I cannot reproduce this issue. Does this also happen on other sites (for example, on www.google.com or http://bugs.webkit.org)? Could you please attach a complete crash report (the text that appears after you click "Report to Apple" button)?

(In reply to comment #1) > I cannot reproduce this issue. > > Does this also happen on other sites (for example, on www.google.com or > http://bugs.webkit.org)? > > Could you please attach a complete crash report (the text that appears after > you click "Report to Apple" button)? > It indeed happens at every website, but only at forms... the search box and address bar work perfectly, I'm using the standard Kotoeri input built on Mac OS, here's the crash report (i've sent it in to Apple already a couple of times)... i have the Inquisitor plugin installed but i don't really think the problem is related to it. Date/Time: 2007-05-07 15:44:01.797 -0400 OS Version: 10.4.9 (Build 8P2137) Report Version: 4 Command: Safari Path: /Applications/Safari.app/Contents/MacOS/Safari Parent: WindowServer [62] Version: ??? (21272) PID: 894 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x0000000c Thread 0 Crashed: 0 com.apple.WebCore 0x0102153d WebCore::Range::startPosition() const + 13 1 com.apple.WebCore 0x011c0974 WebCore::Selection::Selection[in-charge](WebCore::Range const*, WebCore::EAffinity) + 36 2 com.apple.WebCore 0x010ce556 -[WebCoreFrameBridge selectNSRange:] + 86 3 com.apple.WebKit 0x0033cf13 -[WebHTMLView(WebNSTextInputSupport) setMarkedText:selectedRange:] + 563 4 com.apple.AppKit 0x936428b8 _NSTSMEventHandler + 4733 5 com.apple.HIToolbox 0x92dd6537 DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*) + 1093 6 com.apple.HIToolbox 0x92dd5bdc SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*) + 304 7 com.apple.HIToolbox 0x92ddcfbc SendEventToEventTarget + 56 8 com.apple.HIToolbox 0x92efd13e SendTSMEvent + 251 9 com.apple.HIToolbox 0x9306bb4f SendTextInputEvent + 2309 10 com.apple.Kotoeri 0x15e1af57 KotoeriComponentDispatch + 85879 11 com.apple.Kotoeri 0x15e1a2f9 KotoeriComponentDispatch + 82713 12 com.apple.Kotoeri 0x15e1a034 KotoeriComponentDispatch + 82004 13 com.apple.Kotoeri 0x15e33d05 KotoeriComponentDispatch + 187685 14 com.apple.Kotoeri 0x15e33df6 KotoeriComponentDispatch + 187926 15 com.apple.Kotoeri 0x15e49ff2 KotoeriComponentDispatch + 278546 16 com.apple.Kotoeri 0x15e4a248 KotoeriComponentDispatch + 279144 17 com.apple.Kotoeri 0x15e10a9e KotoeriComponentDispatch + 43710 18 com.apple.Kotoeri 0x15e0ed5d KotoeriComponentDispatch + 36221 19 com.apple.Kotoeri 0x15e0d80f KotoeriComponentDispatch + 30767 20 com.apple.Kotoeri 0x15e0d430 KotoeriComponentDispatch + 29776 21 ...ple.CoreServices.CarbonCore 0x90cceb13 CallComponentFunctionCommon + 513 22 com.apple.Kotoeri 0x15e0a874 KotoeriComponentDispatch + 18580 23 com.apple.Kotoeri 0x15e06295 KotoeriComponentDispatch + 693 24 ...ple.CoreServices.CarbonCore 0x90cce7f8 CallComponentDispatch + 34 25 com.apple.HIToolbox 0x9307939f TextServiceEventRef + 46 26 com.apple.HIToolbox 0x9306b1bc TSMEventToTextService + 97 27 com.apple.HIToolbox 0x9306b240 TSMEventToInputMethod + 74 28 com.apple.HIToolbox 0x92efbf95 TSMKeyEvent + 560 29 com.apple.HIToolbox 0x92eb03b7 TSMProcessRawKeyEvent + 2786 30 com.apple.AppKit 0x9335bbff -[NSTSMInputContext interpretKeyEvents:] + 699 31 com.apple.AppKit 0x9335b170 -[NSView interpretKeyEvents:] + 65 32 com.apple.WebKit 0x00340748 -[WebHTMLView(WebInternal) _interceptEditingKeyEvent:shouldSaveCommand:] + 200 33 com.apple.WebKit 0x00379a30 WebEditorClient::handleKeypress(WebCore::KeyboardEvent*) + 112 34 com.apple.WebCore 0x01376a88 WebCore::Editor::handleKeypress(WebCore::KeyboardEvent*) + 184 35 com.apple.WebCore 0x013c400c WebCore::EventHandler::defaultKeyboardEventHandler(WebCore::KeyboardEvent*) + 108 36 com.apple.WebCore 0x011f24b1 WebCore::EventTargetNode::defaultEventHandler(WebCore::Event*) + 209 37 com.apple.WebCore 0x010976e2 WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event*) + 546 38 com.apple.WebCore 0x011f1d33 WebCore::EventTargetNode::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 739 39 com.apple.WebCore 0x011f21a0 WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool, WebCore::EventTarget*) + 160 40 com.apple.WebCore 0x011f226d WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 61 41 com.apple.WebCore 0x013c4253 WebCore::EventHandler::defaultKeyboardEventHandler(WebCore::KeyboardEvent*) + 691 42 com.apple.WebCore 0x011f24b1 WebCore::EventTargetNode::defaultEventHandler(WebCore::Event*) + 209 43 com.apple.WebCore 0x010976e2 WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event*) + 546 44 com.apple.WebCore 0x011f1d33 WebCore::EventTargetNode::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 739 45 com.apple.WebCore 0x011f21a0 WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool, WebCore::EventTarget*) + 160 46 com.apple.WebCore 0x011f226d WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 61 47 com.apple.WebCore 0x011f25da WebCore::EventTargetNode::dispatchKeyEvent(WebCore::PlatformKeyboardEvent const&) + 122 48 com.apple.WebCore 0x013c31ca WebCore::EventHandler::keyEvent(WebCore::PlatformKeyboardEvent const&) + 58 49 com.apple.WebCore 0x013c1ed6 WebCore::EventHandler::keyEvent(NSEvent*) + 150 50 com.apple.WebKit 0x00333779 -[WebHTMLView keyDown:] + 217 51 com.apple.AppKit 0x9335abe1 -[NSWindow sendEvent:] + 7377 52 com.apple.Safari 0x000230c6 0x1000 + 139462 53 com.apple.AppKit 0x9334c350 -[NSApplication sendEvent:] + 5023 54 com.apple.Safari 0x00022c56 0x1000 + 138326 55 com.apple.AppKit 0x93276dfe -[NSApplication run] + 547 56 com.apple.AppKit 0x9326ad2f NSApplicationMain + 573 57 com.apple.Safari 0x0005f54a 0x1000 + 386378 58 com.apple.Safari 0x0005f471 0x1000 + 386161 Thread 1: 0 libSystem.B.dylib 0x90025027 semaphore_wait_signal_trap + 7 1 com.apple.Foundation 0x9283b26c -[NSConditionLock lockWhenCondition:] + 39 2 com.apple.AppKit 0x93354270 -[NSUIHeartBeat _heartBeatThread:] + 377 3 com.apple.Foundation 0x927e52e0 forkThreadForFunction + 123 4 libSystem.B.dylib 0x90024987 _pthread_body + 84 Thread 2: 0 libSystem.B.dylib 0x9000a457 mach_msg_trap + 7 1 com.apple.CoreFoundation 0x9082c2b3 CFRunLoopRunSpecific + 2014 2 com.apple.CoreFoundation 0x9082bace CFRunLoopRunInMode + 61 3 com.apple.Foundation 0x9281aa0f +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 259 4 com.apple.Foundation 0x927e52e0 forkThreadForFunction + 123 5 libSystem.B.dylib 0x90024987 _pthread_body + 84 Thread 3: 0 libSystem.B.dylib 0x9000a457 mach_msg_trap + 7 1 com.apple.CoreFoundation 0x9082c2b3 CFRunLoopRunSpecific + 2014 2 com.apple.CoreFoundation 0x9082bace CFRunLoopRunInMode + 61 3 com.apple.Foundation 0x92841bc2 +[NSURLCache _diskCacheSyncLoop:] + 206 4 com.apple.Foundation 0x927e52e0 forkThreadForFunction + 123 5 libSystem.B.dylib 0x90024987 _pthread_body + 84 Thread 4: 0 libSystem.B.dylib 0x9001a93c select + 12 1 libSystem.B.dylib 0x90024987 _pthread_body + 84 Thread 5: 0 libSystem.B.dylib 0x9000a457 mach_msg_trap + 7 1 com.apple.CoreFoundation 0x9082c2b3 CFRunLoopRunSpecific + 2014 2 com.apple.CoreFoundation 0x9082bace CFRunLoopRunInMode + 61 3 com.apple.Foundation 0x9281ad3a -[NSRunLoop runMode:beforeDate:] + 182 4 com.apple.Foundation 0x9281ac36 -[NSRunLoop run] + 75 5 com.apple.Safari 0x0003f49c 0x1000 + 255132 6 com.apple.Foundation 0x927e52e0 forkThreadForFunction + 123 7 libSystem.B.dylib 0x90024987 _pthread_body + 84 Thread 6: 0 libSystem.B.dylib 0x90025027 semaphore_wait_signal_trap + 7 1 com.apple.Foundation 0x9283b26c -[NSConditionLock lockWhenCondition:] + 39 2 com.apple.Syndication 0x9a734966 -[AsyncDB _run:] + 181 3 com.apple.Foundation 0x927e52e0 forkThreadForFunction + 123 4 libSystem.B.dylib 0x90024987 _pthread_body + 84 Thread 0 crashed with X86 Thread State (32-bit): eax: 0x00000001 ebx: 0x010ce50b ecx: 0x017d502c edx: 0x00000000 edi: 0x00000000 esi: 0xbfffd53c ebp: 0xbfffd4d8 esp: 0xbfffd4c0 ss: 0x0000001f efl: 0x00010286 eip: 0x0102153d cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 Binary Images Description: 0x1000 - 0xdbfff com.apple.Safari 2.0.4 (419.3) /Applications/Safari.app/Contents/MacOS/Safari 0x10b000 - 0x10cfff WebKitNightlyEnabler.dylib /Applications/WebKit.app/Contents/Resources/WebKitNightlyEnabler.dylib 0x305000 - 0x3b2fff com.apple.WebKit 522+ /Applications/WebKit.app/Contents/Resources/WebKit.framework/Versions/A/WebKit 0x432000 - 0x4d9fff com.apple.JavaScriptCore 522+ /Applications/WebKit.app/Contents/Resources/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x1008000 - 0x14e0fff com.apple.WebCore 522+ /Applications/WebKit.app/Contents/Resources/WebCore.framework/Versions/A/WebCore 0x13cf0000 - 0x13cf0fff org.xlife.InquisitorLoader 3.0 (40) /Users/rha/Library/InputManagers/Inquisitor/Inquisitor.bundle/Contents/MacOS/Inquisitor 0x13cf5000 - 0x13d15fff org.xlife.InquisitorCore 3.0 (40) /Users/rha/Library/InputManagers/Inquisitor/Inquisitor.bundle/Contents/Resources/InquisitorCore.bundle/Contents/MacOS/InquisitorCore 0x15ad7000 - 0x15ad9fff com.apple.textencoding.japanese 2.1 /System/Library/TextEncodings/Japanese Encodings.bundle/Contents/MacOS/Japanese Encodings 0x15c50000 - 0x15cc1fff com.DivXInc.DivXDecoder 6.4.0 /Library/QuickTime/DivX Decoder.component/Contents/MacOS/DivX Decoder 0x15e05000 - 0x15e59fff com.apple.Kotoeri 4.0.4 /System/Library/Components/Kotoeri.component/Contents/MacOS/Kotoeri 0x8fe00000 - 0x8fe4afff dyld 46.12 /usr/lib/dyld 0x90000000 - 0x90170fff libSystem.B.dylib /usr/lib/libSystem.B.dylib 0x901c0000 - 0x901c2fff libmathCommon.A.dylib /usr/lib/system/libmathCommon.A.dylib 0x901c4000 - 0x90201fff com.apple.CoreText 1.1.2 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x90228000 - 0x902fefff ATS /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x9031e000 - 0x90773fff com.apple.CoreGraphics 1.258.61 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x9080a000 - 0x908d2fff com.apple.CoreFoundation 6.4.7 (368.28) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x90910000 - 0x90910fff com.apple.CoreServices 10.4 (???) /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x90912000 - 0x90a05fff libicucore.A.dylib /usr/lib/libicucore.A.dylib 0x90a55000 - 0x90ad4fff libobjc.A.dylib /usr/lib/libobjc.A.dylib 0x90afd000 - 0x90b61fff libstdc++.6.dylib /usr/lib/libstdc++.6.dylib 0x90bd0000 - 0x90bd7fff libgcc_s.1.dylib /usr/lib/libgcc_s.1.dylib 0x90bdc000 - 0x90c4ffff com.apple.framework.IOKit 1.4.6 (???) /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x90c64000 - 0x90c76fff libauto.dylib /usr/lib/libauto.dylib 0x90c7c000 - 0x90f22fff com.apple.CoreServices.CarbonCore 682.21 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x90f65000 - 0x90fcdfff com.apple.CoreServices.OSServices 4.1 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x91005000 - 0x91043fff com.apple.CFNetwork 129.20 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x91056000 - 0x91066fff com.apple.WebServices 1.1.3 (1.1.0) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/WebServicesCore 0x91071000 - 0x910effff com.apple.SearchKit 1.0.5 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x91124000 - 0x91142fff com.apple.Metadata 10.4.4 (121.36) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x9114e000 - 0x9115cfff libz.1.dylib /usr/lib/libz.1.dylib 0x9115f000 - 0x912fefff com.apple.security 4.5.2 (29774) /System/Library/Frameworks/Security.framework/Versions/A/Security 0x913fc000 - 0x91404fff com.apple.DiskArbitration 2.1.1 /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x9140b000 - 0x91412fff libbsm.dylib /usr/lib/libbsm.dylib 0x91416000 - 0x9143cfff com.apple.SystemConfiguration 1.8.6 /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x9144e000 - 0x914c4fff com.apple.audio.CoreAudio 3.0.4 /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x91515000 - 0x91515fff com.apple.ApplicationServices 10.4 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x91517000 - 0x91542fff com.apple.AE 314 (313) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x91555000 - 0x91629fff com.apple.ColorSync 4.4.9 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x91664000 - 0x916d7fff com.apple.print.framework.PrintCore 4.6 (177.13) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x91705000 - 0x917aefff com.apple.QD 3.10.24 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x917d4000 - 0x9181ffff com.apple.HIServices 1.5.2 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x9183e000 - 0x91854fff com.apple.LangAnalysis 1.6.3 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x91860000 - 0x9187afff com.apple.FindByContent 1.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/FindByContent 0x91884000 - 0x918c1fff com.apple.LaunchServices 182 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x918d5000 - 0x918e1fff com.apple.speech.synthesis.framework 3.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x918e8000 - 0x91927fff com.apple.ImageIO.framework 1.5.4 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x9193a000 - 0x919ecfff libcrypto.0.9.7.dylib /usr/lib/libcrypto.0.9.7.dylib 0x91a32000 - 0x91a48fff libcups.2.dylib /usr/lib/libcups.2.dylib 0x91a4d000 - 0x91a6bfff libJPEG.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x91a70000 - 0x91acffff libJP2.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib 0x91ae1000 - 0x91ae5fff libGIF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x91ae7000 - 0x91b6bfff libRaw.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib 0x91b6f000 - 0x91bacfff libTIFF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x91bb2000 - 0x91bccfff libPng.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x91bd1000 - 0x91bd3fff libRadiance.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x91bd5000 - 0x91cb3fff libxml2.2.dylib /usr/lib/libxml2.2.dylib 0x91cd0000 - 0x91cd0fff com.apple.Accelerate 1.3.1 (Accelerate 1.3.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x91cd2000 - 0x91d60fff com.apple.vImage 2.5 /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x91d67000 - 0x91d67fff com.apple.Accelerate.vecLib 3.3.1 (vecLib 3.3.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x91d69000 - 0x91dc2fff libvMisc.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x91dcb000 - 0x91deffff libvDSP.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x91df7000 - 0x92200fff libBLAS.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x9223a000 - 0x925eefff libLAPACK.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x9261b000 - 0x92708fff libiconv.2.dylib /usr/lib/libiconv.2.dylib 0x9270a000 - 0x92787fff com.apple.DesktopServices 1.3.6 /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x927c8000 - 0x929f8fff com.apple.Foundation 6.4.8 (567.29) /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x92b12000 - 0x92b29fff libGL.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x92b34000 - 0x92b8cfff libGLU.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x92ba0000 - 0x92ba0fff com.apple.Carbon 10.4 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x92ba2000 - 0x92bb2fff com.apple.ImageCapture 3.0.4 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x92bc1000 - 0x92bc9fff com.apple.speech.recognition.framework 3.6 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x92bcf000 - 0x92bd4fff com.apple.securityhi 2.0.1 (24742) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x92bda000 - 0x92c6bfff com.apple.ink.framework 101.2.1 (71) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x92c7f000 - 0x92c82fff com.apple.help 1.0.3 (32.1) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x92c85000 - 0x92ca3fff com.apple.openscripting 1.2.5 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x92cb5000 - 0x92cbbfff com.apple.print.framework.Print 5.2 (192.4) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x92cc1000 - 0x92d24fff com.apple.htmlrendering 66.1 (1.1.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x92d48000 - 0x92d89fff com.apple.NavigationServices 3.4.4 (3.4.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x92db0000 - 0x92dbdfff com.apple.audio.SoundManager 3.9.1 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x92dc4000 - 0x92dc9fff com.apple.CommonPanels 1.2.3 (73) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x92dce000 - 0x930c3fff com.apple.HIToolbox 1.4.9 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x931c9000 - 0x931d4fff com.apple.opengl 1.4.16 /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x931d9000 - 0x931f4fff com.apple.DirectoryService.Framework 3.2 /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x93264000 - 0x93264fff com.apple.Cocoa 6.4 (???) /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x93266000 - 0x9391cfff com.apple.AppKit 6.4.8 (824.42) /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x93c9d000 - 0x93d18fff com.apple.CoreData 91 (92.1) /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x93d51000 - 0x93e0bfff com.apple.audio.toolbox.AudioToolbox 1.4.5 /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x93e4e000 - 0x93e4efff com.apple.audio.units.AudioUnit 1.4.2 /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x93e50000 - 0x94011fff com.apple.QuartzCore 1.4.12 /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x94057000 - 0x94098fff libsqlite3.0.dylib /usr/lib/libsqlite3.0.dylib 0x940a0000 - 0x940dafff libGLImage.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x940df000 - 0x940f5fff com.apple.CoreVideo 1.4 /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x9418d000 - 0x941cbfff com.apple.vmutils 4.0.2 (93.1) /System/Library/PrivateFrameworks/vmutils.framework/Versions/A/vmutils 0x9420f000 - 0x94220fff com.apple.securityfoundation 2.2.1 (28150) /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x9422e000 - 0x9426cfff com.apple.securityinterface 2.2.1 (27695) /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x94288000 - 0x94297fff libCGATS.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x9429e000 - 0x942a9fff libCSync.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x942f5000 - 0x9430ffff libRIP.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x94315000 - 0x94614fff com.apple.QuickTime 7.1.6 /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime 0x94795000 - 0x948dbfff com.apple.AddressBook.framework 4.0.4 (485.1) /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x94967000 - 0x94976fff com.apple.DSObjCWrappers.Framework 1.1 /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x9497d000 - 0x949a6fff com.apple.LDAPFramework 1.4.2 (69.1.1) /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x949ac000 - 0x949bbfff libsasl2.2.dylib /usr/lib/libsasl2.2.dylib 0x949bf000 - 0x949e4fff libssl.0.9.7.dylib /usr/lib/libssl.0.9.7.dylib 0x949f0000 - 0x94a0dfff libresolv.9.dylib /usr/lib/libresolv.9.dylib 0x94d0e000 - 0x94d32fff libcurl.3.dylib /usr/lib/libcurl.3.dylib 0x95796000 - 0x957b9fff libxslt.1.dylib /usr/lib/libxslt.1.dylib 0x96068000 - 0x9607efff libJapaneseConverter.dylib /System/Library/CoreServices/Encodings/libJapaneseConverter.dylib 0x96a7b000 - 0x96a7bfff com.apple.vecLib 3.3.1 (vecLib 3.3.1) /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x970e6000 - 0x970ebfff com.apple.agl 2.5.9 (AGL-2.5.9) /System/Library/Frameworks/AGL.framework/Versions/A/AGL 0x9792b000 - 0x97936fff com.apple.CommonCandidateWindow 1.0.1 /System/Library/PrivateFrameworks/CommonCandidateWindow.framework/Versions/A/CommonCandidateWindow 0x98b3c000 - 0x99811fff com.apple.QuickTimeComponents.component 7.1.6 /System/Library/QuickTime/QuickTimeComponents.component/Contents/MacOS/QuickTimeComponents 0x9a732000 - 0x9a769fff com.apple.Syndication 1.0.6 (54) /System/Library/PrivateFrameworks/Syndication.framework/Versions/A/Syndication 0x9a785000 - 0x9a797fff com.apple.SyndicationUI 1.0.6 (54) /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI Model: MacBook1,1, BootROM MB11.0061.B03, 2 processors, Intel Core Duo, 2 GHz, 1 GB Graphics: Intel GMA 950, GMA 950, Built-In, spdisplays_integrated_vram Memory Module: BANK 0/DIMM0, 512 MB, DDR2 SDRAM, 667 MHz Memory Module: BANK 1/DIMM1, 512 MB, DDR2 SDRAM, 667 MHz AirPort: spairport_wireless_card_type_airport_extreme (0x168C, 0x86), 0.1.31.1 Bluetooth: Version 1.7.14f14, 2 service, 1 devices, 1 incoming serial ports Network Service: Built-in Ethernet, Ethernet, en0 Network Service: AirPort, AirPort, en1 Network Service: Parallels Host-Guest, Ethernet, en2 Network Service: Parallels NAT, Ethernet, en3 Serial ATA Device: WDC WD1200BEVS-00LAT0, 111.79 GB Parallel ATA Device: MATSHITADVD-R UJ-857, 792.89 MB USB Device: Built-in iSight, Micron, Up to 480 Mb/sec, 500 mA USB Device: IR Receiver, Apple Computer, Inc., Up to 12 Mb/sec, 500 mA USB Device: Apple Internal Keyboard / Trackpad, Apple Computer, Up to 12 Mb/sec, 500 mA USB Device: Bluetooth HCI, Up to 12 Mb/sec, 500 mA

> i have the Inquisitor plugin installed but i don't really think the > problem is related to it. Indeed, it's not immediately obvious how it could cause this problem - but since it doesn't happen for others, there's still some suspicion. Could you please try disabling Inquisitor, just to be sure?

Created attachment 14411 [details] Crash report

Comment on attachment 14411 [details] Crash report

Thank you for the additional information! A reproducible crash with Kotoeri would be a P1 bug (top priority), too bad we still cannot reproduce it on other machines. Here are some more questions that might help us isolate the problem: - Is you primary system language English, or some other one (as in System Preferences->International->Language)? - Does the crash happen after typing the very first character, no matter what it is? For example, does typing a space cause it? - Do other input methods (such as Hangul or Chinese) work in WebKit? - Did you make any changes to default Kotoeri settings before? - Will the crash still happen under a newly created user account? Looking at the code, it appears that the code path taken is the one for NSAttributedString with NSTextInputReplacementRangeAttributeName.

(In reply to comment #6) My primary system language is English and the bug occurs after typing the first character... I tried creating a new test account, the problem didn't occur the first time i had selected Katakana then Hiragana manually from the language menu at the top, the keyboard shortcuts didn't appear to work... but then i quit Webkit and entered again... i noticed the input menu still had the US flag so i switched it to Romaji manually (which keeps same behaviour as US input) and the keyboard shortcuts showed up on the language menu... then while typing inside a form I switched to the scripts using the keyboard shortcuts Ctrl+Shift+K and Ctrl+Shift+J and it crashed again at the next character... it appears to only happen when switching to the scripts using the keyboard shorcut... quite odd... it hadn't happened in any other program...

ok i kept testing a bit more... if i switch scripts using the keyboard shorcuts with focus on the address bar or search box and then type in a form i can successfuly input japanese normally... the problem only occurs when switching within a form input box... also if webkit starts already with another script selected it works perfectly too, unless i switch again while typing... I tried testing Hangul too but nothing seemed to be wrong, however i only switched manually cuz i didn't find any keyboard shortcuts...

That's a great detective work, thank you! Now I can reproduce the problem. Steps to reproduce: 1) Launch a WebKit nightly. 2) Switch to Kotoeri Romaji input mode. 3) Type www.google.com in the address bar, press Enter. A Google home page loads, and the focus moves to it. 4) Press Ctrl+Shift+J. I'm usually getting a crash at this point, although it's not quite 100%. According to the above comment, some typing may be needed, or maybe re-launching WebKit once more.

Created attachment 14492 [details] test case (DRT-only) This is a test case for the crash, which happens when Kotoeri gives us an incorrect replacement string. Now going to investigate why Kotoeri does that - it may well be a WebKit bug, too.

Fixing the crash by adding a null check is easy, but the behavior remains wrong (a new character appears when switching from Romaji; this character is actually the very first character from the page in question). This problem happens because NSTSMDocumentAccessEventHandler hacks around NSTextInput protocol by calling -[client string] or -[client textStorage] if those are available. In NSTextInput protocol methods, WebKit uses range indices relative to the current root editable element, so it is different from character indices of [WebHTMLView string], which is a WebKit API that converts the whole document to plain text. Doing otherwise would obviously ruin performance. Thus, any input method that tries to both read unmarked text from the document and to modify it will get unexpected results. We didn't see this in shipping Safari for a variety of reasons, most importantly, because forms were AppKit-based.

I think this should be resolved in cooperation with AppKit engineers.

The "big" issue with incompatible ranges was fixed by Oliver Hunt in r21728. I believe (but haven't yet verified) that this should fix the crash with Kotoeri, but not with the attached test case. If so, we probably just need to add a null check for extra safety now. Also, Oliver's fix did not include a test case; the attached one can be extended to check that correct text comes out of NSTextInput accessors.

/me materialises ap: I couldn't work out how to write a test case for that test, and if it isn't possible currently i certainly don't have time to extend drt -- i currently have a very chunky (and destined to be workaround/hack-fixed) bug in jianyi :( Anyhoo, having a quick look at this now -- certainly the null check may be necessary in the short term

ap: you're right my patch has fixed this bug, but your test case does still cause a crash Am moving to p2 as i can't see a way to trigger the crash without having using drt, although it does need to be fixed as we should allow an invalid range to cause a crash (the NSTextInput API even states that we should assume we'll be given bad ranges)

the browser doesnt crash anymore, however the behaviour on mode switching is not as expected... for example if you write some word in romaji (roman letters) mode and then switch to katakana the text you wrote before will change its script unless you type a space after it... and the same goes for japanese script modes, words you wrote before will change its script unless you type return after each one, which is unnecesary in some cases as there are generally no spaces in japanese

Are you sure? i don't see that -- it wouldn't have surprised me if it exists, we had to take a someone exciting approach to fix the kotoeri IM bug ap was referring to. I don't see what you describe when i do the following: 1. go to http://www.freetranslation.com/ 2. switch to romaji input 3. type (on us keyboard, in romaji input mode) "toukyou" which outputs "toukyou" 4. while still focused i switch to katakana -- no change in text -- once again i type "toukyou" now it produces "&#12488;&#12454;&#12461;&#12519;&#12454;” 5. without accepting (so the "&#12488;&#12454;&#12461;&#12519;&#12454;" is still marked) switch to hiragana input, type toukyou again, get &#12392;&#12358;&#12365;&#12423;&#12358;&#12288; 6. enter to confirm am left with ”toukyou&#12488;&#12454;&#12461;&#12519;&#12454;&#12392;&#12358;&#12365;&#12423;&#12358;” I've tested as much as i can (i know the behaviour "toukyou" from a previous bug) but i can't read any of these scripts, and don't actually use the IMs. If you can give specific instructions (similar to what i did) that would be great.

(In reply to comment #17) > If you can give specific instructions (similar to what i did) that would be > great. I think it would be better to open a new bug for this, as it is probably not directly related to the null check that we are going to add as a result of this bug.

i did same as oliver but i switched to katakana using the shortcut.... Ctrl+Shift+K (switching to katakana)... and Ctrl+Shift+; (switching to romaji) i tried it in comment box here before typing anything...

if you want to test the correct behaviour you could try it in any other app like TextEdit... as for opening a new bug i think its still related to the keyboard input mode switching shortcuts so its kind of the same thing...

(In reply to comment #14) > ap: I couldn't work out how to write a test case for that test Indeed, I was too optimistic, and it doesn't seem possible with existing DRT functionality.

Created attachment 14735 [details] add a null check (In reply to comment #20) > as for opening a new bug i think its still related to the keyboard input mode > switching shortcuts so its kind of the same thing... We normally do not try to track several problems in one bug, as this causes unnecessary confusion. Usually, it is not possible to guess whether the fixes will be related just by the fact that symptoms are - and in this particular case, fixes will likely be very different.

Comment on attachment 14735 [details] add a null check Is it better to not change the selection or clear the selection in this case?

Keeping an existing selection means that an invalid NSTextInputReplacementRangeAttributeName is treated the same a missing one, which seemed more logical to me. But I do not have any real reason to prefer one way to another.

Comment on attachment 14735 [details] add a null check r=me

Committed revision 21803. Daniel: Normally, I'd open a new bug for any remaining issues mentioned in the one being closed, but since the additional issues mentioned here could not be reproduced yet, I have to ask you to do that. Sorry for the inconvenience!

(In reply to comment #26) > Committed revision 21803. > > Daniel: Normally, I'd open a new bug for any remaining issues mentioned in the > one being closed, but since the additional issues mentioned here could not be > reproduced yet, I have to ask you to do that. Sorry for the inconvenience! > thank you i have just posted it as a new bug with a quick way to reproduce it here http://bugs.webkit.org/show_bug.cgi?id=13914

Daniel, can you verify this bug is fixed (if it no longer occurs choose the "Mark bug as VERIFIED" option above the message commit button.

Comment on attachment 14411 [details] Crash report (In reply to comment #4) > Created an attachment (id=14411) [review] > another problem report Renaming the description of this attachment to "Crash Report" since it violates the maximum length of descriptions in future Bugzilla versions. Here's the previous description: i have uninstalled the plugin but the issue remains, i have no idea what could be wrong... my safari isn't custumized any further... it keeps being the same kernel protection failure bad access exception... i'm attatching another problem report (the one after i removed inquisitor)