78577 2012-02-13 23:07:41 -0800 REGRESSION (r107568-r107627): Crash when copying in WebCore::SharedBuffer::hasPlatformData() 2012-02-15 00:53:01 -0800 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) Mac (Intel) OS X 10.7 RESOLVED FIXED http://nightly.webkit.org/ Regression P1 Critical --- 1 kevin webkit-unassigned ap dimitris.apostolou enrica simon.fraser oldest_to_newest 555981 0 kevin 2012-02-13 23:07:41 -0800 Seems selecting text on any web page and then copying via Command-C or the contextual menu causes the Web Process to crash. So for example on the nightly page, I double click February... Command-C... crash. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x0000000108884cf4 WebCore::SharedBuffer::hasPlatformData() const + 4 1 com.apple.WebCore 0x00000001088844c1 WebCore::SharedBuffer::size() const + 17 2 com.apple.WebCore 0x0000000108884ec4 -[WebCoreSharedBufferData length] + 20 3 com.apple.CoreFoundation 0x00007fff971fb7f6 CFDataGetLength + 118 4 com.apple.CoreFoundation 0x00007fff972ba619 __CFPasteboardSetData + 57 5 com.apple.CoreFoundation 0x00007fff972ba578 CFPasteboardSetData + 456 6 com.apple.AppKit 0x00007fff93f8cc54 -[NSPasteboard _setData:forType:index:usesPboardTypes:] + 369 7 com.apple.AppKit 0x00007fff93f89b33 -[NSPasteboard setData:forType:] + 86 8 com.apple.WebKit2 0x0000000107956227 WebKit::WebPlatformStrategies::setBufferForType(WTF::PassRefPtr<WebCore::SharedBuffer>, WTF::String const&, WTF::String const&) + 63 9 com.apple.WebCore 0x00000001086e9b5c WebCore::Pasteboard::writeSelectionForTypes(WTF::Vector<WTF::String, 0ul> const&, WebCore::Range*, bool, WebCore::Frame*) + 5308 10 com.apple.WebCore 0x00000001086ea06f WebCore::Pasteboard::writeSelection(WebCore::Range*, bool, WebCore::Frame*) + 63 11 com.apple.WebCore 0x0000000108159f6c WebCore::Editor::copy() + 540 12 com.apple.WebCore 0x0000000107f65508 WebCore::ContextMenuController::contextMenuItemSelected(WebCore::ContextMenuItem*) + 856 13 com.apple.WebKit2 0x00000001078f9adc WebKit::WebContextMenu::itemSelected(WebKit::WebContextMenuItemData const&) + 58 14 com.apple.WebKit2 0x000000010792b05c WebKit::WebPage::didSelectItemFromActiveContextMenu(WebKit::WebContextMenuItemData const&) + 26 15 com.apple.WebKit2 0x00000001079366f2 void CoreIPC::handleMessage<Messages::WebPage::DidSelectItemFromActiveContextMenu, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebContextMenuItemData const&)>(CoreIPC::ArgumentDecoder*, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebContextMenuItemData const&)) + 83 16 com.apple.WebKit2 0x00000001078f0389 WebKit::WebConnectionToUIProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) + 179 17 com.apple.WebKit2 0x0000000107894da9 CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) + 175 18 com.apple.WebKit2 0x00000001078962b5 CoreIPC::Connection::dispatchMessages() + 147 19 com.apple.WebCore 0x0000000108846849 WebCore::RunLoop::performWork() + 89 20 com.apple.WebCore 0x0000000108845fe7 WebCore::RunLoop::performWork(void*) + 71 21 com.apple.CoreFoundation 0x00007fff971f76e1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 22 com.apple.CoreFoundation 0x00007fff971f6f4d __CFRunLoopDoSources0 + 253 23 com.apple.CoreFoundation 0x00007fff9721dd39 __CFRunLoopRun + 905 24 com.apple.CoreFoundation 0x00007fff9721d676 CFRunLoopRunSpecific + 230 25 com.apple.HIToolbox 0x00007fff8c29931f RunCurrentEventLoopInMode + 277 26 com.apple.HIToolbox 0x00007fff8c2a05c9 ReceiveNextEventCommon + 355 27 com.apple.HIToolbox 0x00007fff8c2a0456 BlockUntilNextEventMatchingListInMode + 62 28 com.apple.AppKit 0x00007fff93a93f5d _DPSNextEvent + 659 29 com.apple.AppKit 0x00007fff93a93861 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135 30 com.apple.AppKit 0x00007fff93a9019d -[NSApplication run] + 470 31 com.apple.WebCore 0x000000010884628f WebCore::RunLoop::run() + 63 32 com.apple.WebKit2 0x0000000107968376 WebKit::WebProcessMain(WebKit::CommandLine const&) + 2538 33 com.apple.WebKit2 0x000000010791e64f WebKitMain + 285 34 com.apple.WebProcess 0x000000010784fe5f main + 219 35 com.apple.WebProcess 0x000000010784fd7c start + 52 556424 1 ap 2012-02-14 11:14:38 -0800 *** Bug 78618 has been marked as a duplicate of this bug. *** 556426 2 ap 2012-02-14 11:15:36 -0800 <rdar://problem/10859018> 556456 3 enrica 2012-02-14 11:41:43 -0800 I'm looking into it now. 556483 4 enrica 2012-02-14 12:18:48 -0800 I have a fix. 556748 5 127073 enrica 2012-02-14 16:25:41 -0800 Created attachment 127073 Patch 556759 6 enrica 2012-02-14 16:36:40 -0800 http://trac.webkit.org/changeset/107753 557000 7 mrowe 2012-02-15 00:53:01 -0800 *** Bug 78670 has been marked as a duplicate of this bug. *** 127073 2012-02-14 16:25:41 -0800 2012-02-14 16:30:51 -0800 Patch crashcopy.txt text/plain 1518 enrica SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDEwNzc0OCkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE0IEBACisyMDEyLTAyLTE0ICBFbnJpY2Eg Q2FzdWNjaSAgPGVucmljYUBhcHBsZS5jb20+CisKKyAgICAgICAgUkVHUkVTU0lPTiAocjEwNzU2 OC1yMTA3NjI3KTogQ3Jhc2ggd2hlbiBjb3B5aW5nIGluIFdlYkNvcmU6OlNoYXJlZEJ1ZmZlcjo6 aGFzUGxhdGZvcm1EYXRhKCkuCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3df YnVnLmNnaT9pZD03ODU3NworCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgor CisgICAgICAgICogcGxhdGZvcm0vbWFjL1BsYXRmb3JtUGFzdGVib2FyZE1hYy5tbToKKyAgICAg ICAgKFdlYkNvcmU6OlBsYXRmb3JtUGFzdGVib2FyZDo6c2V0QnVmZmVyRm9yVHlwZSk6IE1pc3Np bmcgbnVsbCBjaGVjayB3aGVuCisgICAgICAgIHNldHRpbmcgZGF0YSB0byB0aGUgTlNQYXN0ZWJv YXJkLgorCiAyMDEyLTAyLTE0ICBNYXR0IExpbGVrICA8bXJsQGFwcGxlLmNvbT4KIAogICAgICAg ICBEb24ndCBFTkFCTEVfREFTSEJPQVJEX1NVUFBPUlQgdW5jb25kaXRpb25hbGx5IG9uIGFsbCBN YWMgcGxhdGZvcm1zCkluZGV4OiBTb3VyY2UvV2ViQ29yZS9wbGF0Zm9ybS9tYWMvUGxhdGZvcm1Q YXN0ZWJvYXJkTWFjLm1tCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJDb3JlL3BsYXRmb3JtL21h Yy9QbGF0Zm9ybVBhc3RlYm9hcmRNYWMubW0JKHJldmlzaW9uIDEwNzc0OCkKKysrIFNvdXJjZS9X ZWJDb3JlL3BsYXRmb3JtL21hYy9QbGF0Zm9ybVBhc3RlYm9hcmRNYWMubW0JKHdvcmtpbmcgY29w eSkKQEAgLTg3LDcgKzg3LDcgQEAgdm9pZCBQbGF0Zm9ybVBhc3RlYm9hcmQ6OnNldFR5cGVzKGNv bnN0IAogCiB2b2lkIFBsYXRmb3JtUGFzdGVib2FyZDo6c2V0QnVmZmVyRm9yVHlwZShQYXNzUmVm UHRyPFNoYXJlZEJ1ZmZlcj4gYnVmZmVyLCBjb25zdCBTdHJpbmcmIHBhc3RlYm9hcmRUeXBlKQog ewotICAgIFttX3Bhc3RlYm9hcmQuZ2V0KCkgc2V0RGF0YTpbYnVmZmVyLT5jcmVhdGVOU0RhdGEo KSBhdXRvcmVsZWFzZV0gZm9yVHlwZTpwYXN0ZWJvYXJkVHlwZV07CisgICAgW21fcGFzdGVib2Fy ZC5nZXQoKSBzZXREYXRhOmJ1ZmZlciA/IFtidWZmZXItPmNyZWF0ZU5TRGF0YSgpIGF1dG9yZWxl YXNlXSA6IG5pbCBmb3JUeXBlOnBhc3RlYm9hcmRUeXBlXTsKIH0KIAogdm9pZCBQbGF0Zm9ybVBh c3RlYm9hcmQ6OnNldFBhdGhuYW1lc0ZvclR5cGUoY29uc3QgVmVjdG9yPFN0cmluZz4mIHBhdGhu YW1lcywgY29uc3QgU3RyaW5nJiBwYXN0ZWJvYXJkVHlwZSkK