21046 2008-09-23 18:09:26 -0700 REGRESSSION: LayoutTests crashing in EventTargetNode::dispatchGenericEvent 2008-09-23 19:50:26 -0700 1 1 1 Unclassified WebKit DOM 528+ (Nightly build) Mac OS X 10.5 RESOLVED FIXED P1 Normal --- 1 simon.fraser zimmermann hyatt oldest_to_newest 92443 0 simon.fraser 2008-09-23 18:09:26 -0700 I'm seeing these layout tests fast/dom/HTMLDocument/activeElement.html -> crashed fast/dom/HTMLDocument/hasFocus.html -> crashed fast/events/5056619.html -> crashed fast/events/autoscroll-in-textfield.html -> crashed fast/events/autoscroll-with-non-scrollable-parent.html -> crashed (maybe others) crash here: Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000000 Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.WebCore 0x033f4248 WebCore::EventTargetNode::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 568 (EventTargetNode.cpp:238) 1 com.apple.WebCore 0x033f4a3f WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 339 (EventTargetNode.cpp:197) 2 com.apple.WebCore 0x0344d9dc WebCore::FrameView::scheduleEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTargetNode>, bool) + 108 (FrameView.cpp:929) 3 com.apple.WebCore 0x036f43df WebCore::RenderLayer::scrollToOffset(int, int, bool, bool) + 703 (RenderLayer.cpp:839) 4 com.apple.WebCore 0x03742eb6 WebCore::RenderTextControl::forwardEvent(WebCore::Event*) + 224 (RenderTextControl.cpp:874) 5 com.apple.WebCore 0x034966e5 WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event*) + 4197 (HTMLInputElement.cpp:1402) 6 com.apple.WebCore 0x033f47ec WebCore::EventTargetNode::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 2012 (EventTargetNode.cpp:311) 7 com.apple.WebCore 0x033f4a3f WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 339 (EventTargetNode.cpp:197) 8 com.apple.WebCore 0x033f610c WebCore::EventTargetNode::dispatchEventForType(WebCore::AtomicString const&, bool, bool) + 174 (EventTargetNode.cpp:585) 9 com.apple.WebCore 0x033f6158 WebCore::EventTargetNode::dispatchBlurEvent() + 52 (EventTargetNode.cpp:579) 10 com.apple.WebCore 0x03490af9 WebCore::HTMLInputElement::dispatchBlurEvent() + 159 (HTMLInputElement.cpp:262) 11 com.apple.WebCore 0x0339287e WebCore::Document::setFocusedNode(WTF::PassRefPtr<WebCore::Node>) + 640 (Document.cpp:2428) 12 com.apple.WebCore 0x034038e8 WebCore::FocusController::setFocusedNode(WebCore::Node*, WTF::PassRefPtr<WebCore::Frame>) + 696 (FocusController.cpp:280) 13 com.apple.WebCore 0x033e0f7b WebCore::Element::focus(bool) + 179 (Element.cpp:1156) 14 com.apple.WebCore 0x035804f1 WebCore::jsHTMLElementPrototypeFunctionFocus(JSC::ExecState*, JSC::JSObject*, JSC::JSValue*, JSC::ArgList const&) + 113 (JSHTMLElement.cpp:309) 15 com.apple.JavaScriptCore 0x004bab84 JSC::Machine::cti_op_call_NotJSFunction(void*) + 390 (Machine.cpp:4504) 16 ??? 0x06966340 0 + 110519104 17 com.apple.JavaScriptCore 0x004b913b JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue**) + 697 (Machine.cpp:975) 18 com.apple.JavaScriptCore 0x0040ee23 JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) + 139 (JSFunction.cpp:71) 19 com.apple.JavaScriptCore 0x0040eebf JSC::call(JSC::ExecState*, JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList const&) + 149 (CallData.cpp:39) 20 com.apple.WebCore 0x038c3fd4 WebCore::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 664 (JSEventListener.cpp:97) 21 com.apple.WebCore 0x0338e859 WebCore::Document::handleWindowEvent(WebCore::Event*, bool) + 281 (Document.cpp:2688) 22 com.apple.WebCore 0x033f37cf WebCore::EventTargetNode::dispatchWindowEvent(WTF::PassRefPtr<WebCore::Event>) + 265 (EventTargetNode.cpp:350) 23 com.apple.WebCore 0x033f6240 WebCore::EventTargetNode::dispatchWindowEvent(WebCore::AtomicString const&, bool, bool) + 168 (EventTargetNode.cpp:357) 24 com.apple.WebCore 0x033951d3 WebCore::Document::implicitClose() + 717 (Document.cpp:1557) 25 com.apple.WebCore 0x034326d2 WebCore::FrameLoader::checkCallImplicitClose() + 226 (FrameLoader.cpp:1351) 26 com.apple.WebCore 0x0343ee84 WebCore::FrameLoader::checkCompleted() + 268 (FrameLoader.cpp:1306) 27 com.apple.WebCore 0x0343e78a WebCore::FrameLoader::completed() + 156 (FrameLoader.cpp:2032) 28 com.apple.WebCore 0x0343eee2 WebCore::FrameLoader::checkCompleted() + 362 (FrameLoader.cpp:1310) 29 com.apple.WebCore 0x034418ff WebCore::FrameLoader::finishedParsing() + 87 (FrameLoader.cpp:1254) 30 com.apple.WebCore 0x03391e58 WebCore::Document::finishedParsing() + 174 (Document.cpp:3813) 31 com.apple.WebCore 0x034bacbf WebCore::HTMLParser::finished() + 205 (HTMLParser.cpp:1556) 32 com.apple.WebCore 0x034d1b7b WebCore::HTMLTokenizer::end() + 301 (HTMLTokenizer.cpp:1849) 33 com.apple.WebCore 0x034d1f35 WebCore::HTMLTokenizer::finish() + 929 (HTMLTokenizer.cpp:1890) 34 com.apple.WebCore 0x0338bb30 WebCore::Document::finishParsing() + 40 (Document.cpp:1700) 35 com.apple.WebCore 0x0343f073 WebCore::FrameLoader::endIfNotLoadingMainResource() + 153 (FrameLoader.cpp:1075) 36 com.apple.WebCore 0x0343f0a9 WebCore::FrameLoader::end() + 27 (FrameLoader.cpp:1060) 37 com.apple.WebCore 0x033bd60c WebCore::DocumentLoader::finishedLoading() + 76 (DocumentLoader.cpp:345) 38 com.apple.WebCore 0x03439fda WebCore::FrameLoader::finishedLoading() + 72 (FrameLoader.cpp:2962) 39 com.apple.WebCore 0x03655bd1 WebCore::MainResourceLoader::didFinishLoading() + 207 (MainResourceLoader.cpp:321) 40 com.apple.WebCore 0x0376e832 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) + 24 (ResourceLoader.cpp:399) 41 com.apple.WebCore 0x0376be10 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 160 (ResourceHandleMac.mm:530) 42 com.apple.Foundation 0x9026e3f7 -[NSURLConnection(NSURLConnectionReallyInternal) sendDidFinishLoading] + 87 43 com.apple.Foundation 0x9026e363 _NSURLConnectionDidFinishLoading + 147 44 com.apple.CFNetwork 0x9565fcef sendDidFinishLoadingCallback + 148 45 com.apple.CFNetwork 0x9565cdd6 _CFURLConnectionSendCallbacks + 2022 46 com.apple.CFNetwork 0x9565c573 muxerSourcePerform + 283 47 com.apple.CoreFoundation 0x9496b615 CFRunLoopRunSpecific + 3141 48 com.apple.CoreFoundation 0x9496bcf8 CFRunLoopRunInMode + 88 49 com.apple.Foundation 0x9023d4a5 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 213 50 DumpRenderTree 0x00005e8c runTest(char const*) + 928 51 DumpRenderTree 0x00006227 runTestingServerLoop() + 73 52 DumpRenderTree 0x00006344 dumpRenderTree(int, char const**) + 240 53 DumpRenderTree 0x000064fc main + 94 (DumpRenderTree.mm:538) 54 DumpRenderTree 0x00002822 start + 54 92446 1 23737 zimmermann 2008-09-23 19:13:23 -0700 Created attachment 23737 Fix crashes Oops, my fault. Off-by-one while moving around EventTarget code. 92451 2 23737 eric 2008-09-23 19:22:40 -0700 Comment on attachment 23737 Fix crashes Looks fine. 92453 3 zimmermann 2008-09-23 19:50:26 -0700 Landed in r36838. 23737 2008-09-23 19:13:23 -0700 2008-09-23 19:22:40 -0700 Fix crashes FixCrashes.diff text/plain 2364 zimmermann SW5kZXg6IENoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBDaGFuZ2VMb2cJKHJldmlzaW9uIDM2ODM3 KQorKysgQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTcgQEAKKzIwMDgtMDkt MjMgIE5pa29sYXMgWmltbWVybWFubiAgPHppbW1lcm1hbm5Aa2RlLm9yZz4KKworICAgICAgICBS ZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBGaXhlczogaHR0cHM6Ly9idWdz LndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTIxMDQ2IChTZXZlcmFsIExheW91dFRlc3RzIGNy YXNoKQorICAgICAgICBGaXggbWlzc2luZyBuZWdhdGlvbiBpbiBFdmVudFRhcmdldE5vZGU6Omlu c2VydGVkSW50b0RvY3VtZW50LgorICAgICAgICBNYWRlIGhhbmRsZUxvY2FsRXZlbnRzKCkgdmly dHVhbCBhZ2FpbiwgSFRNTEZvcm1FbGVtZW50IG92ZXJyaWRlcyBpdC4KKyAgICAgICAgUmVtb3Zl IGNvZGUsIHRoYXQgd2Fzbid0IHN1cHBvc2VkIHRvIGdvIGluIGluIGRpc3BhdGNoR2VuZXJpY0V2 ZW50KCkuCisKKyAgICAgICAgKiBkb20vRXZlbnRUYXJnZXROb2RlLmNwcDoKKyAgICAgICAgKFdl YkNvcmU6OkV2ZW50VGFyZ2V0Tm9kZTo6aW5zZXJ0ZWRJbnRvRG9jdW1lbnQpOgorICAgICAgICAo V2ViQ29yZTo6RXZlbnRUYXJnZXROb2RlOjpkaXNwYXRjaEdlbmVyaWNFdmVudCk6CisgICAgICAg ICogZG9tL0V2ZW50VGFyZ2V0Tm9kZS5oOgorCiAyMDA4LTA5LTIzICBUaW1vdGh5IEhhdGNoZXIg IDx0aW1vdGh5QGFwcGxlLmNvbT4KIAogICAgICAgICBBZGRzIHNlYXJjaCBzdXBwb3J0IHRvIHRo ZSBQcm9maWxlcyBwYW5lbC4KSW5kZXg6IGRvbS9FdmVudFRhcmdldE5vZGUuY3BwCj09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT0KLS0tIGRvbS9FdmVudFRhcmdldE5vZGUuY3BwCShyZXZpc2lvbiAzNjgyNCkKKysrIGRvbS9F dmVudFRhcmdldE5vZGUuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC03NCw3ICs3NCw3IEBAIEV2ZW50 VGFyZ2V0Tm9kZTo6fkV2ZW50VGFyZ2V0Tm9kZSgpCiAKIHZvaWQgRXZlbnRUYXJnZXROb2RlOjpp bnNlcnRlZEludG9Eb2N1bWVudCgpCiB7Ci0gICAgaWYgKG1fcmVnZExpc3RlbmVycyAmJiBtX3Jl Z2RMaXN0ZW5lcnMtPmlzRW1wdHkoKSkKKyAgICBpZiAobV9yZWdkTGlzdGVuZXJzICYmICFtX3Jl Z2RMaXN0ZW5lcnMtPmlzRW1wdHkoKSkKICAgICAgICAgZG9jdW1lbnQoKS0+dW5yZWdpc3RlckRp c2Nvbm5lY3RlZE5vZGVXaXRoRXZlbnRMaXN0ZW5lcnModGhpcyk7CiAKICAgICBOb2RlOjppbnNl cnRlZEludG9Eb2N1bWVudCgpOwpAQCAtMjEwLDEwICsyMTAsNiBAQCBib29sIEV2ZW50VGFyZ2V0 Tm9kZTo6ZGlzcGF0Y2hHZW5lcmljRXZlCiAKICAgICBpZiAoaW5Eb2N1bWVudCgpKSB7CiAgICAg ICAgIGZvciAoTm9kZSogbiA9IHRoaXM7IG47IG4gPSBuLT5ldmVudFBhcmVudE5vZGUoKSkgewot ICAgICAgICAgICAgLy8gPHVzZT4gc2hhZG93IHRyZWVzIGFyZSBvd25lZCBieSBhbiBpbnZpc2li bGUgcm9vdCBlbGVtZW50LCBza2lwIGl0Ci0gICAgICAgICAgICBpZiAobi0+aXNTaGFkb3dOb2Rl KCkpCi0gICAgICAgICAgICAgICAgY29udGludWU7Ci0KICAgICAgICAgICAgIG4tPnJlZigpOwog ICAgICAgICAgICAgbm9kZUNoYWluLnByZXBlbmQobik7CiAgICAgICAgIH0KSW5kZXg6IGRvbS9F dmVudFRhcmdldE5vZGUuaAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBkb20vRXZlbnRUYXJnZXROb2RlLmgJKHJl dmlzaW9uIDM2ODI0KQorKysgZG9tL0V2ZW50VGFyZ2V0Tm9kZS5oCSh3b3JraW5nIGNvcHkpCkBA IC03Myw3ICs3Myw3IEBAIHB1YmxpYzoKICAgICBib29sIGRpc3BhdGNoV2ViS2l0VHJhbnNpdGlv bkV2ZW50KGNvbnN0IEF0b21pY1N0cmluZyYgZXZlbnRUeXBlLCBjb25zdCBTdHJpbmcmIHByb3Bl cnR5TmFtZSwgZG91YmxlIGVsYXBzZWRUaW1lKTsKICAgICBib29sIGRpc3BhdGNoR2VuZXJpY0V2 ZW50KFBhc3NSZWZQdHI8RXZlbnQ+LCBFeGNlcHRpb25Db2RlJiwgYm9vbCB0ZW1wRXZlbnQpOwog Ci0gICAgdm9pZCBoYW5kbGVMb2NhbEV2ZW50cyhFdmVudCosIGJvb2wgdXNlQ2FwdHVyZSk7Cisg ICAgdmlydHVhbCB2b2lkIGhhbmRsZUxvY2FsRXZlbnRzKEV2ZW50KiwgYm9vbCB1c2VDYXB0dXJl KTsKIAogICAgIHZpcnR1YWwgdm9pZCBkaXNwYXRjaEZvY3VzRXZlbnQoKTsKICAgICB2aXJ0dWFs IHZvaWQgZGlzcGF0Y2hCbHVyRXZlbnQoKTsK