9664 2006-06-30 03:14:42 -0700 REGRESSION (r15106): Crash in fast/events/mouseover-mouseout2.html 2006-06-30 11:07:19 -0700 1 1 1 Unclassified WebKit New Bugs 420+ Mac OS X 10.4 RESOLVED FIXED Regression P1 Normal --- 1 mitz webkit-unassigned ap ddkilzer timothy oldest_to_newest 47812 0 mitz 2006-06-30 03:14:42 -0700 run-webkit-tests fast/events/mouseover-mouseout2.html crashes: 0    WebCore::FrameMac::mouseMoved(NSEvent*) + 40 (FrameMac.mm:2087) 1    -[WebCoreFrameBridge mouseMoved:] + 52 (WebCoreFrameBridge.mm:1044) (because m_frame is 0 in -[mouseMoved:]). 47813 1 9103 mitz 2006-06-30 03:50:45 -0700 Created attachment 9103 Proposed patch 47814 2 mitz 2006-06-30 04:10:52 -0700 I should have included the complete backtrace :-) Thread 0 Crashed: 0   com.apple.WebCore         0x0112dba0 WebCore::FrameMac::mouseMoved(NSEvent*) + 40 (FrameMac.mm:2087) 1   com.apple.WebCore         0x01163138 -[WebCoreFrameBridge mouseMoved:] + 52 (WebCoreFrameBridge.mm:1044) 2   com.apple.WebCore         0x0112cdf8 WebCore::FrameMac::passSubframeEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*) + 528 (FrameMac.mm:1851) 3   com.apple.WebCore         0x01144cfc WebCore::FrameView::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&) + 740 (FrameView.cpp:694) 4   com.apple.WebCore         0x0112dd10 WebCore::FrameMac::mouseMoved(NSEvent*) + 408 (FrameMac.mm:2100) 5   com.apple.WebCore         0x01163138 -[WebCoreFrameBridge mouseMoved:] + 52 (WebCoreFrameBridge.mm:1044) 6   com.apple.WebKit          0x00265a98 -[WebHTMLView(WebPrivate) _updateMouseoverWithEvent:] + 1316 (WebHTMLView.m:1139) 7   com.apple.WebKit          0x00273674 -[WebHTMLView mouseMovedNotification:] + 148 (WebHTMLView.m:3155) 8   com.apple.Foundation      0x92943ad8 _nsnote_callback + 180 9   com.apple.CoreFoundation  0x90803010 __CFXNotificationPost + 368 10  com.apple.CoreFoundation  0x907fb0ec _CFXNotificationPostNotification + 684 11  com.apple.Foundation      0x9292dee0 -[NSNotificationCenter postNotificationName:object:userInfo:] + 92 12  com.apple.AppKit          0x937bcf84 forwardMethod + 92 13  com.apple.AppKit          0x937bcf84 forwardMethod + 92 14  com.apple.AppKit          0x937bcf84 forwardMethod + 92 15  com.apple.AppKit          0x937bcf84 forwardMethod + 92 16  com.apple.AppKit          0x937bcf84 forwardMethod + 92 17  com.apple.AppKit          0x937bcf84 forwardMethod + 92 18  DumpRenderTree            0x0000523c -[EventSendingController mouseMoveToX:Y:] + 1188 (EventSendingController.m:223) 19  libobjc.A.dylib           0x90a431f4 objc_msgSendv + 180 20  com.apple.Foundation      0x9293fc88 -[NSInvocation invoke] + 944 21  com.apple.JavaScriptCore  0x006bc68c KJS::Bindings::ObjcInstance::invokeMethod(KJS::ExecState*, KJS::Bindings::MethodList const&, KJS::List const&) + 1808 (objc_instance.mm:201) 22  com.apple.JavaScriptCore  0x006b6274 KJS::RuntimeMethod::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 356 (runtime_method.cpp:88) 23  com.apple.JavaScriptCore  0x0068dfa4 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 288 (object.cpp:96) 24  com.apple.JavaScriptCore  0x006833ec KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 908 (nodes.cpp:758) 25  com.apple.JavaScriptCore  0x0067fde8 KJS::ExprStatementNode::execute(KJS::ExecState*) + 220 (nodes.cpp:1661) 26  com.apple.JavaScriptCore  0x0067c5e0 KJS::SourceElementsNode::execute(KJS::ExecState*) + 616 (nodes.cpp:2448) 27  com.apple.JavaScriptCore  0x00679f9c KJS::BlockNode::execute(KJS::ExecState*) + 216 (nodes.cpp:1638) 28  com.apple.JavaScriptCore  0x0067fc70 KJS::IfNode::execute(KJS::ExecState*) + 500 (nodes.cpp:1680) 29  com.apple.JavaScriptCore  0x0067c490 KJS::SourceElementsNode::execute(KJS::ExecState*) + 280 (nodes.cpp:2442) 30  com.apple.JavaScriptCore  0x00679f9c KJS::BlockNode::execute(KJS::ExecState*) + 216 (nodes.cpp:1638) 31  com.apple.JavaScriptCore  0x006685e4 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 92 (function.cpp:338) 32  com.apple.JavaScriptCore  0x00667bf0 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 668 (function.cpp:104) 33  com.apple.JavaScriptCore  0x0068dfa4 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 288 (object.cpp:96) 34  com.apple.JavaScriptCore  0x00683c38 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 792 (nodes.cpp:665) 35  com.apple.JavaScriptCore  0x0067fde8 KJS::ExprStatementNode::execute(KJS::ExecState*) + 220 (nodes.cpp:1661) 36  com.apple.JavaScriptCore  0x0067c490 KJS::SourceElementsNode::execute(KJS::ExecState*) + 280 (nodes.cpp:2442) 37  com.apple.JavaScriptCore  0x00679f9c KJS::BlockNode::execute(KJS::ExecState*) + 216 (nodes.cpp:1638) 38  com.apple.JavaScriptCore  0x006685e4 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 92 (function.cpp:338) 39  com.apple.JavaScriptCore  0x00667bf0 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 668 (function.cpp:104) 40  com.apple.JavaScriptCore  0x0068dfa4 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 288 (object.cpp:96) 41  com.apple.WebCore         0x0133db9c KJS::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 772 (kjs_events.cpp:114) 42  com.apple.WebCore         0x0114d480 WebCore::Document::handleWindowEvent(WebCore::Event*, bool) + 308 (Document.cpp:2224) 43  com.apple.WebCore         0x012ff280 WebCore::EventTargetNode::dispatchWindowEvent(WebCore::AtomicString const&, bool, bool) + 324 (EventTargetNode.cpp:321) 44  com.apple.WebCore         0x011504b4 WebCore::Document::implicitClose() + 700 (Document.cpp:1195) 45  com.apple.WebCore         0x0111c894 WebCore::Frame::checkEmitLoadEvent() + 724 (Frame.cpp:830) 46  com.apple.WebCore         0x011218a8 WebCore::Frame::checkCompleted() + 528 (Frame.cpp:795) 47  com.apple.WebCore         0x01121a3c WebCore::Frame::childCompleted(bool) + 132 (Frame.cpp:1629) 48  com.apple.WebCore         0x0112166c WebCore::Frame::completed(bool) + 176 (Frame.cpp:3569) 49  com.apple.WebCore         0x01121930 WebCore::Frame::checkCompleted() + 664 (Frame.cpp:805) 50  com.apple.WebCore         0x01121cd0 WebCore::Frame::finishedParsing() + 44 (Frame.cpp:750) 51  com.apple.WebCore         0x0114a5d4 WebCore::Document::finishedParsing() + 72 (Document.cpp:3275) 52  com.apple.WebCore         0x010425c4 WebCore::HTMLParser::finished() + 300 (HTMLParser.cpp:1345) 53  com.apple.WebCore         0x01047e9c WebCore::HTMLTokenizer::end() + 336 (HTMLTokenizer.cpp:1526) 54  com.apple.WebCore         0x0104832c WebCore::HTMLTokenizer::finish() + 1128 (HTMLTokenizer.cpp:1567) 55  com.apple.WebCore         0x01148370 WebCore::Document::finishParsing() + 84 (Document.cpp:1329) 56  com.apple.WebCore         0x01122010 WebCore::Frame::endIfNotLoading() + 432 (Frame.cpp:706) 57  com.apple.WebCore         0x01122064 WebCore::Frame::end() + 52 (Frame.cpp:689) 58  com.apple.WebCore         0x01161e5c -[WebCoreFrameBridge end] + 72 (WebCoreFrameBridge.mm:708) 59  com.apple.WebKit          0x00247cac -[WebDataSource(WebPrivate) _finishedLoading] + 220 (WebDataSource.m:771) 60  com.apple.WebKit          0x00284e48 -[WebMainResourceLoader didFinishLoading] + 560 (WebMainResourceLoader.m:380) 61  com.apple.WebKit          0x00243074 -[WebLoader connectionDidFinishLoading:] + 184 (WebLoader.m:575) 62  com.apple.Foundation      0x9297684c -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 188 63  com.apple.Foundation      0x92974ab8 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 556 64  com.apple.Foundation      0x92974810 _sendCallbacks + 156 65  com.apple.CoreFoundation  0x907dc4cc __CFRunLoopDoSources0 + 384 66  com.apple.CoreFoundation  0x907db9fc __CFRunLoopRun + 452 67  com.apple.CoreFoundation  0x907db47c CFRunLoopRunSpecific + 268 68  com.apple.Foundation      0x92953164 -[NSRunLoop runMode:beforeDate:] + 172 69  DumpRenderTree            0x0000ad84 dumpRenderTree + 1000 (DumpRenderTree.m:755) 70  DumpRenderTree            0x00007eb4 main + 3672 (DumpRenderTree.m:322) 71  DumpRenderTree            0x00002250 _start + 340 (crt.c:272) 72  DumpRenderTree            0x000020f8 start + 60   47818 3 9103 timothy 2006-06-30 06:31:09 -0700 Comment on attachment 9103 Proposed patch r=me 47825 4 timothy 2006-06-30 07:01:36 -0700 Landed in r15107 47844 5 9103 darin 2006-06-30 11:07:19 -0700 Comment on attachment 9103 Proposed patch I wish there was some more direct way of checking if the frame is still an active part of the frame tree. Like maybe checking if it's page pointer is 0? 9103 2006-06-30 03:50:45 -0700 2006-06-30 06:31:09 -0700 Proposed patch 9664_r1.patch text/plain 1617 mitz SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiAxNTEwNikKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTQgQEAKKzIwMDYtIyMtIyMgIE1pdHogUGV0dGVsICA8b3BlbmRhcndpbi5vcmdA bWl0enBldHRlbC5jb20+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisK KyAgICAgICAgLSBmaXggaHR0cDovL2J1Z3ppbGxhLm9wZW5kYXJ3aW4ub3JnL3Nob3dfYnVnLmNn aT9pZD05NjY0CisgICAgICAgICAgUkVHUkVTU0lPTiAocjE1MTA2KTogQ3Jhc2ggaW4gZmFzdC9l dmVudHMvbW91c2VvdmVyLW1vdXNlb3V0Mi5odG1sCisKKyAgICAgICAgKiBwYWdlL0ZyYW1lVmll dy5jcHA6CisgICAgICAgIChXZWJDb3JlOjpGcmFtZVZpZXc6OmhhbmRsZU1vdXNlTW92ZUV2ZW50 KTogQWRkZWQgYSBjaGVjayB0aGF0IG9sZFN1YmZyYW1lIGlzCisgICAgICAgIHN0aWxsIGEgc3Vi ZnJhbWUgb2YgdGhlIHZpZXcncyBmcmFtZSBiZWZvcmUgcGFzc2luZyB0aGUgZXZlbnQgdG8gaXQu CisKIDIwMDYtMDYtMjkgIFRpbW90aHkgSGF0Y2hlciAgPHRpbW90aHlAYXBwbGUuY29tPgogCiAg ICAgICAgIFJldmlld2VkIGJ5IERhcmluLgpJbmRleDogV2ViQ29yZS9wYWdlL0ZyYW1lVmlldy5j cHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PQotLS0gV2ViQ29yZS9wYWdlL0ZyYW1lVmlldy5jcHAJKHJldmlzaW9uIDE1 MTA2KQorKysgV2ViQ29yZS9wYWdlL0ZyYW1lVmlldy5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTMw LDYgKzMwLDcgQEAKICNpbmNsdWRlICJDdXJzb3IuaCIKICNpbmNsdWRlICJFdmVudE5hbWVzLmgi CiAjaW5jbHVkZSAiRnJhbWUuaCIKKyNpbmNsdWRlICJGcmFtZVRyZWUuaCIKICNpbmNsdWRlICJI VE1MRG9jdW1lbnQuaCIKICNpbmNsdWRlICJIVE1MRnJhbWVTZXRFbGVtZW50LmgiCiAjaW5jbHVk ZSAiSFRNTElucHV0RWxlbWVudC5oIgpAQCAtNjg4LDcgKzY4OSw3IEBAIHZvaWQgRnJhbWVWaWV3 OjpoYW5kbGVNb3VzZU1vdmVFdmVudChjb24KICAgICBNb3VzZUV2ZW50V2l0aEhpdFRlc3RSZXN1 bHRzIG1ldiA9IHByZXBhcmVNb3VzZUV2ZW50KGQtPm1vdXNlUHJlc3NlZCAmJiBtX2ZyYW1lLT5t b3VzZURvd25NYXlTdGFydFNlbGVjdCgpLAogICAgICAgICBkLT5tb3VzZVByZXNzZWQsIHRydWUs IG1vdXNlRXZlbnQpOwogCi0gICAgaWYgKGQtPm9sZFN1YmZyYW1lKQorICAgIGlmIChkLT5vbGRT dWJmcmFtZSAmJiBkLT5vbGRTdWJmcmFtZS0+dHJlZSgpLT5pc0Rlc2NlbmRhbnRPZihtX2ZyYW1l LmdldCgpKSkKICAgICAgICAgbV9mcmFtZS0+cGFzc1N1YmZyYW1lRXZlbnRUb1N1YmZyYW1lKG1l diwgZC0+b2xkU3ViZnJhbWUuZ2V0KCkpOwogCiAgICAgYm9vbCBzd2FsbG93RXZlbnQgPSBkaXNw YXRjaE1vdXNlRXZlbnQobW91c2Vtb3ZlRXZlbnQsIG1ldi50YXJnZXROb2RlKCksIGZhbHNlLCAw LCBtb3VzZUV2ZW50LCB0cnVlKTsK