Bug 132214

Summary: REGRESSION (r167689): Hovering file name in a file input causes a crash
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: UI EventsAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, esprehn+autocc, kangil.han, rniwa, thorton
Priority: P1 Keywords: InRadar, Regression
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
URL: data:text/html,<input%20type=file>
Attachments:
Description Flags
Fixes the bug none

Alexey Proskuryakov
Reported 2014-04-25 16:21:27 PDT
Steps to reproduce: 1. Open data:text/html,<input%20type=file> 2. Hover "no files" text. Results: crash. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x0000000106fbab7e WTFCrash + 62 1 com.apple.WebCore 0x00000001076f4479 WTF::CrashOnOverflow::overflowed() + 9 2 com.apple.WebCore 0x000000010789dcac WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) + 2108 3 com.apple.WebCore 0x00000001073b082d WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 29 4 com.apple.WebCore 0x00000001078947fe WebCore::Element::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WTF::AtomicString const&, int, WebCore::Element*) + 270 5 com.apple.WebCore 0x0000000107547932 WebCore::EventHandler::updateMouseEventTargetNode(WebCore::Node*, WebCore::PlatformMouseEvent const&, bool) + 2770 6 com.apple.WebCore 0x0000000107546bf6 WebCore::EventHandler::dispatchMouseEvent(WTF::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 70 7 com.apple.WebCore 0x0000000107544dff WebCore::EventHandler::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&, WebCore::HitTestResult*, bool) + 1279 8 com.apple.WebCore 0x000000010754469b WebCore::EventHandler::mouseMoved(WebCore::PlatformMouseEvent const&) + 107 9 com.apple.WebCore 0x00000001080c2097 WebCore::UserInputBridge::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&, WebCore::InputSource) + 23
Attachments
Fixes the bug (29.42 KB, patch)
2014-04-25 20:38 PDT, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2014-04-25 16:22:12 PDT
<rdar://problem/16731925>
Ryosuke Niwa
Comment 2 2014-04-25 20:38:13 PDT
Created attachment 230234 [details] Fixes the bug
Andreas Kling
Comment 3 2014-04-25 20:39:16 PDT
Comment on attachment 230234 [details] Fixes the bug :|
Ryosuke Niwa
Comment 4 2014-04-25 21:42:05 PDT
Comment on attachment 230234 [details] Fixes the bug Clearing flags on attachment: 230234 Committed r167840: <http://trac.webkit.org/changeset/167840>
Ryosuke Niwa
Comment 5 2014-04-25 21:42:09 PDT
All reviewed patches have been landed. Closing bug.
Tim Horton
Comment 6 2014-04-26 00:38:38 PDT
The test is failing on WebKit1 bots with this console message: CONSOLE MESSAGE: line 11: TypeError: HTMLPreElement is not a function (evaluating 'log('Content:' + detailsContainer.outerHTML + '\n')')
Tim Horton
Comment 7 2014-04-26 00:41:30 PDT
(In reply to comment #6) > The test is failing on WebKit1 bots with this console message: > > CONSOLE MESSAGE: line 11: TypeError: HTMLPreElement is not a function (evaluating 'log('Content:' + detailsContainer.outerHTML + '\n')') http://build.webkit.org/results/Apple%20MountainLion%20Release%20WK1%20(Tests)/r167842%20(19473)/fast/events/shadow-event-path-2-pretty-diff.html
Note You need to log in before you can comment on or make changes to this bug.