RESOLVED FIXED 12161
REGRESSION: Crash when control-clicking on an image for contextual menu 
https://bugs.webkit.org/show_bug.cgi?id=12161
Summary REGRESSION: Crash when control-clicking on an image for contextual menu
Daniele Metilli
Reported 2007-01-08 04:17:57 PST
Follow these steps: 1 - Go to http://www.gathering.nl/discographie.php. 2 - Control-click (or right-click) on one of the album covers. 3 - WebKit crashes. This happens in the latest nightly (r18654). The shipping version of Safari doesn't crash.
Attachments
Nil-check and code clean-up (4.37 KB, patch)
2007-01-08 13:14 PST, Beth Dakin 		aroben: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2007-01-08 06:50:33 PST
Confirmed using locally-built debug build of WebKit r18658 with Safari 2.0.4 (419.3) on Mac OS X 10.4.8 (8L127). Stack trace: Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000018 Thread 0 Crashed: 0 com.apple.WebCore 0x017f13f8 WebCore::RetainPtr<NSMutableArray>::get() const + 20 (RetainPtr.h:74) 1 com.apple.WebCore 0x014f6e10 WebCore::ContextMenu::platformDescription() const + 40 (ContextMenuMac.mm:135) 2 com.apple.WebKit 0x003517e8 -[WebHTMLView menuForEvent:] + 372 (WebHTMLView.m:2555) 3 com.apple.AppKit 0x93767830 -[NSWindow sendEvent:] + 4520 4 com.apple.Safari 0x00021734 0x1000 + 132916 5 com.apple.AppKit 0x937108d4 -[NSApplication sendEvent:] + 4172 6 com.apple.Safari 0x00021238 0x1000 + 131640 7 com.apple.AppKit 0x93707d10 -[NSApplication run] + 508 8 com.apple.AppKit 0x937f887c NSApplicationMain + 452 9 com.apple.Safari 0x0005c77c 0x1000 + 374652 10 com.apple.Safari 0x0005c624 0x1000 + 374308
Beth Dakin
Comment 2 2007-01-08 13:01:39 PST
Oooh, i see what's going on here. we are missing a nil check. I will have a patch soon.
Beth Dakin
Comment 3 2007-01-08 13:14:51 PST
Created attachment 12307 [details] Nil-check and code clean-up
Adam Roben (:aroben)
Comment 4 2007-01-08 13:34:02 PST
Comment on attachment 12307 [details] Nil-check and code clean-up r=me, although it would be nice if you could go ahead and change every line of ContextMenu::populate again.
Sam Weinig
Comment 5 2007-01-08 14:41:39 PST
Landed in r18678.
Note You need to log in before you can comment on or make changes to this bug.