58910 2011-04-19 11:22:51 -0700 REGRESSION(r83967): Crash in selectionExtentRespectingEditingBoundary 2011-04-19 17:23:58 -0700 1 1 1 Unclassified WebKit HTML Editing 528+ (Nightly build) All All RESOLVED FIXED P1 Normal --- 1 rniwa webkit-unassigned aboxhall darin enrica eric ojan tkent tony oldest_to_newest 388636 0 rniwa 2011-04-19 11:22:51 -0700 Chrome stack trace: 0x634ff603 [chrome.dll - renderobject.cpp:1951 WebCore::RenderObject::localToAbsolute(WebCore::FloatPoint const &,bool,bool) 0x62ac95b1 [chrome.dll - eventhandler.cpp:637 WebCore::selectionExtentRespectingEditingBoundary 0x62ac9686 [chrome.dll - eventhandler.cpp:659 WebCore::EventHandler::updateSelectionForMouseDrag(WebCore::HitTestResult const &) 0x62ac9532 [chrome.dll - eventhandler.cpp:622 WebCore::EventHandler::updateSelectionForMouseDrag() 0x6353366f [chrome.dll - renderlayer.cpp:1581 WebCore::RenderLayer::autoscroll() 0x6353c0f4 [chrome.dll - rendertextcontrolsingleline.cpp:1034 WebCore::RenderTextControlSingleLine::autoscroll() 0x62ac99ac [chrome.dll - eventhandler.cpp:800 WebCore::EventHandler::autoscrollTimerFired(WebCore::Timer<WebCore::EventHandler> *) 0x62dacf4a [chrome.dll - timer.h:100 WebCore::Timer<WebCore::EventHandler>::fired() 0x62c290a4 [chrome.dll - threadtimers.cpp:112 WebCore::ThreadTimers::sharedTimerFiredInternal() 0x62c29017 [chrome.dll - threadtimers.cpp:90 WebCore::ThreadTimers::sharedTimerFired() 0x62f6d795 [chrome.dll - message_loop.cc:371 MessageLoop::RunTask(Task *) 0x62f6d81c [chrome.dll - message_loop.cc:380 MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const &) 0x62f6dcb5 [chrome.dll - message_loop.cc:611 MessageLoop::DoDelayedWork(base::TimeTicks *) 0x62f82920 [chrome.dll - message_pump_default.cc:27 base::MessagePumpDefault::Run(base::MessagePump::Delegate *) 0x62f6d716 [chrome.dll - message_loop.cc:346 MessageLoop::RunInternal() 0x62f6d69b [chrome.dll - message_loop.cc:319 MessageLoop::RunHandler() 0x62f6d58f [chrome.dll - message_loop.cc:243 MessageLoop::Run() 0x62f9b2e1 [chrome.dll - renderer_main.cc:365 RendererMain(MainFunctionParams const &) 0x62a841de [chrome.dll - chrome_main.cc:813 ChromeMain 0x002221c6 [chrome.exe - client_util.cc:288 MainDllLoader::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *) 0x002243e3 [chrome.exe - chrome_exe_main_win.cc:46 wWinMain 388637 1 rniwa 2011-04-19 11:23:15 -0700 http://crbug.com/79875 388641 2 rniwa 2011-04-19 11:31:52 -0700 I failed in my review :( There's a null pointer check that's missing in http://trac.webkit.org/changeset/83967/trunk/Source/WebCore/page/EventHandler.cpp I'll upload a patch in a minute. 388667 3 90232 rniwa 2011-04-19 11:48:43 -0700 Created attachment 90232 fixes the crash 388934 4 90232 rniwa 2011-04-19 17:23:55 -0700 Comment on attachment 90232 fixes the crash Clearing flags on attachment: 90232 Committed r84320: <http://trac.webkit.org/changeset/84320> 388935 5 rniwa 2011-04-19 17:23:58 -0700 All reviewed patches have been landed. Closing bug. 90232 2011-04-19 11:48:43 -0700 2011-04-19 17:23:54 -0700 fixes the crash bug-58910-20110419114842.patch text/plain 2552 rniwa SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDg0MjcyKQorKysgU291cmNlL1dlYkNvcmUvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMjEgQEAKKzIwMTEtMDQtMTkgIFJ5b3N1a2Ug Tml3YSAgPHJuaXdhQHdlYmtpdC5vcmc+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChP T1BTISkuCisKKyAgICAgICAgUkVHUkVTU0lPTihyODM5NjcpOiBDcmFzaCBpbiBzZWxlY3Rpb25F eHRlbnRSZXNwZWN0aW5nRWRpdGluZ0JvdW5kYXJ5CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJr aXQub3JnL3Nob3dfYnVnLmNnaT9pZD01ODkxMAorCisgICAgICAgIFRoZSBjcmFzaCB3YXMgY2F1 c2VkIGJ5IHNlbGVjdGlvbkV4dGVudFJlc3BlY3RpbmdFZGl0aW5nQm91bmRhcnkncyBpbmNvcnJl Y3RseSBhc3N1bWluZyB0aGF0CisgICAgICAgIHRhcmdldE5vZGUgYWx3YXlzIGhhdmUgcmVuZGVy ZXIgd2hlbiB0aGVyZSBzZWxlY3Rpb24gaGFzIGFuIGVkaXRhYmxlIHJvb3QgYW5kIHRoZSB0YXJn ZXQgbm9kZQorICAgICAgICBpcyBvdXRzaWRlIG9mIHRoZSBlZGl0YWJsZSByb290LgorICAgICAg ICAKKyAgICAgICAgRml4ZWQgdGhlIGJ1ZyBieSBhZGRpbmcgYW4gZWFybHkgZXhpdCB3aGVuIHRo ZSB0YXJnZXQgbm9kZSBpcyBudWxsLgorCisgICAgICAgIE5vIG5ldyB0ZXN0cyBhcmUgYWRkZWQg c2luY2Ugd2UgZG9uJ3QgaGF2ZSBhIHJlZHVjdGlvbiBmb3IgdGhpcyBjcmFzaC4KKworICAgICAg ICAqIHBhZ2UvRXZlbnRIYW5kbGVyLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OnNlbGVjdGlvbkV4 dGVudFJlc3BlY3RpbmdFZGl0aW5nQm91bmRhcnkpOgorCiAyMDExLTA0LTE5ICBSeW9zdWtlIE5p d2EgIDxybml3YUB3ZWJraXQub3JnPgogCiAgICAgICAgIFJldmlld2VkIGJ5IERpbWl0cmkgR2xh emtvdi4KSW5kZXg6IFNvdXJjZS9XZWJDb3JlL3BhZ2UvRXZlbnRIYW5kbGVyLmNwcAo9PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09Ci0tLSBTb3VyY2UvV2ViQ29yZS9wYWdlL0V2ZW50SGFuZGxlci5jcHAJKHJldmlzaW9uIDg0 MjY1KQorKysgU291cmNlL1dlYkNvcmUvcGFnZS9FdmVudEhhbmRsZXIuY3BwCSh3b3JraW5nIGNv cHkpCkBAIC02MjYsMjIgKzYyNiwyMCBAQCBzdGF0aWMgVmlzaWJsZVBvc2l0aW9uIHNlbGVjdGlv bkV4dGVudFJlCiB7CiAgICAgSW50UG9pbnQgc2VsZWN0aW9uRW5kUG9pbnQgPSBsb2NhbFBvaW50 OwogICAgIEVsZW1lbnQqIGVkaXRhYmxlRWxlbWVudCA9IHNlbGVjdGlvbi5yb290RWRpdGFibGVF bGVtZW50KCk7Ci0gICAgTm9kZSogc2VsZWN0aW9uRW5kTm9kZSA9IHRhcmdldE5vZGU7CiAKLSAg ICBpZiAoZWRpdGFibGVFbGVtZW50ICYmICFlZGl0YWJsZUVsZW1lbnQtPmNvbnRhaW5zKHRhcmdl dE5vZGUpKSB7Ci0gICAgICAgIHNlbGVjdGlvbkVuZE5vZGUgPSBlZGl0YWJsZUVsZW1lbnQ7Cisg ICAgaWYgKCF0YXJnZXROb2RlLT5yZW5kZXJlcigpKQorICAgICAgICByZXR1cm4gVmlzaWJsZVBv c2l0aW9uKCk7CiAKLSAgICAgICAgaWYgKCFzZWxlY3Rpb25FbmROb2RlLT5yZW5kZXJlcigpKQor ICAgIGlmIChlZGl0YWJsZUVsZW1lbnQgJiYgIWVkaXRhYmxlRWxlbWVudC0+Y29udGFpbnModGFy Z2V0Tm9kZSkpIHsKKyAgICAgICAgaWYgKCFlZGl0YWJsZUVsZW1lbnQtPnJlbmRlcmVyKCkpCiAg ICAgICAgICAgICByZXR1cm4gVmlzaWJsZVBvc2l0aW9uKCk7CiAKICAgICAgICAgRmxvYXRQb2lu dCBhYnNvbHV0ZVBvaW50ID0gdGFyZ2V0Tm9kZS0+cmVuZGVyZXIoKS0+bG9jYWxUb0Fic29sdXRl KEZsb2F0UG9pbnQoc2VsZWN0aW9uRW5kUG9pbnQpKTsKLSAgICAgICAgc2VsZWN0aW9uRW5kUG9p bnQgPSByb3VuZGVkSW50UG9pbnQoc2VsZWN0aW9uRW5kTm9kZS0+cmVuZGVyZXIoKS0+YWJzb2x1 dGVUb0xvY2FsKGFic29sdXRlUG9pbnQpKTsKKyAgICAgICAgc2VsZWN0aW9uRW5kUG9pbnQgPSBy b3VuZGVkSW50UG9pbnQoZWRpdGFibGVFbGVtZW50LT5yZW5kZXJlcigpLT5hYnNvbHV0ZVRvTG9j YWwoYWJzb2x1dGVQb2ludCkpOworICAgICAgICB0YXJnZXROb2RlID0gZWRpdGFibGVFbGVtZW50 OwogICAgIH0KIAotICAgIGlmICghc2VsZWN0aW9uRW5kTm9kZS0+cmVuZGVyZXIoKSkKLSAgICAg ICAgcmV0dXJuIFZpc2libGVQb3NpdGlvbigpOwotCi0gICAgcmV0dXJuIHNlbGVjdGlvbkVuZE5v ZGUtPnJlbmRlcmVyKCktPnBvc2l0aW9uRm9yUG9pbnQoc2VsZWN0aW9uRW5kUG9pbnQpOworICAg IHJldHVybiB0YXJnZXROb2RlLT5yZW5kZXJlcigpLT5wb3NpdGlvbkZvclBvaW50KHNlbGVjdGlv bkVuZFBvaW50KTsKIH0KIAogdm9pZCBFdmVudEhhbmRsZXI6OnVwZGF0ZVNlbGVjdGlvbkZvck1v dXNlRHJhZyhjb25zdCBIaXRUZXN0UmVzdWx0JiBoaXRUZXN0UmVzdWx0KQo=