11111 2006-10-01 16:18:55 -0700 Crash when dragging fixed position ::after pseudo-element 2006-12-18 10:06:52 -0800 1 1 1 Unclassified WebKit WebCore Misc. 420+ Mac OS X 10.4 RESOLVED WORKSFORME http://macrabbit.com/misc/webkit-drag-after-crash.html HasReduction, InRadar P1 Normal --- 1 misc webkit-unassigned ggaren mitz oldest_to_newest 56886 0 misc 2006-10-01 16:18:55 -0700 Crash occurs with Tiger Safari 419.3 and the latest nightly. 1. Open the page at http://macrabbit.com/misc/webkit-drag-after-crash.html 2. Hold down the mouse on the red rectangle 3. Drag around 4. Crash every time Crash only seems to occur if the pseudo-element has position:fixed. 56887 1 mitz 2006-10-01 16:42:00 -0700 This is very similar to bug 8521. Here, however, FrameView::handleMousePressEvent is the one assuming that targetNode is not 0. Thread 0 Crashed: 0 com.apple.WebCore 0x01de9164 WebCore::Node::renderer() const + 20 (Node.h:319) 1 com.apple.WebCore 0x01a1d7d0 WebCore::FrameView::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 456 (FrameView.cpp:596) 2 com.apple.WebCore 0x01a0a2e0 WebCore::FrameMac::mouseDown(NSEvent*) + 744 (FrameMac.mm:1988) 3 com.apple.WebCore 0x01a3e1f0 -[WebCoreFrameBridge mouseDown:] + 52 (WebCoreFrameBridge.mm:1062) 4 com.apple.WebKit 0x0036978c -[WebHTMLView mouseDown:] + 492 (WebHTMLView.m:2826) 5 com.apple.AppKit 0x93767890 -[NSWindow sendEvent:] + 4616 6 com.apple.Safari 0x00021734 0x1000 + 132916 7 com.apple.AppKit 0x937108d4 -[NSApplication sendEvent:] + 4172 8 com.apple.Safari 0x00021238 0x1000 + 131640 9 com.apple.AppKit 0x93707d10 -[NSApplication run] + 508 10 com.apple.AppKit 0x937f887c NSApplicationMain + 452 11 com.apple.Safari 0x0005c77c 0x1000 + 374652 12 com.apple.Safari 0x0005c624 0x1000 + 374308 46484 2 slewis 2006-11-08 14:14:30 -0800 radar 4173996 46444 3 slewis 2006-11-08 15:21:29 -0800 *** Bug 11435 has been marked as a duplicate of this bug. *** 46447 4 slewis 2006-11-08 15:37:54 -0800 actually radar 4827027 41393 5 ggaren 2006-12-18 09:38:04 -0800 Can't reproduce with latest nightly. 41383 6 mitz 2006-12-18 10:06:52 -0800 I get a very similar crash in TOT if I start dragging in the blue div and enter the red rect (crash log below). Geoff, is it OK to reopen this bug or do you want a new one? #0 0x015df950 in WebCore::Node::renderer (this=0x0) at Node.h:321 #1 0x011f9348 in WebCore::RenderLayer::autoscroll (this=0x6be430c) at /WebKit/WebCore/rendering/RenderLayer.cpp:874 #2 0x011fd50c in WebCore::RenderObject::autoscroll (this=0x6be69fc) at /WebKit/WebCore/rendering/RenderObject.cpp:701 #3 0x014e648c in WebCore::EventHandler::autoscrollTimerFired (this=0x2864310) at /WebKit/WebCore/page/EventHandler.cpp:413 #4 0x017e7558 in WebCore::Timer<WebCore::EventHandler>::fired (this=0x286434c) at Timer.h:96 #5 0x012ab2f4 in WebCore::TimerBase::fireTimers (fireTime=1166464534.121614, firingTimers=@0xbfffe6c0) at WebCore/platform/Timer.cpp:336 #6 0x012ab3c0 in WebCore::TimerBase::sharedTimerFired () at WebCore/platform/Timer.cpp:353 #7 0x012aa76c in timerFired () at WebCore/platform/mac/SharedTimerMac.cpp:46 #8 0x907f0550 in __CFRunLoopDoTimer () #9 0x907dcec8 in __CFRunLoopRun () #10 0x907dc47c in CFRunLoopRunSpecific () #11 0x93208740 in RunCurrentEventLoopInMode () #12 0x93207dd4 in ReceiveNextEventCommon () #13 0x93207c40 in BlockUntilNextEventMatchingListInMode () #14 0x9370bae4 in _DPSNextEvent () #15 0x9370b7a8 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] () #16 0x00006740 in ?? () #17 0x93707cec in -[NSApplication run] () #18 0x937f887c in NSApplicationMain () #19 0x0005c77c in ?? () #20 0x0005c624 in ?? ()