Bug 126338

Summary:

Draging from inner side of video to out side causes a crash

Product:

WebKit

Reporter:

ChangSeok Oh <changseok>

Component:

WebKitGTK

Assignee:

ChangSeok Oh <changseok>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, eric.carlson, gustavo, jer.noble, kling, mrobinson, pnormand, sam

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
testcase	none
Patch	none
Patch	none
Patch	none

Description ChangSeok Oh 2013-12-31 07:08:30 PST

This happens on both GTK and EFL ports, but not Mac port using MEDIA_CONTROL_SCRIPT

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff69f6e85 in WebCore::SliderContainerElement::shadowPseudoId() const ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
(gdb) bt
#0  0x00007ffff69f6e85 in WebCore::SliderContainerElement::shadowPseudoId() const ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#1  0x00007ffff676ebce in WebCore::ElementRuleCollector::collectMatchingRules(WebCore::MatchRequest const&, WebCore::StyleResolver::RuleRange&) ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#2  0x00007ffff676fa18 in WebCore::ElementRuleCollector::matchUARules(WebCore::RuleSet*) ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#3  0x00007ffff676fa82 in WebCore::ElementRuleCollector::matchUARules() ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#4  0x00007ffff676fb13 in WebCore::ElementRuleCollector::matchAllRules(bool, bool) ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#5  0x00007ffff67a17bb in WebCore::StyleResolver::styleForElement(WebCore::Element*, WebCore::RenderStyle*, WebCore::StyleSharingBehavior, WebCore::RuleMatchingBehavior, WebCore::RenderRegion*) ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#6  0x00007ffff67cae40 in WebCore::Document::styleForElementIgnoringPendingStylesheets(WebCore::Element*) ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#7  0x00007ffff67f71a7 in WebCore::Element::computedStyle(WebCore::PseudoId) ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#8  0x00007ffff67cae18 in WebCore::Document::styleForElementIgnoringPendingStylesheets(WebCore::Element*) ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#9  0x00007ffff67f71a7 in WebCore::Element::computedStyle(WebCore::PseudoId) ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#10 0x00007ffff67cae18 in WebCore::Document::styleForElementIgnoringPendingStylesheets(WebCore::Element*) ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#11 0x00007ffff67f71a7 in WebCore::Element::computedStyle(WebCore::PseudoId) ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.---Type <return> to continue, or q <return> to quit---
0
#12 0x00007ffff6814cae in WebCore::Node::hasEditableStyle(WebCore::Node::EditableLevel, WebCore::Node::UserSelectAllTreatment) const ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#13 0x00007ffff681dfef in WebCore::Position::upstream(WebCore::EditingBoundaryCrossingRule) const ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#14 0x00007ffff68e7f1b in WebCore::VisiblePosition::canonicalPosition(WebCore::Position const&) ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#15 0x00007ffff68e8494 in WebCore::VisiblePosition::init(WebCore::Position const&, WebCore::EAffinity) ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#16 0x00007ffff688ebf1 in WebCore::FrameSelection::localCaretRect() ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#17 0x00007ffff688f65f in WebCore::FrameSelection::recomputeCaretRect() ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#18 0x00007ffff6891afd in WebCore::FrameSelection::updateAppearance() ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#19 0x00007ffff6b9d36e in WebCore::FrameView::performPostLayoutTasks() ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#20 0x00007ffff6ba171d in WebCore::FrameView::layout(bool) ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#21 0x00007ffff67d1879 in WebCore::Document::updateLayout() ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#22 0x00007ffff67d2201 in WebCore::Document::updateLayoutIgnorePendingStylesheets() ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#23 0x00007ffff72ff21c in webkitAccessibleGetNChildren(_AtkObject*) ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#24 0x00007ffff72ebbb0 in WebCore::AXObjectCache::postPlatformNotification(WebCore::Acc---Type <return> to continue, or q <return> to quit---
essibilityObject*, WebCore::AXObjectCache::AXNotification) ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#25 0x00007ffff6628802 in WebCore::AXObjectCache::notificationPostTimerFired(WebCore::Timer<WebCore::AXObjectCache>*) ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#26 0x00007ffff65e3b29 in WebCore::ThreadTimers::sharedTimerFiredInternal() ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#27 0x00007ffff65f7f52 in WebCore::sharedTimerTimeoutCallback(void*) ()
   from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0
#28 0x00007ffff4c14d63 in g_timeout_dispatch (source=source@entry=0x782330, 
    callback=<optimized out>, user_data=<optimized out>) at gmain.c:4450
#29 0x00007ffff4c14206 in g_main_dispatch (context=0x643780) at gmain.c:3065
#30 g_main_context_dispatch (context=context@entry=0x643780) at gmain.c:3641
#31 0x00007ffff4c14558 in g_main_context_iterate (context=0x643780, 
    block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at gmain.c:3712
#32 0x00007ffff4c1495a in g_main_loop_run (loop=0x969910) at gmain.c:3906
#33 0x00007ffff5c2741d in gtk_main () at gtkmain.c:1157
#34 0x00000000004038ec in main ()

Comment 1 ChangSeok Oh 2013-12-31 08:13:34 PST

Created attachment 220159 [details]
Patch

Comment 2 ChangSeok Oh 2013-12-31 08:15:55 PST

Created attachment 220160 [details]
testcase

Comment 3 ChangSeok Oh 2013-12-31 08:20:59 PST

Created attachment 220161 [details]
Patch

Comment 4 Sergio Villar Senin 2014-01-02 01:26:58 PST

Comment on attachment 220161 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=220161&action=review

Looks good to me but it should be possible to create a test case for this, as we can play a video and perform a drag&drop in layout tests.

> Source/WebCore/ChangeLog:10
> +        The media controls disappear when mouse cursor goes out side of video though

nit: outside

> Source/WebCore/ChangeLog:12
> +        lose their renderers. However the drag is still under going. it requires shadowPsuedoId

nit: PseudoId

Comment 5 ChangSeok Oh 2014-01-03 00:54:57 PST

Created attachment 220290 [details]
Patch

Comment 6 ChangSeok Oh 2014-01-03 00:56:44 PST

(In reply to comment #4)
> (From update of attachment 220161 [details])
> View in context: https://bugs.webkit.org/attachment.cgi?id=220161&action=review
> 
> Looks good to me but it should be possible to create a test case for this, as we can play a video and perform a drag&drop in layout tests.
Yeap. I added a test.

> > Source/WebCore/ChangeLog:10
> > +        The media controls disappear when mouse cursor goes out side of video though
> 
> nit: outside
Done.

> > Source/WebCore/ChangeLog:12
> > +        lose their renderers. However the drag is still under going. it requires shadowPsuedoId
> 
> nit: PseudoId
Done.

Comment 7 Jer Noble 2014-01-23 10:53:53 PST

Comment on attachment 220290 [details]
Patch

r=me

Comment 8 ChangSeok Oh 2014-01-23 11:40:42 PST

Created attachment 222008 [details]
Patch

Comment 9 ChangSeok Oh 2014-01-23 11:45:18 PST

(In reply to comment #7)
> (From update of attachment 220290 [details])
> r=me

Thanks for the r+ :)
I just made a trivial change removing '[GTK]' from the title. I will land the new patch after seeing all greens.

Comment 10 WebKit Commit Bot 2014-01-23 20:07:57 PST

Comment on attachment 222008 [details]
Patch

Clearing flags on attachment: 222008

Committed r162683: <http://trac.webkit.org/changeset/162683>

Comment 11 WebKit Commit Bot 2014-01-23 20:08:02 PST

All reviewed patches have been landed.  Closing bug.