14128 – Webkit crashes in HIWebView.m Line 772 when moving window

Bug 14128 - Webkit crashes in HIWebView.m Line 772 when moving window

Summary: Webkit crashes in HIWebView.m Line 772 when moving window

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebKit Misc. (show other bugs)
Version:	523.x (Safari 3)
Hardware:	Mac OS X 10.4

Importance:	P1 Major
Assignee:	Nobody

URL:
Keywords:	InRadar, Regression

Depends on:
Blocks:

Reported:	2007-06-13 16:17 PDT by geoff kruse
Modified:	2007-06-18 17:15 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description geoff kruse 2007-06-13 16:17:36 PDT

Running a QT app that uses carbon webkit.  The webview is not visible and the application window is moved, this causes a crash.  The view returned by HIViewGetViewForMouseEvent() is null.  See the thread stack trace attached.

Thread 0 Crashed:
0   com.apple.HIToolbox  	0x92e097fd HIObjectIsOfClass + 13
1   com.apple.WebKit     	0x006b0da3 WindowHandler + 482
2   com.apple.HIToolbox  	0x92df0537 DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*) + 1093
3   com.apple.HIToolbox  	0x92defbdc SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*) + 304
4   com.apple.HIToolbox  	0x92df6fbc SendEventToEventTarget + 56
5   com.apple.HIToolbox  	0x92df744f ToolboxEventDispatcherHandler(OpaqueEventHandlerCallRef*, OpaqueEventRef*, void*) + 1169
6   com.apple.HIToolbox  	0x92df08ee DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*) + 2044
7   com.apple.HIToolbox  	0x92defbdc SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*) + 304
8   com.apple.HIToolbox  	0x92df6fbc SendEventToEventTarget + 56
9   QtGui                	0x0142c5ae qt_mac_send_event(QFlags<QEventLoop::ProcessEventsFlag>, OpaqueEventRef*, OpaqueWindowPtr*) + 86
10  QtGui                	0x014397f6 QEventDispatcherMac::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 624
11  QtCore               	0x01ef4fdf QCoreApplication::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 49
12  Whisher              	0x00197953 connection::utils::AbstractPacketsIOHandler::waitForResponse(QString const&, bool const&, bool const&) + 107
13  Whisher              	0x00197fc5 connection::utils::AbstractPacketsIOHandler::sendPacketAndWaitForResponse(connection::utils::WPacket&, bool const&) + 81
14  Whisher              	0x0018f2fb connection::server::ServerSession::sendPacketAndWaitForResponse(connection::utils::WPacket&, bool const&, bool const&, bool const&) + 337
15  Whisher              	0x00167e82 connection::server::AccessPointsConnector::logVisibleAccessPoints(QList<data::WiFiAccessPoint> const&) const + 382
16  Whisher              	0x00096ffa business::AccessPointsManager::logVisibleAccessPoints(QList<data::WiFiAccessPoint> const&) const + 36
17  Whisher              	0x000a110d MainWindow::processEvent(utils::Event const&) + 5205
18  Whisher              	0x00131821 MainWindow::qt_metacall(QMetaObject::Call, int, void**) + 273
19  QtCore               	0x01f0483b QMetaObject::activate(QObject*, int, int, void**) + 941
20  Whisher              	0x0016bd85 utils::EventProducer::fireEvent(utils::Event const&) const + 61
21  Whisher              	0x00142b94 business::GeneralServicesManager::processEvent(utils::Event const&) + 1092
22  Whisher              	0x0016f3f6 business::GeneralServicesManager::qt_metacall(QMetaObject::Call, int, void**) + 82
23  QtCore               	0x01f0483b QMetaObject::activate(QObject*, int, int, void**) + 941
24  Whisher              	0x0016bd85 utils::EventProducer::fireEvent(utils::Event const&) const + 61
25  Whisher              	0x0016f0fc connection::server::GeneralServicesConnector::processEvent(utils::Event const&) + 112
26  Whisher              	0x0019177d connection::server::GeneralServicesConnector::qt_metacall(QMetaObject::Call, int, void**) + 75
27  QtCore               	0x01f00f51 QMetaCallEvent::placeMetaCall(QObject*) + 43
28  QtCore               	0x01f02638 QObject::event(QEvent*) + 700
29  QtGui                	0x013e7006 QApplicationPrivate::notify_helper(QObject*, QEvent*) + 438
30  QtGui                	0x013e943d QApplication::notify(QObject*, QEvent*) + 255
31  QtCore               	0x01ef4f7b QCoreApplication::notifyInternal(QObject*, QEvent*) + 83
32  QtCore               	0x01ef6976 QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) + 672
33  QtCore               	0x01ef6ba1 QCoreApplication::sendPostedEvents(QObject*, int) + 33
34  QtGui                	0x014395e7 QEventDispatcherMac::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 97
35  QtCore               	0x01ef4b9c QEventLoop::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) + 54
36  QtCore               	0x01ef4cbb QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) + 109
37  QtCore               	0x01ef6c37 QCoreApplication::exec() + 147
38  Whisher              	0x000904e2 main + 2114
39  Whisher              	0x000084d2 _start + 216
40  Whisher              	0x000083f9 start + 41

Comment 1 geoff kruse 2007-06-13 16:37:15 PDT

Here is a crashing build of the app in question.  Note, not for public release.
http://wireless.kicks-ass.org/Whisher.app.zip

Comment 2 Mark Rowe (bdash) 2007-06-13 17:46:51 PDT

What steps need to be taken when using the application to reproduce the crash?

Comment 3 geoff kruse 2007-06-13 17:48:38 PDT

Launch the application and move the main window across the screen.  If that doesn't do it, "jiggle" the window a little.  The crash didn't occur before installing safari 3, however it does occur when with tot as well.

Comment 4 Matt Lilek 2007-06-13 18:02:29 PDT

Confirmed on Tiger (10.4.9 8P135) with Safari 3.0 Beta and r23484.

Comment 5 Mark Rowe (bdash) 2007-06-13 21:07:38 PDT

The code in question fails to check the return value of the call HIViewGetViewForMouseEvent, which leads to NULL being passed on to another API.  The fact HIViewGetViewForMouseEvent is returning an error indicates that the arguments it is being passed are in some way incorrect as the conditions in which it will fail are very limited.

Comment 6 geoff kruse 2007-06-13 22:51:48 PDT

This is similar to the setup I do in Qt taken from http://doc.trolltech.com/qq/qq20-hiviews.html

   WebWidget::WebWidget(QWidget *parent)
        : QWidget(parent)
    {
        HIViewRef webView;
        WebInitForCarbon();
        HIWebViewCreate(&webView);
        create(WId(webView));
    }

For some reason, it seems to cause problems?

Comment 7 Mark Rowe (bdash) 2007-06-18 10:59:32 PDT

<rdar://problem/5276271>

Comment 8 Mark Rowe (bdash) 2007-06-18 17:15:06 PDT

Kevin landed a fix for this in r23574.