RESOLVED FIXED 12416
REGRESSION: Nightly Safari crashes on a site using the canvas tag & JavaScript 
https://bugs.webkit.org/show_bug.cgi?id=12416
Summary REGRESSION: Nightly Safari crashes on a site using the canvas tag & JavaScript
Thomas Steinacher
Reported 2007-01-26 09:06:25 PST
Go to: http://bennolan.com/articles/2007/01/24/moon-lander-using-the-canvas-tag Try pressing the arrow keys and/or reloading the page. The current WebKit build (19136) will crash.
Attachments
the crash log (20.64 KB, text/plain)
2007-01-26 09:07 PST, Thomas Steinacher 		no flags
Details
Reduction of this case down to the game (18.30 KB, application/x-gzip)
2007-02-07 20:13 PST, Charles Ying 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Thomas Steinacher
Comment 1 2007-01-26 09:07:48 PST
Created attachment 12684 [details] the crash log
Alexey Proskuryakov
Comment 2 2007-01-26 10:24:43 PST
Confirmed with r19158. 0 WebCore::Node::renderer() const + 20 (Node.h:322) 1 WebCore::SelectionController::xPosForVerticalArrowNavigation(WebCore::SelectionController::EPositionType, bool) const + 644 (SelectionController.cpp:657) 2 WebCore::SelectionController::modifyMovingLeftBackward(WebCore::TextGranularity) + 796 (SelectionController.cpp:386) 3 WebCore::SelectionController::modify(WebCore::SelectionController::EAlteration, WebCore::SelectionController::EDirection, WebCore::TextGranularity, bool) + 600 (SelectionController.cpp:491) 4 WebCore::SelectionController::modify(WebCore::SelectionController::EAlteration, WebCore::SelectionController::EDirection, WebCore::TextGranularity, bool) + 132 (SelectionController.cpp:466) 5 WebCore::execMoveUp(WebCore::Frame*) + 60 (Editor.cpp:920) 6 WebCore::Editor::execCommand(WebCore::String const&) + 280 (Editor.cpp:1167) 7 -[WebHTMLView moveUp:] + 144 (WebHTMLView.mm:3587) 8 -[WebHTMLView(WebNSTextInputSupport) doCommandBySelector:] + 300 (WebHTMLView.mm:5471) 9 -[NSKeyBindingManager(NSKeyBindingManager_MultiClients) interpretEventAsCommand:forClient:] + 1700
Mark Rowe (bdash)
Comment 3 2007-01-28 15:52:37 PST
<rdar://problem/4960116>
Andrew Wellington
Comment 4 2007-01-29 04:18:53 PST
I can't reproduce this in r19216.
Mark Rowe (bdash)
Comment 5 2007-01-29 04:25:11 PST
I can reproduce this with r19208 (debug) and r19216 (release). I loaded the page, clicked in the canvas area, and mashed the arrow keys for a few seconds. It worked first time in the debug build and second time in release build, so it may not be completely simple to reproduce.
Justin Garcia
Comment 6 2007-02-06 14:50:41 PST
To repro reliably with r19136 you must load the URL while Safari is the active application. Wait for the page to load, then press one of the arrow keys. I can't reproduce with the latest nightly (r19418+). Closing.
Mark Rowe (bdash)
Comment 7 2007-02-06 16:02:24 PST
This still reproduces very easily with r19445. Steps as follows: 1. Load http://bennolan.com/articles/2007/01/24/moon-lander-using-the-canvas-tag and wait for it to complete. 2. Hit reload. 3. As the page loads, click in the white space where the canvas element will appear. 4. Press and hold the down arrow key.
Charles Ying
Comment 8 2007-02-07 20:13:24 PST
Created attachment 13039 [details] Reduction of this case down to the game I couldn't get it to automatically trigger the bug, so I suspect the down arrow is holding up some event queue and colliding with some other code.
Charles Ying
Comment 9 2007-02-07 20:16:57 PST
Reduction attached! woot!
Justin Garcia
Comment 10 2007-02-09 14:46:18 PST
Fixed in r19543.
Note You need to log in before you can comment on or make changes to this bug.