42020 2010-07-09 22:06:53 -0700 Crash beneath setSelection() during detach() 2010-07-16 14:02:19 -0700 1 1 1 Unclassified WebKit Layout and Rendering 528+ (Nightly build) All All RESOLVED FIXED InRadar P2 Normal --- 1 mitz webkit-unassigned oldest_to_newest 249472 0 mitz 2010-07-09 22:06:53 -0700 <rdar://problem/7527532> Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000 0 com.apple.WebCore 0x00007fff82fc4e1b WebCore::RenderBox::availableHeightUsing(WebCore::Length const&) const + 507 1 com.apple.WebCore 0x00007fff82fc4c0f WebCore::RenderBox::availableHeight() const + 31 2 com.apple.WebCore 0x00007fff82fc4c0f WebCore::RenderBox::availableHeight() const + 31 3 com.apple.WebCore 0x00007fff82fc4b41 WebCore::RenderBoxModelObject::relativePositionOffsetY() const + 129 4 com.apple.WebCore 0x00007fff82f47b05 WebCore::RenderBox::offsetFromContainer(WebCore::RenderObject*, WebCore::IntPoint const&) const + 261 5 com.apple.WebCore 0x00007fff82fc6643 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderBoxModelObject*, bool, bool, WebCore::TransformState&) const + 275 6 com.apple.WebCore 0x00007fff82fc67c8 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderBoxModelObject*, bool, bool, WebCore::TransformState&) const + 664 7 com.apple.WebCore 0x00007fff82fc67c8 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderBoxModelObject*, bool, bool, WebCore::TransformState&) const + 664 8 com.apple.WebCore 0x00007fff82fc67c8 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderBoxModelObject*, bool, bool, WebCore::TransformState&) const + 664 9 com.apple.WebCore 0x00007fff83108873 WebCore::RenderBlock::selectionGapRectsForRepaint(WebCore::RenderBoxModelObject*) + 259 10 com.apple.WebCore 0x00007fff82ed9eb2 WebCore::RenderView::setSelection(WebCore::RenderObject*, int, WebCore::RenderObject*, int, WebCore::RenderView::SelectionRepaintMode) + 1298 11 com.apple.WebCore 0x00007fff82efc470 WebCore::RenderObjectChildList::removeChildNode(WebCore::RenderObject*, WebCore::RenderObject*, bool) + 592 12 com.apple.WebCore 0x00007fff830d4224 WebCore::RenderBlock::moveAllChildrenTo(WebCore::RenderObject*, WebCore::RenderObjectChildList*) + 68 13 com.apple.WebCore 0x00007fff82efbe2a WebCore::RenderBlock::removeChild(WebCore::RenderObject*) + 650 14 com.apple.WebCore 0x00007fff82efba79 WebCore::RenderObject::destroy() + 137 15 com.apple.WebCore 0x00007fff82efb947 WebCore::RenderBox::destroy() + 71 16 com.apple.WebCore 0x00007fff82efb6c3 WebCore::Node::detach() + 35 17 com.apple.WebCore 0x00007fff82efb57b WebCore::Element::detach() + 107 18 com.apple.WebCore 0x00007fff82fcf1d7 WebCore::ContainerNode::removeChild(WebCore::Node*, int&) + 263 … Patch forthcoming. 249473 1 61142 mitz 2010-07-09 22:16:19 -0700 Created attachment 61142 Avoid calls to localToAbsolute() from clearSelection() 252689 2 mitz 2010-07-16 14:02:19 -0700 Fixed in <http://trac.webkit.org/projects/webkit/changeset/63579>. 61142 2010-07-09 22:16:19 -0700 2010-07-16 13:24:51 -0700 Avoid calls to localToAbsolute() from clearSelection() 42020_r1.diff text/plain 2843 mitz SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA2MzA0MSkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTcgQEAKKzIwMTAtMDctMDkgIERhbiBCZXJuc3RlaW4gIDxtaXR6QGFwcGxlLmNv bT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICA8cmRh cjovL3Byb2JsZW0vNzUyNzUzMj4gQ3Jhc2ggYmVuZWF0aCBzZXRTZWxlY3Rpb24oKSBkdXJpbmcg ZGV0YWNoKCkKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTQyMDIwCisKKyAgICAgICAgTm8gdGVzdCBiZWNhdXNlIEkgYW0gdW5hYmxlIHRvIHJlcHJvZHVj ZSB0aGUgY3Jhc2guCisKKyAgICAgICAgKiByZW5kZXJpbmcvUmVuZGVyVmlldy5jcHA6CisgICAg ICAgIChXZWJDb3JlOjpSZW5kZXJWaWV3OjpzZXRTZWxlY3Rpb24pOiBJbiB0aGUgY2xlYXJTZWxl Y3Rpb24oKSBjYXNlLCB3aGVyZSB0aGUgcmVwYWludCBtb2RlIGlzCisgICAgICAgIFJlcGFpbnRO ZXdNaW51c09sZCwgYXZvaWQgbWFraW5nIFJlbmRlckJsb2NrU2VsZWN0aW9uSW5mbyBpbnN0YW5j ZXMsIGFuZCB0aGVyZWJ5IGF2b2lkIGNhbGxpbmcKKyAgICAgICAgbG9jYWxUb0Fic29sdXRlKCkg ZHVyaW5nIGRldGFjaCgpLgorCiAyMDEwLTA3LTA5ICBUb255IENoYW5nICA8dG9ueUBjaHJvbWl1 bS5vcmc+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgT2phbiBWYWZhaS4KSW5kZXg6IFdlYkNvcmUv cmVuZGVyaW5nL1JlbmRlclZpZXcuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvcmVuZGVyaW5n L1JlbmRlclZpZXcuY3BwCShyZXZpc2lvbiA2MzAxMykKKysrIFdlYkNvcmUvcmVuZGVyaW5nL1Jl bmRlclZpZXcuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC00MTgsMTMgKzQxOCwxNSBAQCB2b2lkIFJl bmRlclZpZXc6OnNldFNlbGVjdGlvbihSZW5kZXJPYmplCiAgICAgICAgIGlmICgob3MtPmNhbkJl U2VsZWN0aW9uTGVhZigpIHx8IG9zID09IG1fc2VsZWN0aW9uU3RhcnQgfHwgb3MgPT0gbV9zZWxl Y3Rpb25FbmQpICYmIG9zLT5zZWxlY3Rpb25TdGF0ZSgpICE9IFNlbGVjdGlvbk5vbmUpIHsKICAg ICAgICAgICAgIC8vIEJsb2NrcyBhcmUgcmVzcG9uc2libGUgZm9yIHBhaW50aW5nIGxpbmUgZ2Fw cyBhbmQgbWFyZ2luIGdhcHMuICBUaGV5IG11c3QgYmUgZXhhbWluZWQgYXMgd2VsbC4KICAgICAg ICAgICAgIG9sZFNlbGVjdGVkT2JqZWN0cy5zZXQob3MsIG5ldyBSZW5kZXJTZWxlY3Rpb25JbmZv KG9zLCB0cnVlKSk7Ci0gICAgICAgICAgICBSZW5kZXJCbG9jayogY2IgPSBvcy0+Y29udGFpbmlu Z0Jsb2NrKCk7Ci0gICAgICAgICAgICB3aGlsZSAoY2IgJiYgIWNiLT5pc1JlbmRlclZpZXcoKSkg ewotICAgICAgICAgICAgICAgIFJlbmRlckJsb2NrU2VsZWN0aW9uSW5mbyogYmxvY2tJbmZvID0g b2xkU2VsZWN0ZWRCbG9ja3MuZ2V0KGNiKTsKLSAgICAgICAgICAgICAgICBpZiAoYmxvY2tJbmZv KQotICAgICAgICAgICAgICAgICAgICBicmVhazsKLSAgICAgICAgICAgICAgICBvbGRTZWxlY3Rl ZEJsb2Nrcy5zZXQoY2IsIG5ldyBSZW5kZXJCbG9ja1NlbGVjdGlvbkluZm8oY2IpKTsKLSAgICAg ICAgICAgICAgICBjYiA9IGNiLT5jb250YWluaW5nQmxvY2soKTsKKyAgICAgICAgICAgIGlmIChi bG9ja1JlcGFpbnRNb2RlID09IFJlcGFpbnROZXdYT1JPbGQpIHsKKyAgICAgICAgICAgICAgICBS ZW5kZXJCbG9jayogY2IgPSBvcy0+Y29udGFpbmluZ0Jsb2NrKCk7CisgICAgICAgICAgICAgICAg d2hpbGUgKGNiICYmICFjYi0+aXNSZW5kZXJWaWV3KCkpIHsKKyAgICAgICAgICAgICAgICAgICAg UmVuZGVyQmxvY2tTZWxlY3Rpb25JbmZvKiBibG9ja0luZm8gPSBvbGRTZWxlY3RlZEJsb2Nrcy5n ZXQoY2IpOworICAgICAgICAgICAgICAgICAgICBpZiAoYmxvY2tJbmZvKQorICAgICAgICAgICAg ICAgICAgICAgICAgYnJlYWs7CisgICAgICAgICAgICAgICAgICAgIG9sZFNlbGVjdGVkQmxvY2tz LnNldChjYiwgbmV3IFJlbmRlckJsb2NrU2VsZWN0aW9uSW5mbyhjYikpOworICAgICAgICAgICAg ICAgICAgICBjYiA9IGNiLT5jb250YWluaW5nQmxvY2soKTsKKyAgICAgICAgICAgICAgICB9CiAg ICAgICAgICAgICB9CiAgICAgICAgIH0KIApAQCAtNTI3LDggKzUyOSw3IEBAIHZvaWQgUmVuZGVy Vmlldzo6c2V0U2VsZWN0aW9uKFJlbmRlck9iamUKICAgICAgICAgUmVuZGVyQmxvY2tTZWxlY3Rp b25JbmZvKiBuZXdJbmZvID0gbmV3U2VsZWN0ZWRCbG9ja3MuZ2V0KGJsb2NrKTsKICAgICAgICAg UmVuZGVyQmxvY2tTZWxlY3Rpb25JbmZvKiBvbGRJbmZvID0gaS0+c2Vjb25kOwogICAgICAgICBp ZiAoIW5ld0luZm8gfHwgb2xkSW5mby0+cmVjdHMoKSAhPSBuZXdJbmZvLT5yZWN0cygpIHx8IG9s ZEluZm8tPnN0YXRlKCkgIT0gbmV3SW5mby0+c3RhdGUoKSkgewotICAgICAgICAgICAgaWYgKGJs b2NrUmVwYWludE1vZGUgPT0gUmVwYWludE5ld1hPUk9sZCkKLSAgICAgICAgICAgICAgICBvbGRJ bmZvLT5yZXBhaW50KCk7CisgICAgICAgICAgICBvbGRJbmZvLT5yZXBhaW50KCk7CiAgICAgICAg ICAgICBpZiAobmV3SW5mbykgewogICAgICAgICAgICAgICAgIG5ld0luZm8tPnJlcGFpbnQoKTsK ICAgICAgICAgICAgICAgICBuZXdTZWxlY3RlZEJsb2Nrcy5yZW1vdmUoYmxvY2spOwo=