Bug 13354
| Summary: | REPRODUCIBLE ASSERT: range != nil in WebViewFactory.mm:415 -[WebViewFactory startOfTextMarkerRange:] | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | David Kilzer (:ddkilzer) <ddkilzer> |
| Component: | Forms | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | justin.garcia, mbritto, sroret |
| Priority: | P1 | Keywords: | InRadar |
| Version: | 523.x (Safari 3) | ||
| Hardware: | Mac | ||
| OS: | OS X 10.4 | ||
| URL: | data:text/html,<input type="text"> | ||
David Kilzer (:ddkilzer)
* SUMMARY
Sequence of steps leads to a reproducible assert in debug builds of WebKit.
* STEPS TO REPRODUCE
1. Open Safari/WebKit.
2. Open URL (or any page with an <input type="text"> in it.
3. Click in the text field.
4. Type text like "asdf".
5. Hit Cmd-A to select all.
6. Type a new word like "Hello".
7. Position mouse pointer over word.
8. Hit Cmd-Ctrl-D to bring up the dictionary/thesaurus.
* EXPECTED RESULTS
The dictionary should be brought up for the word (or at least Safari/WebKit should not crash).
* ACTUAL RESULTS
Safari/WebKit crashes due to an assert.
* REGRESSION
Only tested with Safari 2.0.4 (419.3) on Mac OS X 10.4.9 (8P135) with a local debug build of WebKit r20896.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
David Kilzer (:ddkilzer)
Lowering from P1 because I don't have the steps to reproduce correct. (Sometimes it happens, sometimes it doesn't.)
Stack trace:
PID: 10306
Thread: 0
Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_INVALID_ADDRESS (0x0001) at 0xbbadbeef
Thread 0 Crashed:
0 com.apple.WebKit 0x0033a1f4 -[WebViewFactory startOfTextMarkerRange:] + 92 (WebViewFactory.mm:415)
1 com.apple.WebCore 0x0104501c -[WebCoreAXObject visiblePositionForStartOfTextMarkerRange:] + 136 (WebCoreAXObject.mm:941)
2 com.apple.WebCore 0x0105052c -[WebCoreAXObject doAXAttributedStringForTextMarkerRange:] + 76 (WebCoreAXObject.mm:1630)
3 com.apple.WebCore 0x01049bf4 -[WebCoreAXObject doAXAttributedStringForRange:] + 128 (WebCoreAXObject.mm:2146)
4 com.apple.WebCore 0x0104f224 -[WebCoreAXObject doAXRTFForRange:] + 92 (WebCoreAXObject.mm:2153)
5 com.apple.WebCore 0x0104b11c -[WebCoreAXObject accessibilityAttributeValue:forParameter:] + 5212 (WebCoreAXObject.mm:2316)
6 com.apple.AppKit 0x93a665fc CopyParameterizedAttributeValue + 240
7 com.apple.HIServices 0x91871d94 _AXXMIGCopyParameterizedAttributeValue + 312
8 com.apple.HIServices 0x91879230 _XCopyParameterizedAttributeValue + 288
9 com.apple.HIServices 0x91844404 mshMIGPerform + 308
10 com.apple.CoreFoundation 0x907ec764 __CFRunLoopDoSource1 + 152
11 com.apple.CoreFoundation 0x907dee7c __CFRunLoopRun + 1556
12 com.apple.CoreFoundation 0x907de4ac CFRunLoopRunSpecific + 268
13 com.apple.HIToolbox 0x9329bb20 RunCurrentEventLoopInMode + 264
14 com.apple.HIToolbox 0x9329b1b4 ReceiveNextEventCommon + 380
15 com.apple.HIToolbox 0x9329b020 BlockUntilNextEventMatchingListInMode + 96
16 com.apple.AppKit 0x937a1ae4 _DPSNextEvent + 384
17 com.apple.AppKit 0x937a17a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
18 com.apple.Safari 0x00006740 0x1000 + 22336
19 com.apple.AppKit 0x9379dcec -[NSApplication run] + 472
20 com.apple.AppKit 0x9388e87c NSApplicationMain + 452
21 com.apple.Safari 0x0005c77c 0x1000 + 374652
22 com.apple.Safari 0x0005c624 0x1000 + 374308
David Kilzer (:ddkilzer)
Back to P1--new repeatable steps to reproduce.
* STEPS TO REPRODUCE
1. Open Safari/WebKit.
2. Open URL (or any page with an <input type="text"> in it.
3. Click in the text field.
4. Type text like "asdf".
5. Use Cmd-Tab to switch to another application (so Safari/WebKit loses focus).
6. Hit Cmd-Tab to switch back to Safari/WebKit. DO NOT CLICK IN ANY SAFARI WINDOW.
7. Position the mouse pointer over "asdf" in the text field.
8. Hit Cmd-Ctrl-D to bring up the dictionary.
At this point, the assert should be hit on a debug build and Safari/WebKit will crash.
Darin Adler
<rdar://problem/5153017>
Eric Seidel (no email)
Maybe Safari/WebKit makes some assumption about the window having keyfocus.
Maxime BRITTO
I can't reproduce it on r22090.
Oliver Hunt
Fix was landed r21158