Bug 12688

Summary: REGRESSION (r19469): ASSERT when right clicking on hyperlinks! in TOT webkit
Product: WebKit Reporter: Charles Ying <charles_ying>
Component: WebCore Misc.Assignee: Charles Ying <charles_ying>
Status: RESOLVED FIXED    
Severity: Major CC: aroben, bdakin, sullivan
Priority: P1 Keywords: HasReduction, Regression
Version: 420+   
Hardware: Mac (Intel)   
OS: OS X 10.4   
URL: http://www.tvsquad.com/
Attachments:
Description Flags
tvsquad.com web archive
none
tvsquad hyperlink screenshot
none
Bug reduction HTML source
none
Further reduction of bug
none
proposed patch aroben: review+

Charles Ying
Reported 2007-02-07 17:02:33 PST
Repro steps: 1. Load attached webarchive for tvsquad.com 2. Scroll down to hyperlink saying: "Joss Whedon now has room for Buffy movie" 3. Right click on hyperlink 4. WebKit TOT crashes with console log: Starting Safari with DYLD_FRAMEWORK_PATH set to point to built WebKit in /Users/cying/Research/WebKit/WebKitBuild/Debug. 2007-02-07 16:39:54.824 Safari[15621] CFLog (0): CFMessagePort: bootstrap_register(): failed 1103 (0x44f), port = 0x3103, name = 'com.apple.Safari.ServiceProvider' See /usr/include/servers/bootstrap_defs.h for the error codes. 2007-02-07 16:39:54.824 Safari[15621] CFLog (99): CFMessagePortCreateLocal(): failed to name Mach port (com.apple.Safari.ServiceProvider) SHOULD NEVER BE REACHED (/Users/cying/Research/WebKit/WebKit/WebCoreSupport/WebContextMenuClient.mm:182 fixMenusReceivedFromOldClients) Segmentation fault GDB backtrace follows: Starting program: /Applications/Safari.app/Contents/MacOS/Safari Reading symbols for shared libraries ...................................................................................... done 2007-02-07 16:50:02.534 Safari[15655] CFLog (0): CFMessagePort: bootstrap_register(): failed 1103 (0x44f), port = 0x3103, name = 'com.apple.Safari.ServiceProvider' See /usr/include/servers/bootstrap_defs.h for the error codes. 2007-02-07 16:50:02.537 Safari[15655] CFLog (99): CFMessagePortCreateLocal(): failed to name Mach port (com.apple.Safari.ServiceProvider) Reading symbols for shared libraries . done Reading symbols for shared libraries . done Reading symbols for shared libraries . done Reading symbols for shared libraries ... done SHOULD NEVER BE REACHED (/Users/cying/Research/WebKit/WebKit/WebCoreSupport/WebContextMenuClient.mm:182 fixMenusReceivedFromOldClients) Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0xbbadbeef 0x0039967c in fixMenusReceivedFromOldClients (newMenuItems=0x1a604750, defaultMenuItems=0x1a4fb870) at /Users/cying/Research/WebKit/WebKit/WebCoreSupport/WebContextMenuClient.mm:182 182 ASSERT_NOT_REACHED(); (gdb) backtrace #0 0x0039967c in fixMenusReceivedFromOldClients (newMenuItems=0x1a604750, defaultMenuItems=0x1a4fb870) at /Users/cying/Research/WebKit/WebKit/WebCoreSupport/WebContextMenuClient.mm:182 #1 0x00399808 in WebContextMenuClient::getCustomMenuFromDefaultItems (this=0x177cde80, defaultMenu=0x1a4fa190) at /Users/cying/Research/WebKit/WebKit/WebCoreSupport/WebContextMenuClient.mm:199 #2 0x013f36ae in WebCore::ContextMenuController::handleContextMenuEvent (this=0x177ce030, event=0x1a4fc120) at /Users/cying/Research/WebKit/WebCore/page/ContextMenuController.cpp:88 #3 0x0122fa40 in WebCore::EventTargetNode::defaultEventHandler (this=0x1a192e50, event=0x1a4fc120) at /Users/cying/Research/WebKit/WebCore/dom/EventTargetNode.cpp:585 #4 0x0122dc95 in WebCore::EventTargetNode::dispatchGenericEvent (this=0x1a192e50, e=@0xbffff2fc, tempEvent=true) at /Users/cying/Research/WebKit/WebCore/dom/EventTargetNode.cpp:264 #5 0x0122f5ff in WebCore::EventTargetNode::dispatchEvent (this=0x1a192e50, e=@0xbffff34c, ec=@0xbffff424, tempEvent=true, target=0x1a192e74) at /Users/cying/Research/WebKit/WebCore/dom/EventTargetNode.cpp:305 #6 0x0122f67b in WebCore::EventTargetNode::dispatchEvent (this=0x1a192e50, e=@0xbffff430, ec=@0xbffff424, tempEvent=true) at /Users/cying/Research/WebKit/WebCore/dom/EventTargetNode.cpp:289 #7 0x0122e40f in WebCore::EventTargetNode::dispatchMouseEvent (this=0x1a192e50, eventType=@0x16bc70c, button=2, detail=0, pageX=174, pageY=1973, screenX=913, screenY=760, ctrlKey=false, altKey=false, shiftKey=false, metaKey=false, isSimulated=false, relatedTargetArg=0x0, underlyingEvent=@0xbffff4e4) at /Users/cying/Research/WebKit/WebCore/dom/EventTargetNode.cpp:467 #8 0x0122eb41 in WebCore::EventTargetNode::dispatchMouseEvent (this=0x1a192e50, event=@0xbffff614, eventType=@0x16bc70c, detail=0, relatedTarget=0x0) at /Users/cying/Research/WebKit/WebCore/dom/EventTargetNode.cpp:394 #9 0x013ee2be in WebCore::EventHandler::dispatchMouseEvent (this=0x2a0d90c, eventType=@0x16bc70c, targetNode=0x1a192e50, cancelable=true, clickCount=0, mouseEvent=@0xbffff614, setUnder=true) at /Users/cying/Research/WebKit/WebCore/page/EventHandler.cpp:1093 #10 0x013ee634 in WebCore::EventHandler::sendContextMenuEvent (this=0x2a0d90c, event={static currentEvent = {<No data fields>}, m_position = {m_x = 174, m_y = 333}, m_globalPosition = {m_x = 913, m_y = 760}, m_button = WebCore::RightButton, m_eventType = WebCore::MouseEventPressed, m_clickCount = 1, m_shiftKey = false, m_ctrlKey = false, m_altKey = false, m_metaKey = false, m_timestamp = 197223.42265699999, m_eventNumber = 3700}) at /Users/cying/Research/WebKit/WebCore/page/EventHandler.cpp:1190 #11 0x0033b4df in -[WebHTMLView menuForEvent:] (self=0x17757430, _cmd=0x90ab4350, event=0x1a4ed290) at /Users/cying/Research/WebKit/WebKit/WebView/WebHTMLView.mm:2565 #12 0x9373680e in -[NSView rightMouseDown:] () #13 0x935ed9d3 in -[NSControl _rightMouseUpOrDown:] () #14 0x9335bbe1 in -[NSWindow sendEvent:] () #15 0x000230c6 in ?? () #16 0x9334d350 in -[NSApplication sendEvent:] () #17 0x00022c56 in ?? () #18 0x93277dfe in -[NSApplication run] () #19 0x9326bd2f in NSApplicationMain () #20 0x0005f54a in ?? () #21 0x0005f471 in ?? ()
Attachments
tvsquad.com web archive (777.02 KB, application/x-webarchive)
2007-02-07 17:03 PST, Charles Ying 		no flags
Details
tvsquad hyperlink screenshot (242.31 KB, image/jpeg)
2007-02-07 17:06 PST, Charles Ying 		no flags
Details
Bug reduction HTML source (87.49 KB, text/html)
2007-02-07 17:27 PST, Charles Ying 		no flags
Details
Further reduction of bug (107 bytes, text/html)
2007-02-07 20:32 PST, Charles Ying 		no flags
Details
proposed patch (7.25 KB, patch)
2007-02-07 21:44 PST, Charles Ying 		aroben: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Charles Ying
Comment 1 2007-02-07 17:03:30 PST
Created attachment 13024 [details] tvsquad.com web archive
Charles Ying
Comment 2 2007-02-07 17:06:34 PST
Created attachment 13025 [details] tvsquad hyperlink screenshot
Charles Ying
Comment 3 2007-02-07 17:27:17 PST
Created attachment 13027 [details] Bug reduction HTML source A little bit more reduction of the bug, right click on "Interviews" to repro the bug
Charles Ying
Comment 4 2007-02-07 20:32:53 PST
Created attachment 13040 [details] Further reduction of bug Reduced down to 5 lines... should be easy from here.
Maciej Stachowiak
Comment 5 2007-02-07 20:35:52 PST
Possibly a very recent regression.
Adam Roben (:aroben)
Comment 6 2007-02-07 20:38:09 PST
This was caused by http://trac.webkit.org/projects/webkit/changeset/19469
Charles Ying
Comment 7 2007-02-07 21:44:13 PST
Created attachment 13043 [details] proposed patch
Adam Roben (:aroben)
Comment 8 2007-02-07 21:45:08 PST
Comment on attachment 13043 [details] proposed patch r=me
Adam Roben (:aroben)
Comment 9 2007-02-07 21:51:38 PST
Landed as r19494
Adam Roben (:aroben)
Comment 10 2007-02-08 00:43:56 PST
*** Bug 12692 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.