Bug 12557

Summary:	Occasional crashes when using JS-keyboard shortcuts
Product:	WebKit	Reporter:	W. Andy Carrel <wac>
Component:	WebCore JavaScript	Assignee:	Nobody <webkit-unassigned>
Status:	UNCONFIRMED
Severity:	Normal	CC:	adele, helen9098, webkit
Priority:	P2	Keywords:	GoogleBug
Version:	420+
Hardware:	Mac
OS:	OS X 10.4
URL:	http://mail.google.com/

W. Andy Carrel

Reported 2007-02-03 06:42:58 PST

It looks like this is coming from an unsafe dereference in wtf/HashTable.h near line 398. Backtrace looks like: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0x5c6a5c78 #0 0x014633b1 in WTF::HashTable<int, int, WTF::IdentityExtractor<int>, WTF::IntHash<int>, WTF::HashTraits<int>, WTF::HashTraits<int> >::contains<int, WTF::IdentityHashTranslator<int, int, WTF::IntHash<int> > > () #1 0x011e5fda in WebCore::TimerBase::isActive () #2 0x010c3033 in WebCore::Frame::keepAlive () #3 0x01224c6e in KJS::ScriptInterpreter::globalExec () #4 0x01230cf8 in KJS::JSAbstractEventListener::handleEvent () #5 0x011fde20 in WebCore::EventTargetNode::handleLocalEvents () #6 0x011fe652 in WebCore::EventTargetNode::dispatchGenericEvent () #7 0x011feb78 in WebCore::EventTargetNode::dispatchEvent () #8 0x011fee9a in WebCore::EventTargetNode::dispatchKeyEvent () #9 0x013c7b15 in WebCore::EventHandler::keyEvent () #10 0x013c57b7 in WebCore::EventHandler::keyEvent () #11 0x0032f4c8 in -[WebHTMLView keyDown:] () #12 0x9334cbe1 in -[NSWindow sendEvent:] () #13 0x0002338e in ?? () #14 0x9333e350 in -[NSApplication sendEvent:] () #15 0x00022f1e in ?? () #16 0x93268dfe in -[NSApplication run] () #17 0x9325cd2f in NSApplicationMain () #18 0x0005f7de in ?? () #19 0x0005f6f9 in ?? ()

Attachments
Add attachment proposed patch, testcase, etc.

David Kilzer (:ddkilzer)

Comment 1 2007-02-03 07:57:14 PST

Is there a specific set of JS-keyboard shortcuts that makes this reproducible?

W. Andy Carrel

Comment 2 2007-02-03 12:26:23 PST

I got this specific crash 2 or 3 times yesterday when using the keyboard shortcuts to move around in my gmail. But it wasn't particularly repeatable which was frustrating. Although just now as I was looking to repro this in webkit I got a possibly related crash (again with the timer hashtable deref):: Thread 0 Crashed: 0 com.apple.WebCore 0x014633b1 bool WTF::HashTable<int, int, WTF::IdentityExtractor<int>, WTF::IntHash<int>, WTF::HashTraits<int>, WTF::HashTraits<int> >::contains<int, WTF::IdentityHashTranslator<int, int, WTF::IntHash<int> > >(int const&) const + 117 1 com.apple.WebCore 0x011e5fda WebCore::TimerBase::isActive() const + 56 2 com.apple.WebCore 0x013cb509 WebCore::EventHandler::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&) + 101 3 com.apple.WebCore 0x010ccb33 WebCore::FrameView::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&) + 35 4 com.apple.WebCore 0x013c493a WebCore::EventHandler::mouseMoved(NSEvent*) + 220 5 com.apple.WebKit 0x00334ea3 -[WebHTMLView(WebPrivate) _updateMouseoverWithEvent:] + 903 6 com.apple.Foundation 0x925ed207 _nsnote_callback + 230 7 com.apple.CoreFoundation 0x90852649 __CFXNotificationPost + 345 8 com.apple.CoreFoundation 0x90849e80 _CFXNotificationPostNotification + 600 9 com.apple.Foundation 0x925e5860 -[NSNotificationCenter postNotificationName:object:userInfo:] + 121 10 com.apple.AppKit 0x93410d5c -[NSResponder _postEventNotification:] + 293 11 com.apple.AppKit 0x932e2bb8 forwardMethod + 177 12 com.apple.AppKit 0x932e2b59 forwardMethod + 82 13 com.apple.AppKit 0x932e2b59 forwardMethod + 82 14 com.apple.AppKit 0x932e2b59 forwardMethod + 82 15 com.apple.AppKit 0x932e2b59 forwardMethod + 82 16 com.apple.AppKit 0x932e2b59 forwardMethod + 82 17 com.apple.AppKit 0x932e2b59 forwardMethod + 82 18 com.apple.AppKit 0x932e2b59 forwardMethod + 82 19 com.apple.AppKit 0x932e2b59 forwardMethod + 82 20 com.apple.AppKit 0x932e2b59 forwardMethod + 82 21 com.apple.AppKit 0x932e2b59 forwardMethod + 82 22 com.apple.AppKit 0x932e2b59 forwardMethod + 82 23 com.apple.AppKit 0x932e2b59 forwardMethod + 82 24 com.apple.AppKit 0x932e2b59 forwardMethod + 82 25 com.apple.AppKit 0x932e2b59 forwardMethod + 82 26 com.apple.AppKit 0x932e2b59 forwardMethod + 82 27 com.apple.AppKit 0x9334cbe1 -[NSWindow sendEvent:] + 7377 28 com.apple.Safari 0x0002338e 0x1000 + 140174 29 com.apple.AppKit 0x9333e350 -[NSApplication sendEvent:] + 5023 30 com.apple.Safari 0x00022f1e 0x1000 + 139038 31 com.apple.AppKit 0x93268dfe -[NSApplication run] + 547 32 com.apple.AppKit 0x9325cd2f NSApplicationMain + 573 33 com.apple.Safari 0x0005f7de 0x1000 + 387038 34 com.apple.Safari 0x0005f6f9 0x1000 + 386809

Robert Blaut

Comment 3 2008-03-16 10:50:28 PDT

Reporter, is the crash still reproducible in the latest Webkit?

helen9098

Comment 4 2024-11-14 13:14:25 PST

test comment

Note You need to log in before you can comment on or make changes to this bug.