Bug 126338

Summary: Draging from inner side of video to out side causes a crash
Product: WebKit Reporter: ChangSeok Oh <changseok>
Component: WebKitGTKAssignee: ChangSeok Oh <changseok>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, eric.carlson, gustavo, jer.noble, kling, mrobinson, pnormand, sam
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
testcase
none
Patch
none
Patch
none
Patch none

ChangSeok Oh
Reported 2013-12-31 07:08:30 PST
This happens on both GTK and EFL ports, but not Mac port using MEDIA_CONTROL_SCRIPT Program received signal SIGSEGV, Segmentation fault. 0x00007ffff69f6e85 in WebCore::SliderContainerElement::shadowPseudoId() const () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 (gdb) bt #0 0x00007ffff69f6e85 in WebCore::SliderContainerElement::shadowPseudoId() const () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #1 0x00007ffff676ebce in WebCore::ElementRuleCollector::collectMatchingRules(WebCore::MatchRequest const&, WebCore::StyleResolver::RuleRange&) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #2 0x00007ffff676fa18 in WebCore::ElementRuleCollector::matchUARules(WebCore::RuleSet*) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #3 0x00007ffff676fa82 in WebCore::ElementRuleCollector::matchUARules() () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #4 0x00007ffff676fb13 in WebCore::ElementRuleCollector::matchAllRules(bool, bool) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #5 0x00007ffff67a17bb in WebCore::StyleResolver::styleForElement(WebCore::Element*, WebCore::RenderStyle*, WebCore::StyleSharingBehavior, WebCore::RuleMatchingBehavior, WebCore::RenderRegion*) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #6 0x00007ffff67cae40 in WebCore::Document::styleForElementIgnoringPendingStylesheets(WebCore::Element*) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #7 0x00007ffff67f71a7 in WebCore::Element::computedStyle(WebCore::PseudoId) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #8 0x00007ffff67cae18 in WebCore::Document::styleForElementIgnoringPendingStylesheets(WebCore::Element*) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #9 0x00007ffff67f71a7 in WebCore::Element::computedStyle(WebCore::PseudoId) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #10 0x00007ffff67cae18 in WebCore::Document::styleForElementIgnoringPendingStylesheets(WebCore::Element*) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #11 0x00007ffff67f71a7 in WebCore::Element::computedStyle(WebCore::PseudoId) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.---Type <return> to continue, or q <return> to quit--- 0 #12 0x00007ffff6814cae in WebCore::Node::hasEditableStyle(WebCore::Node::EditableLevel, WebCore::Node::UserSelectAllTreatment) const () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #13 0x00007ffff681dfef in WebCore::Position::upstream(WebCore::EditingBoundaryCrossingRule) const () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #14 0x00007ffff68e7f1b in WebCore::VisiblePosition::canonicalPosition(WebCore::Position const&) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #15 0x00007ffff68e8494 in WebCore::VisiblePosition::init(WebCore::Position const&, WebCore::EAffinity) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #16 0x00007ffff688ebf1 in WebCore::FrameSelection::localCaretRect() () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #17 0x00007ffff688f65f in WebCore::FrameSelection::recomputeCaretRect() () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #18 0x00007ffff6891afd in WebCore::FrameSelection::updateAppearance() () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #19 0x00007ffff6b9d36e in WebCore::FrameView::performPostLayoutTasks() () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #20 0x00007ffff6ba171d in WebCore::FrameView::layout(bool) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #21 0x00007ffff67d1879 in WebCore::Document::updateLayout() () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #22 0x00007ffff67d2201 in WebCore::Document::updateLayoutIgnorePendingStylesheets() () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #23 0x00007ffff72ff21c in webkitAccessibleGetNChildren(_AtkObject*) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #24 0x00007ffff72ebbb0 in WebCore::AXObjectCache::postPlatformNotification(WebCore::Acc---Type <return> to continue, or q <return> to quit--- essibilityObject*, WebCore::AXObjectCache::AXNotification) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #25 0x00007ffff6628802 in WebCore::AXObjectCache::notificationPostTimerFired(WebCore::Timer<WebCore::AXObjectCache>*) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #26 0x00007ffff65e3b29 in WebCore::ThreadTimers::sharedTimerFiredInternal() () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #27 0x00007ffff65f7f52 in WebCore::sharedTimerTimeoutCallback(void*) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #28 0x00007ffff4c14d63 in g_timeout_dispatch (source=source@entry=0x782330, callback=<optimized out>, user_data=<optimized out>) at gmain.c:4450 #29 0x00007ffff4c14206 in g_main_dispatch (context=0x643780) at gmain.c:3065 #30 g_main_context_dispatch (context=context@entry=0x643780) at gmain.c:3641 #31 0x00007ffff4c14558 in g_main_context_iterate (context=0x643780, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3712 #32 0x00007ffff4c1495a in g_main_loop_run (loop=0x969910) at gmain.c:3906 #33 0x00007ffff5c2741d in gtk_main () at gtkmain.c:1157 #34 0x00000000004038ec in main ()
Attachments
Patch (2.57 KB, patch)
2013-12-31 08:13 PST, ChangSeok Oh 		no flags
DetailsFormatted DiffDiff
testcase (301.12 KB, application/gzip)
2013-12-31 08:15 PST, ChangSeok Oh 		no flags
Details
Patch (2.57 KB, patch)
2013-12-31 08:20 PST, ChangSeok Oh 		no flags
DetailsFormatted DiffDiff
Patch (5.74 KB, patch)
2014-01-03 00:54 PST, ChangSeok Oh 		no flags
DetailsFormatted DiffDiff
Patch (5.72 KB, patch)
2014-01-23 11:40 PST, ChangSeok Oh 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
ChangSeok Oh
Comment 1 2013-12-31 08:13:34 PST
Created attachment 220159 [details] Patch
ChangSeok Oh
Comment 2 2013-12-31 08:15:55 PST
Created attachment 220160 [details] testcase
ChangSeok Oh
Comment 3 2013-12-31 08:20:59 PST
Created attachment 220161 [details] Patch
Sergio Villar Senin
Comment 4 2014-01-02 01:26:58 PST
Comment on attachment 220161 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=220161&action=review Looks good to me but it should be possible to create a test case for this, as we can play a video and perform a drag&drop in layout tests. > Source/WebCore/ChangeLog:10 > + The media controls disappear when mouse cursor goes out side of video though nit: outside > Source/WebCore/ChangeLog:12 > + lose their renderers. However the drag is still under going. it requires shadowPsuedoId nit: PseudoId
ChangSeok Oh
Comment 5 2014-01-03 00:54:57 PST
Created attachment 220290 [details] Patch
ChangSeok Oh
Comment 6 2014-01-03 00:56:44 PST
(In reply to comment #4) > (From update of attachment 220161 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=220161&action=review > > Looks good to me but it should be possible to create a test case for this, as we can play a video and perform a drag&drop in layout tests. Yeap. I added a test. > > Source/WebCore/ChangeLog:10 > > + The media controls disappear when mouse cursor goes out side of video though > > nit: outside Done. > > Source/WebCore/ChangeLog:12 > > + lose their renderers. However the drag is still under going. it requires shadowPsuedoId > > nit: PseudoId Done.
Jer Noble
Comment 7 2014-01-23 10:53:53 PST
Comment on attachment 220290 [details] Patch r=me
ChangSeok Oh
Comment 8 2014-01-23 11:40:42 PST
Created attachment 222008 [details] Patch
ChangSeok Oh
Comment 9 2014-01-23 11:45:18 PST
(In reply to comment #7) > (From update of attachment 220290 [details]) > r=me Thanks for the r+ :) I just made a trivial change removing '[GTK]' from the title. I will land the new patch after seeing all greens.
WebKit Commit Bot
Comment 10 2014-01-23 20:07:57 PST
Comment on attachment 222008 [details] Patch Clearing flags on attachment: 222008 Committed r162683: <http://trac.webkit.org/changeset/162683>
WebKit Commit Bot
Comment 11 2014-01-23 20:08:02 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.