12580 2007-02-04 04:06:47 -0800 ASSERT failure and crash right-clicking on image in SVG use test 2007-02-11 23:31:37 -0800 1 1 1 Unclassified WebKit SVG 420+ Mac OS X 10.4 RESOLVED FIXED http://www.w3.org/Graphics/SVG/Test/20061213/htmlEmbedHarness/full-struct-use-01-t.html InRadar, NeedsReduction P1 Normal --- 1 eric webkit-unassigned aroben zimmermann oldest_to_newest 28655 0 eric 2007-02-04 04:06:47 -0800 ASSERT failure and crash right-clicking on image in SVG use test Right-click on the (gradient) image in the test case. Safari hits an ASSERT: ASSERTION FAILED: this (/Stuff/Projects/WebKit/WebCore/dom/Node.h:274 WebCore::Document* WebCore::Node::document() const) and crashes: Date/Time: 2007-02-04 03:54:08.734 -0800 OS Version: 10.4.8 (Build 8L2127) Report Version: 4 Command: Safari Path: /Applications/Safari.app/Contents/MacOS/Safari Parent: zsh [367] Version: 2.0.4 (419.3) Build Version: 2 Project Name: WebBrowser Source Version: 4190300 PID: 6482 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0xbbadbeef Thread 0 Crashed: 0 com.apple.WebCore 0x014d4831 WebCore::Node::document() const + 65 (Node.h:274) 1 com.apple.WebCore 0x013f2358 WebCore::ContextMenuController::handleContextMenuEvent(WebCore::Event*) + 216 (ContextMenuController.cpp:79) 2 com.apple.WebCore 0x0122f438 WebCore::EventTargetNode::defaultEventHandler(WebCore::Event*) + 392 (EventTargetNode.cpp:587) 3 com.apple.WebCore 0x0122d68d WebCore::EventTargetNode::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 1965 (EventTargetNode.cpp:263) 4 com.apple.WebCore 0x0122eff7 WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool, WebCore::EventTarget*) + 329 (EventTargetNode.cpp:305) 5 com.apple.WebCore 0x0105f785 WebCore::SVGElement::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 235 (SVGElement.cpp:236) 6 com.apple.WebCore 0x0122de07 WebCore::EventTargetNode::dispatchMouseEvent(WebCore::AtomicString const&, int, int, int, int, int, int, bool, bool, bool, bool, bool, WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) + 691 (EventTargetNode.cpp:467) 7 com.apple.WebCore 0x0122e539 WebCore::EventTargetNode::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WebCore::AtomicString const&, int, WebCore::Node*) + 533 (EventTargetNode.cpp:394) 8 com.apple.WebCore 0x013ed1a8 WebCore::EventHandler::dispatchMouseEvent(WebCore::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 572 (EventHandler.cpp:1075) 9 com.apple.WebCore 0x013ed521 WebCore::EventHandler::sendContextMenuEvent(WebCore::PlatformMouseEvent) + 439 (EventHandler.cpp:1172) 10 com.apple.WebKit 0x0033b78b -[WebHTMLView menuForEvent:] + 265 (WebHTMLView.mm:2565) 11 com.apple.AppKit 0x9372780e -[NSView rightMouseDown:] + 63 12 com.apple.AppKit 0x935de9d3 -[NSControl _rightMouseUpOrDown:] + 519 13 com.apple.AppKit 0x9334cbe1 -[NSWindow sendEvent:] + 7377 14 com.apple.Safari 0x0002338e 0x1000 + 140174 15 com.apple.AppKit 0x9333e350 -[NSApplication sendEvent:] + 5023 16 com.apple.Safari 0x00022f1e 0x1000 + 139038 17 com.apple.AppKit 0x93268dfe -[NSApplication run] + 547 18 com.apple.AppKit 0x9325cd2f NSApplicationMain + 573 19 com.apple.Safari 0x0005f7de 0x1000 + 387038 20 com.apple.Safari 0x0005f6f9 0x1000 + 386809 27653 1 mjs 2007-02-04 11:50:54 -0800 <rdar://problem/4975133> 26774 2 eric 2007-02-06 05:09:04 -0800 I have a patch to fix the crash. I'm not sure if it's the "correct" way to fix this though. WildFox should comment. 26775 3 12968 eric 2007-02-06 05:09:54 -0800 Created attachment 12968 fix the crash Wildfox needs to comment on this before it should go up for review. 24739 4 12968 mjs 2007-02-09 06:03:31 -0800 Comment on attachment 12968 fix the crash I think this should stand for review as-is. 24677 5 zimmermann 2007-02-09 13:19:42 -0800 Totally fine with me! Thanks for investigating... Niko 24536 6 12968 andersca 2007-02-09 17:08:09 -0800 Comment on attachment 12968 fix the crash r=me 24493 7 sam 2007-02-10 11:22:00 -0800 This needs at least a changelog, and preferably a test to go with it. 24146 8 13124 ddkilzer 2007-02-11 14:20:01 -0800 Created attachment 13124 Manual test case Here is a manual test case. Is there a way to simulate a right-click from an automated layout test? 24100 9 mjs 2007-02-11 19:11:27 -0800 I don't think there is a way, but it should be easily doable by extending eventSender. However, the manual test seems fine for now. 12968 2007-02-06 05:09:54 -0800 2007-02-09 17:08:09 -0800 fix the crash crash.patch text/plain 2427 eric SW5kZXg6IGJpbmRpbmdzL2pzL2tqc19kb20uY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIGJpbmRpbmdzL2pz L2tqc19kb20uY3BwCShyZXZpc2lvbiAxOTQyNikKKysrIGJpbmRpbmdzL2pzL2tqc19kb20uY3Bw CSh3b3JraW5nIGNvcHkpCkBAIC0xMDM0LDYgKzEwMzQsMTMgQEAgSlNWYWx1ZSogdG9KUyhFeGVj U3RhdGUqIGV4ZWMsIEV2ZW50VGFyZwogICAgIGlmICghdGFyZ2V0KQogICAgICAgICByZXR1cm4g anNOdWxsKCk7CiAgICAgCisjaWZkZWYgU1ZHX1NVUFBPUlQKKyAgICAvLyBTVkdFbGVtZW50SW5z dGFuY2Ugc3VwcG9ydHMgYm90aCB0b1NWR0VsZW1lbnRJbnN0YW5jZSBhbmQgdG9Ob2RlIHNpbmNl IHNvIG11Y2ggbW91c2UgaGFuZGxpbmcgY29kZSBkZXBlbmRzIG9uIHRvTm9kZSByZXR1cm5pbmcg YSB2YWxpZCBub2RlLgorICAgIFNWR0VsZW1lbnRJbnN0YW5jZSogaW5zdGFuY2UgPSB0YXJnZXQt PnRvU1ZHRWxlbWVudEluc3RhbmNlKCk7CisgICAgaWYgKGluc3RhbmNlKQorICAgICAgICByZXR1 cm4gdG9KUyhleGVjLCBpbnN0YW5jZSk7CisjZW5kaWYKKyAgICAKICAgICBOb2RlKiBub2RlID0g dGFyZ2V0LT50b05vZGUoKTsKICAgICBpZiAobm9kZSkKICAgICAgICAgcmV0dXJuIHRvSlMoZXhl Yywgbm9kZSk7CkBAIC0xMDQ1LDEyICsxMDUyLDYgQEAgSlNWYWx1ZSogdG9KUyhFeGVjU3RhdGUq IGV4ZWMsIEV2ZW50VGFyZwogICAgICAgICByZXR1cm4gaW50ZXJwLT5nZXRET01PYmplY3QoeGhy KTsKICAgICB9CiAKLSNpZmRlZiBTVkdfU1VQUE9SVAotICAgIFNWR0VsZW1lbnRJbnN0YW5jZSog aW5zdGFuY2UgPSB0YXJnZXQtPnRvU1ZHRWxlbWVudEluc3RhbmNlKCk7Ci0gICAgaWYgKGluc3Rh bmNlKQotICAgICAgICByZXR1cm4gdG9KUyhleGVjLCBpbnN0YW5jZSk7Ci0jZW5kaWYKLQogICAg IC8vIFRoZXJlIGFyZSB0d28ga2luZHMgb2YgRXZlbnRUYXJnZXRzOiBFdmVudFRhcmdldE5vZGUg YW5kIFhNTEh0dHBSZXF1ZXN0LgogICAgIC8vIElmIFNWRyBzdXBwb3J0IGlzIGVuYWJsZWQsIHRo ZXJlIGlzIGFsc28gU1ZHRWxlbWVudEluc3RhbmNlLgogICAgIEFTU0VSVCgwKTsKSW5kZXg6IGtz dmcyL3N2Zy9TVkdFbGVtZW50SW5zdGFuY2UuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIGtzdmcyL3N2Zy9T VkdFbGVtZW50SW5zdGFuY2UuY3BwCShyZXZpc2lvbiAxOTQyNikKKysrIGtzdmcyL3N2Zy9TVkdF bGVtZW50SW5zdGFuY2UuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0xODAsNiArMTgwLDExIEBAIFNW R0VsZW1lbnRJbnN0YW5jZSogU1ZHRWxlbWVudEluc3RhbmNlOjoKICAgICByZXR1cm4gdGhpczsK IH0KIAorRXZlbnRUYXJnZXROb2RlKiBTVkdFbGVtZW50SW5zdGFuY2U6OnRvTm9kZSgpCit7Cisg ICAgcmV0dXJuIG1fZWxlbWVudC5nZXQoKTsKK30KKwogdm9pZCBTVkdFbGVtZW50SW5zdGFuY2U6 OmFkZEV2ZW50TGlzdGVuZXIoY29uc3QgQXRvbWljU3RyaW5nJiBldmVudFR5cGUsIFBhc3NSZWZQ dHI8RXZlbnRMaXN0ZW5lcj4gZXZlbnRMaXN0ZW5lciwgYm9vbCB1c2VDYXB0dXJlKQogewogICAg IC8vIEZJWE1FIQpJbmRleDoga3N2ZzIvc3ZnL1NWR0VsZW1lbnRJbnN0YW5jZS5oCj09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT0KLS0tIGtzdmcyL3N2Zy9TVkdFbGVtZW50SW5zdGFuY2UuaAkocmV2aXNpb24gMTk0MjYpCisr KyBrc3ZnMi9zdmcvU1ZHRWxlbWVudEluc3RhbmNlLmgJKHdvcmtpbmcgY29weSkKQEAgLTY2LDYg KzY2LDggQEAgbmFtZXNwYWNlIFdlYkNvcmUgewogICAgICAgICB2b2lkIHNldFBhcmVudChTVkdF bGVtZW50SW5zdGFuY2UqIHBhcmVudCkgeyBtX3BhcmVudCA9IHBhcmVudDsgfQogICAgICAgICBT VkdFbGVtZW50SW5zdGFuY2UqIHBhcmVudCgpIGNvbnN0IHsgcmV0dXJuIG1fcGFyZW50OyB9CiAK KyAgICAgICAgLy8gU1ZHRWxlbWVudEluc3RhbmNlIHN1cHBvcnRzIGJvdGggdG9TVkdFbGVtZW50 SW5zdGFuY2UgYW5kIHRvTm9kZSBzaW5jZSBzbyBtdWNoIG1vdXNlIGhhbmRsaW5nIGNvZGUgZGVw ZW5kcyBvbiB0b05vZGUgcmV0dXJuaW5nIGEgdmFsaWQgbm9kZS4KKyAgICAgICAgdmlydHVhbCBF dmVudFRhcmdldE5vZGUqIHRvTm9kZSgpOwogICAgICAgICB2aXJ0dWFsIFNWR0VsZW1lbnRJbnN0 YW5jZSogdG9TVkdFbGVtZW50SW5zdGFuY2UoKTsKIAogICAgICAgICB2aXJ0dWFsIHZvaWQgYWRk RXZlbnRMaXN0ZW5lcihjb25zdCBBdG9taWNTdHJpbmcmIGV2ZW50VHlwZSwgUGFzc1JlZlB0cjxF dmVudExpc3RlbmVyPiwgYm9vbCB1c2VDYXB0dXJlKTsK 13124 2007-02-11 14:20:01 -0800 2007-02-11 19:13:36 -0800 Manual test case bug-12580-test.svg image/svg+xml 1077 ddkilzer PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz4NCjwhRE9DVFlQRSBzdmcgUFVC TElDICItLy9XM0MvL0RURCBTVkcgMS4xIFRpbnkvL0VOIiAiaHR0cDovL3d3dy53My5vcmcvR3Jh cGhpY3MvU1ZHLzEuMS9EVEQvc3ZnMTEtdGlueS5kdGQiPg0KDQo8c3ZnIHhtbG5zPSJodHRwOi8v d3d3LnczLm9yZy8yMDAwL3N2ZyIgeG1sbnM6eGxpbms9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkv eGxpbmsiIHZlcnNpb249IjEuMSIgYmFzZVByb2ZpbGU9InRpbnkiIGlkPSJzdmctcm9vdCIgd2lk dGg9IjEwMCUiIGhlaWdodD0iMTAwJSIgdmlld0JveD0iMCAwIDQ4MCAzNjAiPg0KICAgIDxnIGlk PSJ0ZXN0LWJvZHktY29udGVudCI+DQogICAgICAgIDxkZWZzPg0KICAgICAgICAgICAgPGcgZmls bD0icmVkIiBzdHJva2U9InllbGxvdyIgc3Ryb2tlLXdpZHRoPSIzIj4NCiAgICAgICAgICAgICAg ICA8cmVjdCBpZD0idXNlZFJlY3QiIHdpZHRoPSI0MCIgaGVpZ2h0PSI0MCIvPg0KICAgICAgICAg ICAgPC9nPg0KICAgICAgICA8L2RlZnM+DQogICAgICAgIDxnPg0KICAgICAgICAgICAgPGcgaWQ9 ImxhYmVscyIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMzMwLCA0MCkiIGZvbnQtc2l6ZT0iMTIiIHRl eHQtYW5jaG9yPSJlbmQiPg0KICAgICAgICAgICAgICAgIDx0ZXh0PlJpZ2h0LWNsaWNraW5nIG9u IGdyZWVuIGJveCB1c2luZyBhIGRlYnVnIGJ1aWxkPC90ZXh0Pg0KICAgICAgICAgICAgPC9nPg0K ICAgICAgICAgICAgPGcgaWQ9ImxhYmVscyIgdHJhbnNmb3JtPSJ0cmFuc2xhdGUoMzMwLCA1NCki IGZvbnQtc2l6ZT0iMTIiIHRleHQtYW5jaG9yPSJlbmQiPg0KICAgICAgICAgICAgICAgIDx0ZXh0 PnNob3VsZCBub3QgY2F1c2UgYW4gYXNzZXJ0IChCdWd6aWxsYSBCdWcgMTI1ODApPC90ZXh0Pg0K ICAgICAgICAgICAgPC9nPg0KICAgICAgICA8L2c+DQogICAgICAgIDxnIHRyYW5zZm9ybT0idHJh bnNsYXRlKDM1MCwgMjUpIj4NCiAgICAgICAgICAgIDx1c2UgeGxpbms6aHJlZj0iI3VzZWRSZWN0 IiBmaWxsPSIjMEYwIi8+DQogICAgICAgIDwvZz4NCiAgICA8L2c+DQoNCjwvc3ZnPg0K