RESOLVED FIXED 8521
crash bringing up context menu with CSS generated content 
https://bugs.webkit.org/show_bug.cgi?id=8521
Summary crash bringing up context menu with CSS generated content
Michael Gardner
Reported 2006-04-21 12:55:05 PDT
Try to open a context menu on http://lofotenmoose.info/css/destroy/origami.xhtml, and Safari will crash immediately. The page uses advanced CSS generated content techniques, which seems likely to be the cause of the crash.
Attachments
Reduced test case (609 bytes, application/xhtml+xml)
2006-04-22 04:53 PDT, jonathanjohnsson 		no flags
Details
further reduced testcase (256 bytes, text/html)
2006-05-07 12:19 PDT, Joost de Valk (AlthA) 		no flags
Details
patch (839 bytes, patch)
2006-05-09 22:53 PDT, Darin Adler 		adele: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2006-04-22 01:35:31 PDT
Thread 0 Crashed: 0 com.apple.WebCore 0x018aec2c WebCore::FrameMac::sendContextMenuEvent(NSEvent*) + 756 (FrameMac.mm:2140) 1 com.apple.WebCore 0x018da460 -[WebCoreFrameBridge sendContextMenuEvent:] + 52 (WebCoreFrameBridge.mm:1047) 2 com.apple.WebKit 0x0037d070 -[WebHTMLView menuForEvent:] + 152 (WebHTMLView.m:2408) 3 com.apple.AppKit 0x936e8e50 -[NSWindow sendEvent:] + 4520 4 com.apple.Safari 0x00022160 0x1000 + 135520 5 com.apple.AppKit 0x93691ef4 -[NSApplication sendEvent:] + 4172 6 com.apple.Safari 0x00021c64 0x1000 + 134244 7 com.apple.AppKit 0x93689330 -[NSApplication run] + 508 8 com.apple.AppKit 0x93779e68 NSApplicationMain + 452
jonathanjohnsson
Comment 2 2006-04-22 04:53:34 PDT
Created attachment 7909 [details] Reduced test case This is a reduced test case, though I'm not sure it displays all of the original problems of this bug. Right clicking on the blue or the right square crashes Safari. It's the "html::before" and "html::after" selectors that are responsible. As a note, Firefox renders this entirely different.
Joost de Valk (AlthA)
Comment 3 2006-05-07 12:19:07 PDT
Created attachment 8147 [details] further reduced testcase I think this is quite minimal...
Darin Adler
Comment 4 2006-05-09 08:52:36 PDT
The problem is simply that WebCore::FrameMac::sendContextMenuEvent assumes targetNode is not 0. Easy to fix.
Darin Adler
Comment 5 2006-05-09 22:53:28 PDT
Created attachment 8196 [details] patch
Darin Adler
Comment 6 2006-05-12 09:45:06 PDT
Committed revision 14324.
Note You need to log in before you can comment on or make changes to this bug.