12688 – REGRESSION (r19469): ASSERT when right clicking on hyperlinks! in TOT webkit

RESOLVED FIXED 12688

REGRESSION (r19469): ASSERT when right clicking on hyperlinks! in TOT webkit

https://bugs.webkit.org/show_bug.cgi?id=12688

Summary REGRESSION (r19469): ASSERT when right clicking on hyperlinks! in TOT webkit

Charles Ying

Reported 2007-02-07 17:02:33 PST

Repro steps: 1. Load attached webarchive for tvsquad.com 2. Scroll down to hyperlink saying: "Joss Whedon now has room for Buffy movie" 3. Right click on hyperlink 4. WebKit TOT crashes with console log: Starting Safari with DYLD_FRAMEWORK_PATH set to point to built WebKit in /Users/cying/Research/WebKit/WebKitBuild/Debug. 2007-02-07 16:39:54.824 Safari[15621] CFLog (0): CFMessagePort: bootstrap_register(): failed 1103 (0x44f), port = 0x3103, name = 'com.apple.Safari.ServiceProvider' See /usr/include/servers/bootstrap_defs.h for the error codes. 2007-02-07 16:39:54.824 Safari[15621] CFLog (99): CFMessagePortCreateLocal(): failed to name Mach port (com.apple.Safari.ServiceProvider) SHOULD NEVER BE REACHED (/Users/cying/Research/WebKit/WebKit/WebCoreSupport/WebContextMenuClient.mm:182 fixMenusReceivedFromOldClients) Segmentation fault GDB backtrace follows: Starting program: /Applications/Safari.app/Contents/MacOS/Safari Reading symbols for shared libraries ...................................................................................... done 2007-02-07 16:50:02.534 Safari[15655] CFLog (0): CFMessagePort: bootstrap_register(): failed 1103 (0x44f), port = 0x3103, name = 'com.apple.Safari.ServiceProvider' See /usr/include/servers/bootstrap_defs.h for the error codes. 2007-02-07 16:50:02.537 Safari[15655] CFLog (99): CFMessagePortCreateLocal(): failed to name Mach port (com.apple.Safari.ServiceProvider) Reading symbols for shared libraries . done Reading symbols for shared libraries . done Reading symbols for shared libraries . done Reading symbols for shared libraries ... done SHOULD NEVER BE REACHED (/Users/cying/Research/WebKit/WebKit/WebCoreSupport/WebContextMenuClient.mm:182 fixMenusReceivedFromOldClients) Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0xbbadbeef 0x0039967c in fixMenusReceivedFromOldClients (newMenuItems=0x1a604750, defaultMenuItems=0x1a4fb870) at /Users/cying/Research/WebKit/WebKit/WebCoreSupport/WebContextMenuClient.mm:182 182 ASSERT_NOT_REACHED(); (gdb) backtrace #0 0x0039967c in fixMenusReceivedFromOldClients (newMenuItems=0x1a604750, defaultMenuItems=0x1a4fb870) at /Users/cying/Research/WebKit/WebKit/WebCoreSupport/WebContextMenuClient.mm:182 #1 0x00399808 in WebContextMenuClient::getCustomMenuFromDefaultItems (this=0x177cde80, defaultMenu=0x1a4fa190) at /Users/cying/Research/WebKit/WebKit/WebCoreSupport/WebContextMenuClient.mm:199 #2 0x013f36ae in WebCore::ContextMenuController::handleContextMenuEvent (this=0x177ce030, event=0x1a4fc120) at /Users/cying/Research/WebKit/WebCore/page/ContextMenuController.cpp:88 #3 0x0122fa40 in WebCore::EventTargetNode::defaultEventHandler (this=0x1a192e50, event=0x1a4fc120) at /Users/cying/Research/WebKit/WebCore/dom/EventTargetNode.cpp:585 #4 0x0122dc95 in WebCore::EventTargetNode::dispatchGenericEvent (this=0x1a192e50, e=@0xbffff2fc, tempEvent=true) at /Users/cying/Research/WebKit/WebCore/dom/EventTargetNode.cpp:264 #5 0x0122f5ff in WebCore::EventTargetNode::dispatchEvent (this=0x1a192e50, e=@0xbffff34c, ec=@0xbffff424, tempEvent=true, target=0x1a192e74) at /Users/cying/Research/WebKit/WebCore/dom/EventTargetNode.cpp:305 #6 0x0122f67b in WebCore::EventTargetNode::dispatchEvent (this=0x1a192e50, e=@0xbffff430, ec=@0xbffff424, tempEvent=true) at /Users/cying/Research/WebKit/WebCore/dom/EventTargetNode.cpp:289 #7 0x0122e40f in WebCore::EventTargetNode::dispatchMouseEvent (this=0x1a192e50, eventType=@0x16bc70c, button=2, detail=0, pageX=174, pageY=1973, screenX=913, screenY=760, ctrlKey=false, altKey=false, shiftKey=false, metaKey=false, isSimulated=false, relatedTargetArg=0x0, underlyingEvent=@0xbffff4e4) at /Users/cying/Research/WebKit/WebCore/dom/EventTargetNode.cpp:467 #8 0x0122eb41 in WebCore::EventTargetNode::dispatchMouseEvent (this=0x1a192e50, event=@0xbffff614, eventType=@0x16bc70c, detail=0, relatedTarget=0x0) at /Users/cying/Research/WebKit/WebCore/dom/EventTargetNode.cpp:394 #9 0x013ee2be in WebCore::EventHandler::dispatchMouseEvent (this=0x2a0d90c, eventType=@0x16bc70c, targetNode=0x1a192e50, cancelable=true, clickCount=0, mouseEvent=@0xbffff614, setUnder=true) at /Users/cying/Research/WebKit/WebCore/page/EventHandler.cpp:1093 #10 0x013ee634 in WebCore::EventHandler::sendContextMenuEvent (this=0x2a0d90c, event={static currentEvent = {<No data fields>}, m_position = {m_x = 174, m_y = 333}, m_globalPosition = {m_x = 913, m_y = 760}, m_button = WebCore::RightButton, m_eventType = WebCore::MouseEventPressed, m_clickCount = 1, m_shiftKey = false, m_ctrlKey = false, m_altKey = false, m_metaKey = false, m_timestamp = 197223.42265699999, m_eventNumber = 3700}) at /Users/cying/Research/WebKit/WebCore/page/EventHandler.cpp:1190 #11 0x0033b4df in -[WebHTMLView menuForEvent:] (self=0x17757430, _cmd=0x90ab4350, event=0x1a4ed290) at /Users/cying/Research/WebKit/WebKit/WebView/WebHTMLView.mm:2565 #12 0x9373680e in -[NSView rightMouseDown:] () #13 0x935ed9d3 in -[NSControl _rightMouseUpOrDown:] () #14 0x9335bbe1 in -[NSWindow sendEvent:] () #15 0x000230c6 in ?? () #16 0x9334d350 in -[NSApplication sendEvent:] () #17 0x00022c56 in ?? () #18 0x93277dfe in -[NSApplication run] () #19 0x9326bd2f in NSApplicationMain () #20 0x0005f54a in ?? () #21 0x0005f471 in ?? ()

Attachments
tvsquad.com web archive (777.02 KB, application/x-webarchive) 2007-02-07 17:03 PST, Charles Ying	no flags	Details
tvsquad hyperlink screenshot (242.31 KB, image/jpeg) 2007-02-07 17:06 PST, Charles Ying	no flags	Details
Bug reduction HTML source (87.49 KB, text/html) 2007-02-07 17:27 PST, Charles Ying	no flags	Details
Further reduction of bug (107 bytes, text/html) 2007-02-07 20:32 PST, Charles Ying	no flags	Details
proposed patch (7.25 KB, patch) 2007-02-07 21:44 PST, Charles Ying	aroben: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Charles Ying

Comment 1 2007-02-07 17:03:30 PST

Created attachment 13024 [details] tvsquad.com web archive

Charles Ying

Comment 2 2007-02-07 17:06:34 PST

Created attachment 13025 [details] tvsquad hyperlink screenshot

Charles Ying

Comment 3 2007-02-07 17:27:17 PST

Created attachment 13027 [details] Bug reduction HTML source A little bit more reduction of the bug, right click on "Interviews" to repro the bug

Charles Ying

Comment 4 2007-02-07 20:32:53 PST

Created attachment 13040 [details] Further reduction of bug Reduced down to 5 lines... should be easy from here.

Maciej Stachowiak

Comment 5 2007-02-07 20:35:52 PST

Possibly a very recent regression.

Adam Roben (:aroben)

Comment 6 2007-02-07 20:38:09 PST

This was caused by http://trac.webkit.org/projects/webkit/changeset/19469

Charles Ying

Comment 7 2007-02-07 21:44:13 PST

Created attachment 13043 [details] proposed patch

Adam Roben (:aroben)

Comment 8 2007-02-07 21:45:08 PST

Comment on attachment 13043 [details] proposed patch r=me

Adam Roben (:aroben)

Comment 9 2007-02-07 21:51:38 PST

Landed as r19494

Adam Roben (:aroben)

Comment 10 2007-02-08 00:43:56 PST

*** Bug 12692 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P1

Severity Major

Classification Unclassified

Version 420+

Hardware Mac (Intel)

OS OS X 10.4

Product WebKit

Component WebCore Misc.

Assignee

Charles Ying

Reported

2007-02-07 17:02 PST

Modified

2007-02-08 00:43 PST History

CC List

3 users Show

URL

http://www.tvsquad.com/

Keywords HasReduction, Regression

Duplicates (1)

12692 View as bug list

Depends on

Blocks