RESOLVED FIXED 13354
REPRODUCIBLE ASSERT: range != nil in WebViewFactory.mm:415 -[WebViewFactory startOfTextMarkerRange:] 
https://bugs.webkit.org/show_bug.cgi?id=13354
Summary REPRODUCIBLE ASSERT: range != nil in WebViewFactory.mm:415 -[WebViewFactory s...
David Kilzer (:ddkilzer)
Reported 2007-04-15 12:14:16 PDT
* SUMMARY Sequence of steps leads to a reproducible assert in debug builds of WebKit. * STEPS TO REPRODUCE 1. Open Safari/WebKit. 2. Open URL (or any page with an <input type="text"> in it. 3. Click in the text field. 4. Type text like "asdf". 5. Hit Cmd-A to select all. 6. Type a new word like "Hello". 7. Position mouse pointer over word. 8. Hit Cmd-Ctrl-D to bring up the dictionary/thesaurus. * EXPECTED RESULTS The dictionary should be brought up for the word (or at least Safari/WebKit should not crash). * ACTUAL RESULTS Safari/WebKit crashes due to an assert. * REGRESSION Only tested with Safari 2.0.4 (419.3) on Mac OS X 10.4.9 (8P135) with a local debug build of WebKit r20896.
Attachments
Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2007-04-15 12:18:30 PDT
Lowering from P1 because I don't have the steps to reproduce correct. (Sometimes it happens, sometimes it doesn't.) Stack trace: PID: 10306 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0xbbadbeef Thread 0 Crashed: 0 com.apple.WebKit 0x0033a1f4 -[WebViewFactory startOfTextMarkerRange:] + 92 (WebViewFactory.mm:415) 1 com.apple.WebCore 0x0104501c -[WebCoreAXObject visiblePositionForStartOfTextMarkerRange:] + 136 (WebCoreAXObject.mm:941) 2 com.apple.WebCore 0x0105052c -[WebCoreAXObject doAXAttributedStringForTextMarkerRange:] + 76 (WebCoreAXObject.mm:1630) 3 com.apple.WebCore 0x01049bf4 -[WebCoreAXObject doAXAttributedStringForRange:] + 128 (WebCoreAXObject.mm:2146) 4 com.apple.WebCore 0x0104f224 -[WebCoreAXObject doAXRTFForRange:] + 92 (WebCoreAXObject.mm:2153) 5 com.apple.WebCore 0x0104b11c -[WebCoreAXObject accessibilityAttributeValue:forParameter:] + 5212 (WebCoreAXObject.mm:2316) 6 com.apple.AppKit 0x93a665fc CopyParameterizedAttributeValue + 240 7 com.apple.HIServices 0x91871d94 _AXXMIGCopyParameterizedAttributeValue + 312 8 com.apple.HIServices 0x91879230 _XCopyParameterizedAttributeValue + 288 9 com.apple.HIServices 0x91844404 mshMIGPerform + 308 10 com.apple.CoreFoundation 0x907ec764 __CFRunLoopDoSource1 + 152 11 com.apple.CoreFoundation 0x907dee7c __CFRunLoopRun + 1556 12 com.apple.CoreFoundation 0x907de4ac CFRunLoopRunSpecific + 268 13 com.apple.HIToolbox 0x9329bb20 RunCurrentEventLoopInMode + 264 14 com.apple.HIToolbox 0x9329b1b4 ReceiveNextEventCommon + 380 15 com.apple.HIToolbox 0x9329b020 BlockUntilNextEventMatchingListInMode + 96 16 com.apple.AppKit 0x937a1ae4 _DPSNextEvent + 384 17 com.apple.AppKit 0x937a17a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 18 com.apple.Safari 0x00006740 0x1000 + 22336 19 com.apple.AppKit 0x9379dcec -[NSApplication run] + 472 20 com.apple.AppKit 0x9388e87c NSApplicationMain + 452 21 com.apple.Safari 0x0005c77c 0x1000 + 374652 22 com.apple.Safari 0x0005c624 0x1000 + 374308
David Kilzer (:ddkilzer)
Comment 2 2007-04-15 12:27:14 PDT
Back to P1--new repeatable steps to reproduce. * STEPS TO REPRODUCE 1. Open Safari/WebKit. 2. Open URL (or any page with an <input type="text"> in it. 3. Click in the text field. 4. Type text like "asdf". 5. Use Cmd-Tab to switch to another application (so Safari/WebKit loses focus). 6. Hit Cmd-Tab to switch back to Safari/WebKit. DO NOT CLICK IN ANY SAFARI WINDOW. 7. Position the mouse pointer over "asdf" in the text field. 8. Hit Cmd-Ctrl-D to bring up the dictionary. At this point, the assert should be hit on a debug build and Safari/WebKit will crash.
Darin Adler
Comment 3 2007-04-23 08:37:49 PDT
<rdar://problem/5153017>
Eric Seidel (no email)
Comment 4 2007-05-04 00:30:37 PDT
Maybe Safari/WebKit makes some assumption about the window having keyfocus.
Maxime BRITTO
Comment 5 2007-06-11 02:44:42 PDT
I can't reproduce it on r22090.
Oliver Hunt
Comment 6 2007-07-13 22:19:31 PDT
Fix was landed r21158
Note You need to log in before you can comment on or make changes to this bug.