RESOLVED FIXED 12625
REGRESSION: Crash when closing the web inspector with text selected 
https://bugs.webkit.org/show_bug.cgi?id=12625
Summary REGRESSION: Crash when closing the web inspector with text selected
Matt Lilek
Reported 2007-02-05 18:44:37 PST
1. Open the web inspector on a site 2. Make a selection within the inspector - some CSS from the style pane, an attribute, etc. 3. Close the inspector 4. WebKit crashes: Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0x72656664 Thread 0 Crashed: 0 <<00000000>> 0x72656664 0 + 1919247972 1 com.apple.WebCore 0x011d88bc WebCore::RenderView::selectionRect() const + 456 (RenderView.cpp:249) 2 com.apple.WebCore 0x0111f7e8 WebCore::Frame::selectionRect() const + 84 (Frame.cpp:918) 3 com.apple.WebCore 0x0111f888 WebCore::Frame::visibleSelectionRect() const + 88 (Frame.cpp:927) 4 com.apple.WebCore 0x011210a8 WebCore::Frame::setIsActive(bool) + 208 (Frame.cpp:1233) 5 com.apple.WebKit 0x0034b2e4 -[WebHTMLView(WebPrivate) _updateActiveState] + 492 (WebHTMLView.mm:1767) 6 com.apple.WebKit 0x003513d0 -[WebHTMLView windowDidResignKey:] + 336 (WebHTMLView.mm:2771) 7 com.apple.Foundation 0x9295ead8 _nsnote_callback + 180 8 com.apple.CoreFoundation 0x90804010 __CFXNotificationPost + 368 9 com.apple.CoreFoundation 0x907fc0ec _CFXNotificationPostNotification + 684 10 com.apple.Foundation 0x92948ee0 -[NSNotificationCenter postNotificationName:object:userInfo:] + 92 11 com.apple.AppKit 0x937ab1f4 -[NSWindow resignKeyWindow] + 340 12 com.apple.AppKit 0x937ab080 -[NSPanel resignKeyWindow] + 100 13 com.apple.AppKit 0x937aabcc -[NSWindow _orderOutAndCalcKeyWithCounter:] + 248 14 com.apple.AppKit 0x93747c7c -[NSWindow _reallyDoOrderWindow:relativeTo:findKey:forCounter:force:isModal:] + 2632 15 com.apple.AppKit 0x937aa530 -[NSWindow _close] + 280 16 com.apple.AppKit 0x937aa3e0 -[NSWindow close] + 36 17 com.apple.WebKit 0x00393adc -[WebDefaultUIDelegate webViewClose:] + 100 (WebDefaultUIDelegate.m:72) 18 libobjc.A.dylib 0x90a441f4 objc_msgSendv + 180 19 com.apple.Foundation 0x9295ac88 -[NSInvocation invoke] + 944 20 com.apple.Foundation 0x9295b238 -[NSInvocation invokeWithTarget:] + 64 21 com.apple.WebKit 0x00381e18 -[_WebSafeForwarder forwardInvocation:] + 768 (WebView.mm:1432) 22 com.apple.Foundation 0x92953034 -[NSObject(NSForwardInvocation) forward::] + 408 23 libobjc.A.dylib 0x90a440b0 _objc_msgForward + 176 24 com.apple.WebKit 0x0037ef88 -[WebView(WebPrivate) _closeWindow] + 96 (WebView.mm:943) 25 com.apple.Foundation 0x92969bf8 __NSFireDelayedPerform + 304 26 com.apple.CoreFoundation 0x907f0550 __CFRunLoopDoTimer + 184 27 com.apple.CoreFoundation 0x907dcec8 __CFRunLoopRun + 1680 28 com.apple.CoreFoundation 0x907dc47c CFRunLoopRunSpecific + 268 29 com.apple.HIToolbox 0x93205740 RunCurrentEventLoopInMode + 264 30 com.apple.HIToolbox 0x93204dd4 ReceiveNextEventCommon + 380 31 com.apple.HIToolbox 0x93204c40 BlockUntilNextEventMatchingListInMode + 96 32 com.apple.AppKit 0x93708ae4 _DPSNextEvent + 384 33 com.apple.AppKit 0x937087a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 34 com.apple.Safari 0x00006740 0x1000 + 22336 35 com.apple.AppKit 0x93704cec -[NSApplication run] + 472 36 com.apple.AppKit 0x937f587c NSApplicationMain + 452 37 com.apple.Safari 0x0005c77c 0x1000 + 374652 38 com.apple.Safari 0x0005c624 0x1000 + 374308
Attachments
Update the render tree at the beginning of RenderView::selectionRect() (1.85 KB, patch)
2007-02-15 02:14 PST, mitz 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Maciej Stachowiak
Comment 1 2007-02-06 23:25:48 PST
<rdar://problem/4980997>
mitz
Comment 2 2007-02-15 02:14:44 PST
Created attachment 13180 [details] Update the render tree at the beginning of RenderView::selectionRect() Includes a change log that also explains why a test isn't included.
Darin Adler
Comment 3 2007-02-15 09:49:00 PST
Comment on attachment 13180 [details] Update the render tree at the beginning of RenderView::selectionRect() r=me Why updateRendering and not updateLayout or updateLayoutIgnorePendingStylesheets?
Darin Adler
Comment 4 2007-02-15 09:52:34 PST
Comment on attachment 13180 [details] Update the render tree at the beginning of RenderView::selectionRect() The normal design here is that the code that makes changes is responsible for calling updateRendering -- that's the reason for the various updateDocumentsRendering calls. Maybe we need a better solution for cases like the one in the inspector code where it's not going through JavaScript.
mitz
Comment 5 2007-02-15 09:58:46 PST
(In reply to comment #3) > Why updateRendering and not updateLayout or > updateLayoutIgnorePendingStylesheets? It's the least you can do. I didn't see reason to do more at that point, but I could be wrong. (In reply to comment #4) > (From update of attachment 13180 [details] [edit]) > The normal design here is that the code that makes changes is responsible for > calling updateRendering -- that's the reason for the various > updateDocumentsRendering calls. Maybe we need a better solution for cases like > the one in the inspector code where it's not going through JavaScript. The inspector is going through JavaScript, as a matter of fact: the Obj-C method that receives the notification executes a bit of JavaScript that updates the style. I'm not sure I understand the "normal design" comment. There are several instances where the code that needs up-to-date layout information calls updateLayoutIgnorePendingStylesheets().
Sam Weinig
Comment 6 2007-02-15 14:16:40 PST
Landed in r19644.
Note You need to log in before you can comment on or make changes to this bug.