8083 2006-03-30 09:38:48 -0800 REGRESSION: Repro crash when dragging to select over a new text field 2006-03-31 01:07:30 -0800 1 1 1 Unclassified WebKit Forms 420+ Mac OS X 10.4 VERIFIED FIXED Regression P1 Normal --- 1 mitz webkit-unassigned adele justin.garcia oldest_to_newest 37989 0 mitz 2006-03-30 09:38:48 -0800 TOT crashes when dragging to make a selection that contains a new text field. Backtrace: Thread 0 Crashed: 0 com.apple.WebCore 0x01adb554 WebCore::Node::rootEditableElement() const + 36 (Node.cpp:1043) 1 com.apple.WebCore 0x01a7bce8 WebCore::Selection::adjustForEditableContent() + 688 (Selection.cpp:323) 2 com.apple.WebCore 0x01a7ce0c WebCore::Selection::validate() + 3684 (Selection.cpp:264) 3 com.apple.WebCore 0x01a7d158 WebCore::Selection::Selection[in-charge](WebCore::Position const&, WebCore::Position const&, WebCore::EAffinity) + 160 (Selection.cpp:65) 4 com.apple.WebCore 0x01a80890 WebCore::SelectionController::setExtent(WebCore::VisiblePosition const&) + 100 (SelectionController.cpp:653) 5 com.apple.WebCore 0x018c8200 WebCore::Frame::handleMouseMoveEventPart2(WebCore::MouseEventWithHitTestResults const&) + 560 (Frame.cpp:1856) 6 com.apple.WebCore 0x018c82b8 WebCore::Frame::handleMouseMoveEvent(WebCore::MouseEventWithHitTestResults const&) + 40 (Frame.cpp:1866) 7 com.apple.WebCore 0x018dbdb8 WebCore::FrameMac::handleMouseMoveEvent(WebCore::MouseEventWithHitTestResults const&) + 3372 (FrameMac.mm:1726) 8 com.apple.WebCore 0x018edcf4 WebCore::FrameView::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&) + 876 (FrameView.cpp:636) 9 com.apple.WebCore 0x018d6ec8 WebCore::FrameMac::mouseDragged(NSEvent*) + 388 (FrameMac.mm:1958) 10 com.apple.WebCore 0x019085e8 -[WebCoreFrameBridge mouseDragged:] + 52 (WebCoreFrameBridge.mm:1050) 11 com.apple.WebKit 0x0037d66c -[WebHTMLView mouseDragged:] + 288 (WebHTMLView.m:2725) 12 com.apple.AppKit 0x9377c5c0 -[NSWindow sendEvent:] + 6424 13 com.apple.Safari 0x00021d24 0x1000 + 134436 14 com.apple.AppKit 0x93724ef4 -[NSApplication sendEvent:] + 4172 15 com.apple.Safari 0x00021828 0x1000 + 133160 16 com.apple.AppKit 0x9371c330 -[NSApplication run] + 508 17 com.apple.AppKit 0x9380ce68 NSApplicationMain + 452 18 com.apple.Safari 0x0005cbec 0x1000 + 375788 19 com.apple.Safari 0x0005ca94 0x1000 + 375444 37990 1 7396 mitz 2006-03-30 09:39:21 -0800 Created attachment 7396 Test case (crasher) 37999 2 justin.garcia 2006-03-30 10:38:06 -0800 I'm guess: adjustForEditableContent finds that the extent is in a different root editable element than the base (the extent is inside a textfield and the base is not), then it tries to climb out of the the extent root in order to change the extent to the first visible position after the extent root. But it can't climb out of extent root because it's a shadow node. 38000 3 7398 adele 2006-03-30 11:05:11 -0800 Created attachment 7398 patch 38002 4 7398 adele 2006-03-30 11:08:02 -0800 Comment on attachment 7398 patch Justin - do we need to worry about this for the base node? 38006 5 7398 justin.garcia 2006-03-30 11:55:25 -0800 Comment on attachment 7398 patch adele & i talked about this and she's going to add a similar piece of code for the case where the selection starts in editable content. we also talked about how we this fix doesn't work if an editable shadow node was inside another editable shadow node. she could just put this adjustment inside the do {} loop and both cases would be fixed. 38057 6 mitz 2006-03-31 01:07:30 -0800 Verified in r13594 nightly 7396 2006-03-30 09:39:21 -0800 2006-03-30 09:39:21 -0800 Test case (crasher) new text field crash.html text/html 96 mitz RHJhZyB0byBhY3Jvc3MgdGhpcyBsaW5lIHRvIHNlbGVjdAo8SU5QVVQgdHlwZT0idGV4dCIgc3R5 bGU9Ii1raHRtbC1hcHBlYXJhbmNlOiB0ZXh0ZmllbGQ7Ij4KYWxs 7398 2006-03-30 11:05:11 -0800 2006-03-30 11:55:25 -0800 patch crash.txt text/plain 1247 adele SW5kZXg6IGVkaXRpbmcvU2VsZWN0aW9uLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBlZGl0aW5nL1NlbGVj dGlvbi5jcHAJKHJldmlzaW9uIDEzNTY2KQorKysgZWRpdGluZy9TZWxlY3Rpb24uY3BwCSh3b3Jr aW5nIGNvcHkpCkBAIC0zMTcsNiArMzE3LDcgQEAKICAgICB9IGVsc2UgewogICAgICAgICAvLyBU aGUgc2VsZWN0aW9uIGVuZHMgaW4gZWRpdGFibGUgY29udGVudCwgbW92ZSBiYWNrd2FyZCB1bnRp bCBub24tZWRpdGFibGUgY29udGVudCBpcyByZWFjaGVkLgogICAgICAgICBpZiAoZW5kUm9vdCkg eworICAgICAgICAgICAgZW5kUm9vdCA9IGVuZFJvb3QtPnNoYWRvd0FuY2VzdG9yTm9kZSgpOwog ICAgICAgICAgICAgVmlzaWJsZVBvc2l0aW9uIHByZXZpb3VzOwogICAgICAgICAgICAgZG8gewog ICAgICAgICAgICAgICAgIHByZXZpb3VzID0gVmlzaWJsZVBvc2l0aW9uKFBvc2l0aW9uKGVuZFJv b3QsIDApKS5wcmV2aW91cygpOwpJbmRleDogQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIENoYW5n ZUxvZwkocmV2aXNpb24gMTM1NzgpCisrKyBDaGFuZ2VMb2cJKHdvcmtpbmcgY29weSkKQEAgLTEs MyArMSwxNCBAQAorMjAwNi0wMy0zMCAgQWRlbGUgUGV0ZXJzb24gIDxhZGVsZUBhcHBsZS5jb20+ CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgLSBGaXgg Zm9yIGh0dHA6Ly9idWd6aWxsYS5vcGVuZGFyd2luLm9yZy9zaG93X2J1Zy5jZ2k/aWQ9ODA4Mwor ICAgICAgICBSRUdSRVNTSU9OOiBSZXBybyBjcmFzaCB3aGVuIGRyYWdnaW5nIHRvIHNlbGVjdCBv dmVyIGEgbmV3IHRleHQgZmllbGQKKworICAgICAgICAqIGVkaXRpbmcvU2VsZWN0aW9uLmNwcDog KFdlYkNvcmU6OlNlbGVjdGlvbjo6YWRqdXN0Rm9yRWRpdGFibGVDb250ZW50KToKKyAgICAgICAg V2hlbiBzZWFyY2hpbmcgZm9yIG5vbi1lZGl0YWJsZSBjb250ZW50LCBpZiB0aGUgZW5kIG9mIHRo ZSBzZWxlY3Rpb24gaXMgaW4gYSAKKyAgICAgICAgc2hhZG93IHRyZWUsIHRyeSB0byBqdW1wIG91 dCBvZiB0aGF0IGZpcnN0LgorCiAyMDA2LTAzLTMwICBNaXR6IFBldHRlbCAgPG9wZW5kYXJ3aW4u b3JnQG1pdHpwZXR0ZWwuY29tPgogCiAgICAgICAgIFJldmlld2VkIGJ5IERhcmluLgo=