12557 – Occasional crashes when using JS-keyboard shortcuts

UNCONFIRMED 12557

Occasional crashes when using JS-keyboard shortcuts

https://bugs.webkit.org/show_bug.cgi?id=12557

Summary Occasional crashes when using JS-keyboard shortcuts

W. Andy Carrel

Reported 2007-02-03 06:42:58 PST

It looks like this is coming from an unsafe dereference in wtf/HashTable.h near line 398. Backtrace looks like: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x5c6a5c78 #0 0x014633b1 in WTF::HashTable<int, int, WTF::IdentityExtractor<int>, WTF::IntHash<int>, WTF::HashTraits<int>, WTF::HashTraits<int> >::contains<int, WTF::IdentityHashTranslator<int, int, WTF::IntHash<int> > > () #1 0x011e5fda in WebCore::TimerBase::isActive () #2 0x010c3033 in WebCore::Frame::keepAlive () #3 0x01224c6e in KJS::ScriptInterpreter::globalExec () #4 0x01230cf8 in KJS::JSAbstractEventListener::handleEvent () #5 0x011fde20 in WebCore::EventTargetNode::handleLocalEvents () #6 0x011fe652 in WebCore::EventTargetNode::dispatchGenericEvent () #7 0x011feb78 in WebCore::EventTargetNode::dispatchEvent () #8 0x011fee9a in WebCore::EventTargetNode::dispatchKeyEvent () #9 0x013c7b15 in WebCore::EventHandler::keyEvent () #10 0x013c57b7 in WebCore::EventHandler::keyEvent () #11 0x0032f4c8 in -[WebHTMLView keyDown:] () #12 0x9334cbe1 in -[NSWindow sendEvent:] () #13 0x0002338e in ?? () #14 0x9333e350 in -[NSApplication sendEvent:] () #15 0x00022f1e in ?? () #16 0x93268dfe in -[NSApplication run] () #17 0x9325cd2f in NSApplicationMain () #18 0x0005f7de in ?? () #19 0x0005f6f9 in ?? ()

Attachments
Add attachment proposed patch, testcase, etc.

David Kilzer (:ddkilzer)

Comment 1 2007-02-03 07:57:14 PST

Is there a specific set of JS-keyboard shortcuts that makes this reproducible?

W. Andy Carrel

Comment 2 2007-02-03 12:26:23 PST

I got this specific crash 2 or 3 times yesterday when using the keyboard shortcuts to move around in my gmail. But it wasn't particularly repeatable which was frustrating. Although just now as I was looking to repro this in webkit I got a possibly related crash (again with the timer hashtable deref):: Thread 0 Crashed: 0 com.apple.WebCore 0x014633b1 bool WTF::HashTable<int, int, WTF::IdentityExtractor<int>, WTF::IntHash<int>, WTF::HashTraits<int>, WTF::HashTraits<int> >::contains<int, WTF::IdentityHashTranslator<int, int, WTF::IntHash<int> > >(int const&) const + 117 1 com.apple.WebCore 0x011e5fda WebCore::TimerBase::isActive() const + 56 2 com.apple.WebCore 0x013cb509 WebCore::EventHandler::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&) + 101 3 com.apple.WebCore 0x010ccb33 WebCore::FrameView::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&) + 35 4 com.apple.WebCore 0x013c493a WebCore::EventHandler::mouseMoved(NSEvent*) + 220 5 com.apple.WebKit 0x00334ea3 -[WebHTMLView(WebPrivate) _updateMouseoverWithEvent:] + 903 6 com.apple.Foundation 0x925ed207 _nsnote_callback + 230 7 com.apple.CoreFoundation 0x90852649 __CFXNotificationPost + 345 8 com.apple.CoreFoundation 0x90849e80 _CFXNotificationPostNotification + 600 9 com.apple.Foundation 0x925e5860 -[NSNotificationCenter postNotificationName:object:userInfo:] + 121 10 com.apple.AppKit 0x93410d5c -[NSResponder _postEventNotification:] + 293 11 com.apple.AppKit 0x932e2bb8 forwardMethod + 177 12 com.apple.AppKit 0x932e2b59 forwardMethod + 82 13 com.apple.AppKit 0x932e2b59 forwardMethod + 82 14 com.apple.AppKit 0x932e2b59 forwardMethod + 82 15 com.apple.AppKit 0x932e2b59 forwardMethod + 82 16 com.apple.AppKit 0x932e2b59 forwardMethod + 82 17 com.apple.AppKit 0x932e2b59 forwardMethod + 82 18 com.apple.AppKit 0x932e2b59 forwardMethod + 82 19 com.apple.AppKit 0x932e2b59 forwardMethod + 82 20 com.apple.AppKit 0x932e2b59 forwardMethod + 82 21 com.apple.AppKit 0x932e2b59 forwardMethod + 82 22 com.apple.AppKit 0x932e2b59 forwardMethod + 82 23 com.apple.AppKit 0x932e2b59 forwardMethod + 82 24 com.apple.AppKit 0x932e2b59 forwardMethod + 82 25 com.apple.AppKit 0x932e2b59 forwardMethod + 82 26 com.apple.AppKit 0x932e2b59 forwardMethod + 82 27 com.apple.AppKit 0x9334cbe1 -[NSWindow sendEvent:] + 7377 28 com.apple.Safari 0x0002338e 0x1000 + 140174 29 com.apple.AppKit 0x9333e350 -[NSApplication sendEvent:] + 5023 30 com.apple.Safari 0x00022f1e 0x1000 + 139038 31 com.apple.AppKit 0x93268dfe -[NSApplication run] + 547 32 com.apple.AppKit 0x9325cd2f NSApplicationMain + 573 33 com.apple.Safari 0x0005f7de 0x1000 + 387038 34 com.apple.Safari 0x0005f6f9 0x1000 + 386809

Robert Blaut

Comment 3 2008-03-16 10:50:28 PDT

Reporter, is the crash still reproducible in the latest Webkit?

helen9098

Comment 4 2024-11-14 13:14:25 PST

test comment

Note You need to log in before you can comment on or make changes to this bug.

Status UNCONFIRMED

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version 420+

Hardware Mac

OS OS X 10.4

Product WebKit

Component WebCore JavaScript

Assignee

Nobody

Reported

2007-02-03 06:42 PST

Modified

2024-11-14 13:14 PST History

CC List

3 users Show

URL

http://mail.google.com/

Keywords GoogleBug

Depends on

Blocks