Bug 12580

Summary: ASSERT failure and crash right-clicking on image in SVG use test
Product: WebKit Reporter: Eric Seidel (no email) <eric>
Component: SVGAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: aroben, zimmermann
Priority: P1 Keywords: InRadar, NeedsReduction
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
URL: http://www.w3.org/Graphics/SVG/Test/20061213/htmlEmbedHarness/full-struct-use-01-t.html
Attachments:
Description Flags
fix the crash
andersca: review+
Manual test case mjs: review+

Eric Seidel (no email)
Reported 2007-02-04 04:06:47 PST
ASSERT failure and crash right-clicking on image in SVG use test Right-click on the (gradient) image in the test case. Safari hits an ASSERT: ASSERTION FAILED: this (/Stuff/Projects/WebKit/WebCore/dom/Node.h:274 WebCore::Document* WebCore::Node::document() const) and crashes: Date/Time: 2007-02-04 03:54:08.734 -0800 OS Version: 10.4.8 (Build 8L2127) Report Version: 4 Command: Safari Path: /Applications/Safari.app/Contents/MacOS/Safari Parent: zsh [367] Version: 2.0.4 (419.3) Build Version: 2 Project Name: WebBrowser Source Version: 4190300 PID: 6482 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0xbbadbeef Thread 0 Crashed: 0 com.apple.WebCore 0x014d4831 WebCore::Node::document() const + 65 (Node.h:274) 1 com.apple.WebCore 0x013f2358 WebCore::ContextMenuController::handleContextMenuEvent(WebCore::Event*) + 216 (ContextMenuController.cpp:79) 2 com.apple.WebCore 0x0122f438 WebCore::EventTargetNode::defaultEventHandler(WebCore::Event*) + 392 (EventTargetNode.cpp:587) 3 com.apple.WebCore 0x0122d68d WebCore::EventTargetNode::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 1965 (EventTargetNode.cpp:263) 4 com.apple.WebCore 0x0122eff7 WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool, WebCore::EventTarget*) + 329 (EventTargetNode.cpp:305) 5 com.apple.WebCore 0x0105f785 WebCore::SVGElement::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 235 (SVGElement.cpp:236) 6 com.apple.WebCore 0x0122de07 WebCore::EventTargetNode::dispatchMouseEvent(WebCore::AtomicString const&, int, int, int, int, int, int, bool, bool, bool, bool, bool, WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) + 691 (EventTargetNode.cpp:467) 7 com.apple.WebCore 0x0122e539 WebCore::EventTargetNode::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WebCore::AtomicString const&, int, WebCore::Node*) + 533 (EventTargetNode.cpp:394) 8 com.apple.WebCore 0x013ed1a8 WebCore::EventHandler::dispatchMouseEvent(WebCore::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 572 (EventHandler.cpp:1075) 9 com.apple.WebCore 0x013ed521 WebCore::EventHandler::sendContextMenuEvent(WebCore::PlatformMouseEvent) + 439 (EventHandler.cpp:1172) 10 com.apple.WebKit 0x0033b78b -[WebHTMLView menuForEvent:] + 265 (WebHTMLView.mm:2565) 11 com.apple.AppKit 0x9372780e -[NSView rightMouseDown:] + 63 12 com.apple.AppKit 0x935de9d3 -[NSControl _rightMouseUpOrDown:] + 519 13 com.apple.AppKit 0x9334cbe1 -[NSWindow sendEvent:] + 7377 14 com.apple.Safari 0x0002338e 0x1000 + 140174 15 com.apple.AppKit 0x9333e350 -[NSApplication sendEvent:] + 5023 16 com.apple.Safari 0x00022f1e 0x1000 + 139038 17 com.apple.AppKit 0x93268dfe -[NSApplication run] + 547 18 com.apple.AppKit 0x9325cd2f NSApplicationMain + 573 19 com.apple.Safari 0x0005f7de 0x1000 + 387038 20 com.apple.Safari 0x0005f6f9 0x1000 + 386809
Attachments
fix the crash (2.37 KB, patch)
2007-02-06 05:09 PST, Eric Seidel (no email) 		andersca: review+
DetailsFormatted DiffDiff
Manual test case (1.05 KB, image/svg+xml)
2007-02-11 14:20 PST, David Kilzer (:ddkilzer) 		mjs: review+
Details
View All Add attachment proposed patch, testcase, etc.
Maciej Stachowiak
Comment 1 2007-02-04 11:50:54 PST
<rdar://problem/4975133>
Eric Seidel (no email)
Comment 2 2007-02-06 05:09:04 PST
I have a patch to fix the crash. I'm not sure if it's the "correct" way to fix this though. WildFox should comment.
Eric Seidel (no email)
Comment 3 2007-02-06 05:09:54 PST
Created attachment 12968 [details] fix the crash Wildfox needs to comment on this before it should go up for review.
Maciej Stachowiak
Comment 4 2007-02-09 06:03:31 PST
Comment on attachment 12968 [details] fix the crash I think this should stand for review as-is.
Nikolas Zimmermann
Comment 5 2007-02-09 13:19:42 PST
Totally fine with me! Thanks for investigating... Niko
Anders Carlsson
Comment 6 2007-02-09 17:08:09 PST
Comment on attachment 12968 [details] fix the crash r=me
Sam Weinig
Comment 7 2007-02-10 11:22:00 PST
This needs at least a changelog, and preferably a test to go with it.
David Kilzer (:ddkilzer)
Comment 8 2007-02-11 14:20:01 PST
Created attachment 13124 [details] Manual test case Here is a manual test case. Is there a way to simulate a right-click from an automated layout test?
Maciej Stachowiak
Comment 9 2007-02-11 19:11:27 PST
I don't think there is a way, but it should be easily doable by extending eventSender. However, the manual test seems fine for now.
Note You need to log in before you can comment on or make changes to this bug.