect is actually currently used for
the Lookup service, so the only impact is that we shouldn't crash anymore.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@228050 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/UIProcess/ios/WKContentViewInteraction.mm

index f137448..300d7c4 100644 (file)
@@ -1,3 +1,20 @@
+2018-02-03  Tim Horton  <timothy_horton@apple.com>
+
+        UI process sometimes crashes under -[WKContentView _lookupForWebView:]
+        https://bugs.webkit.org/show_bug.cgi?id=182460
+        <rdar://problem/33260602>
+
+        Reviewed by Wenson Hsieh.
+
+        * UIProcess/ios/WKContentViewInteraction.mm:
+        (-[WKContentView _lookupForWebView:]):
+        If you have a range selection, but no rects for the selection, retrieving
+        the 0th element of selectionRects will crash the UI process. To fix, in
+        this case, use the rect for the starting caret instead.
+
+        It doesn't seem like the presentationRect is actually currently used for
+        the Lookup service, so the only impact is that we shouldn't crash anymore.
+
 2018-02-02  Michael Catanzaro  <mcatanzaro@igalia.com>
 
         Remove remaining dead !USE(NETWORK_SESSION) code
 2018-02-02  Michael Catanzaro  <mcatanzaro@igalia.com>
 
         Remove remaining dead !USE(NETWORK_SESSION) code
index f187226..894753b 100644 (file)
@@ -2004,15 +2004,22 @@ FOR_EACH_WKCONTENTVIEW_ACTION(FORWARD_ACTION_TO_WKWEBVIEW)
             return;
         if (!selectedText)
             return;
             return;
         if (!selectedText)
             return;
-        
-        CGRect presentationRect = view->_page->editorState().selectionIsRange ? view->_page->editorState().postLayoutData().selectionRects[0].rect() : view->_page->editorState().postLayoutData().caretRectAtStart;
+
+        auto& editorState = view->_page->editorState();
+        auto& postLayoutData = editorState.postLayoutData();
+        CGRect presentationRect;
+        if (editorState.selectionIsRange && !postLayoutData.selectionRects.isEmpty())
+            presentationRect = postLayoutData.selectionRects[0].rect();
+        else
+            presentationRect = postLayoutData.caretRectAtStart;
         
         String selectionContext = textBefore + selectedText + textAfter;
         
         String selectionContext = textBefore + selectedText + textAfter;
-        if (view->_textSelectionAssistant) {
-            [view->_textSelectionAssistant lookup:selectionContext withRange:NSMakeRange(textBefore.length(), selectedText.length()) fromRect:presentationRect];
-        } else {
-            [view->_webSelectionAssistant lookup:selectionContext withRange:NSMakeRange(textBefore.length(), selectedText.length()) fromRect:presentationRect];
-        }
+        NSRange selectedRangeInContext = NSMakeRange(textBefore.length(), selectedText.length());
+
+        if (auto textSelectionAssistant = view->_textSelectionAssistant)
+            [textSelectionAssistant lookup:selectionContext withRange:selectedRangeInContext fromRect:presentationRect];
+        else
+            [view->_webSelectionAssistant lookup:selectionContext withRange:selectedRangeInContext fromRect:presentationRect];
     });
 }
 
     });
 }