8521 2006-04-21 12:55:05 -0700 crash bringing up context menu with CSS generated content 2006-05-12 09:45:06 -0700 1 1 1 Unclassified WebKit WebCore Misc. 420+ Mac OS X 10.4 RESOLVED FIXED http://lofotenmoose.info/css/destroy/origami.xhtml EasyFix, HasReduction P1 Normal --- 1 gardnermj darin jonathanjohnsson mitz oldest_to_newest 40057 0 gardnermj 2006-04-21 12:55:05 -0700 Try to open a context menu on http://lofotenmoose.info/css/destroy/origami.xhtml, and Safari will crash immediately. The page uses advanced CSS generated content techniques, which seems likely to be the cause of the crash. 40133 1 ap 2006-04-22 01:35:31 -0700 Thread 0 Crashed: 0 com.apple.WebCore 0x018aec2c WebCore::FrameMac::sendContextMenuEvent(NSEvent*) + 756 (FrameMac.mm:2140) 1 com.apple.WebCore 0x018da460 -[WebCoreFrameBridge sendContextMenuEvent:] + 52 (WebCoreFrameBridge.mm:1047) 2 com.apple.WebKit 0x0037d070 -[WebHTMLView menuForEvent:] + 152 (WebHTMLView.m:2408) 3 com.apple.AppKit 0x936e8e50 -[NSWindow sendEvent:] + 4520 4 com.apple.Safari 0x00022160 0x1000 + 135520 5 com.apple.AppKit 0x93691ef4 -[NSApplication sendEvent:] + 4172 6 com.apple.Safari 0x00021c64 0x1000 + 134244 7 com.apple.AppKit 0x93689330 -[NSApplication run] + 508 8 com.apple.AppKit 0x93779e68 NSApplicationMain + 452 40143 2 7909 jonathanjohnsson 2006-04-22 04:53:34 -0700 Created attachment 7909 Reduced test case This is a reduced test case, though I'm not sure it displays all of the original problems of this bug. Right clicking on the blue or the right square crashes Safari. It's the "html::before" and "html::after" selectors that are responsible. As a note, Firefox renders this entirely different. 41456 3 8147 joost 2006-05-07 12:19:07 -0700 Created attachment 8147 further reduced testcase I think this is quite minimal... 41610 4 darin 2006-05-09 08:52:36 -0700 The problem is simply that WebCore::FrameMac::sendContextMenuEvent assumes targetNode is not 0. Easy to fix. 41813 5 8196 darin 2006-05-09 22:53:28 -0700 Created attachment 8196 patch 42106 6 darin 2006-05-12 09:45:06 -0700 Committed revision 14324. 7909 2006-04-22 04:53:34 -0700 2006-05-07 12:19:07 -0700 Reduced test case testcase.xhtml application/xhtml+xml 609 jonathanjohnsson PD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSBodG1sIFBVQkxJQyAiLS8vVzNDLy9EVEQg WEhUTUwgMS4xLy9FTiIgImh0dHA6Ly93d3cudzMub3JnL1RSL3hodG1sMTEvRFREL3hodG1sMTEu ZHRkIj4KPGh0bWwgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkveGh0bWwiIHhtbDpsYW5n PSJlbiI+CjxoZWFkPgo8dGl0bGU+QnVnIDg1MjE8L3RpdGxlPgo8c3R5bGUgdHlwZT0idGV4dC9j c3MiPgoKaHRtbDo6YmVmb3JlIHsKCWNvbnRlbnQ6ICIiOwoJYm9yZGVyOiBzb2xpZCByZWQgNXB4 OwoJd2lkdGg6IDUwcHg7CgloZWlnaHQ6IDUwcHg7Cglwb3NpdGlvbjogZml4ZWQ7Cn0KCmh0bWw6 OmFmdGVyIHsKCWNvbnRlbnQ6ICIiOwoJYm9yZGVyOiBzb2xpZCBibHVlIDVweDsKCXdpZHRoOiAx MDBweDsKCWhlaWdodDogMTAwcHg7Cglwb3NpdGlvbjogZml4ZWQ7Cn0KCjwvc3R5bGU+CjwvaGVh ZD4KCjxib2R5PgpPcGVuIGEgY29udGV4dCBtZW51IGZvciB0aGUgYmx1ZSBvciB0aGUgcmVkIHNx dWFyZSwgYW5kIFNhZmFyaSBjcmFzaGVzLiAoV2ViS2l0LVNWTi1yMTQwMDggYW5kIFNhZmFyaSBW ZXJzaW9uIDIuMC4zICg0MTcuOS4yKSkKPC9ib2R5Pgo8L2h0bWw+ 8147 2006-05-07 12:19:07 -0700 2006-05-07 12:19:07 -0700 further reduced testcase origami.html text/html 256 joost PHN0eWxlIHR5cGU9InRleHQvY3NzIj4KaHRtbDpiZWZvcmUsIGh0bWw6YWZ0ZXIgewoJY29udGVu dDogIiI7Cgl3aWR0aDogNTBweDsKCWhlaWdodDogNTBweDsKCXBvc2l0aW9uOiBmaXhlZDsKfQpo dG1sOmJlZm9yZSB7Cglib3JkZXI6IHNvbGlkIHJlZCA1cHg7Cn0KaHRtbDphZnRlciB7Cglib3Jk ZXI6IHNvbGlkIGdyZWVuIDVweDsKCXRvcDogNjBweDsKfQo8L3N0eWxlPgoKT3BlbiBhIGNvbnRl eHQgbWVudSBhbmQgV2ViS2l0IGNyYXNoZXMuCg== 8196 2006-05-09 22:53:28 -0700 2006-05-10 01:03:13 -0700 patch ContextMenuCrashPatch.txt text/plain 839 darin SW5kZXg6IGJyaWRnZS9tYWMvRnJhbWVNYWMubW0KPT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gYnJpZGdlL21hYy9G cmFtZU1hYy5tbQkocmV2aXNpb24gMTQyNzMpCisrKyBicmlkZ2UvbWFjL0ZyYW1lTWFjLm1tCSh3 b3JraW5nIGNvcHkpCkBAIC0yMTQxLDcgKzIxNDEsOCBAQAogCiAgICAgc3dhbGxvd0V2ZW50ID0g di0+ZGlzcGF0Y2hNb3VzZUV2ZW50KGNvbnRleHRtZW51RXZlbnQsIG1ldi50YXJnZXROb2RlKCks IHRydWUsIDAsIG1vdXNlRXZlbnQsIHRydWUpOwogICAgIGlmICghc3dhbGxvd0V2ZW50ICYmICFp c1BvaW50SW5zaWRlU2VsZWN0aW9uKHZpZXdwb3J0UG9zKSAmJgotICAgICAgICAoW19icmlkZ2Ug c2VsZWN0V29yZEJlZm9yZU1lbnVFdmVudF0gfHwgW19icmlkZ2UgaXNFZGl0YWJsZV0gfHwgbWV2 LnRhcmdldE5vZGUoKS0+aXNDb250ZW50RWRpdGFibGUoKSkpIHsKKyAgICAgICAgICAgIChbX2Jy aWRnZSBzZWxlY3RXb3JkQmVmb3JlTWVudUV2ZW50XSB8fCBbX2JyaWRnZSBpc0VkaXRhYmxlXQor ICAgICAgICAgICAgICAgIHx8IChtZXYudGFyZ2V0Tm9kZSgpICYmIG1ldi50YXJnZXROb2RlKCkt PmlzQ29udGVudEVkaXRhYmxlKCkpKSkgewogICAgICAgICBfbW91c2VEb3duTWF5U3RhcnRTZWxl Y3QgPSB0cnVlOyAvLyBjb250ZXh0IG1lbnUgZXZlbnRzIGFyZSBhbHdheXMgYWxsb3dlZCB0byBw ZXJmb3JtIGEgc2VsZWN0aW9uCiAgICAgICAgIHNlbGVjdENsb3Nlc3RXb3JkRnJvbU1vdXNlRXZl bnQobW91c2VFdmVudCwgbWV2LnRhcmdldE5vZGUoKSk7CiAgICAgfQo=