Bug 191817

Summary: Dragging image with a border-image larger than the image element crashes
Product: WebKit Reporter: Ralph T <ralpht+bugs>
Component: PlatformAssignee: Wenson Hsieh <wenson_hsieh>
Status: RESOLVED FIXED    
Severity: Normal CC: bdakin, commit-queue, ews-watchlist, ralpht+bugs, rniwa, simon.fraser, thorton, webkit-bug-importer, wenson_hsieh
Priority: P2 Keywords: InRadar
Version: Safari Technology Preview   
Hardware: Mac   
OS: macOS 10.14   
Attachments:
Description Flags
Page that crashes when image is dragged.
none
Patch
none
Archive of layout-test-results from ews126 for ios-simulator-wk2 none

Ralph T
Reported 2018-11-17 16:14:24 PST
Dragging the image in the attached sample causes the renderer to crash.
Attachments
Page that crashes when image is dragged. (477 bytes, text/html)
2018-11-17 16:15 PST, Ralph T 		no flags
Details
Patch (9.41 KB, patch)
2018-11-18 21:27 PST, Wenson Hsieh 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews126 for ios-simulator-wk2 (2.58 MB, application/zip)
2018-11-19 00:22 PST, EWS Watchlist 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Ralph T
Comment 1 2018-11-17 16:15:23 PST
Created attachment 355214 [details] Page that crashes when image is dragged.
Simon Fraser (smfr)
Comment 2 2018-11-17 17:22:42 PST
Thanks for the report.
Simon Fraser (smfr)
Comment 3 2018-11-17 17:26:16 PST
frame #0: 0x00007fff59b456f0 libobjc.A.dylib`objc_exception_throw * frame #1: 0x00007fff2dc2926f CoreFoundation`+[NSException raise:format:] + 201 frame #2: 0x00007fff2b1ec6d1 AppKit`-[NSImage _lockFocusOnRepresentation:rect:context:hints:flipped:] + 316 frame #3: 0x00007fff2b1ec58c AppKit`__51-[NSImage lockFocusWithRect:context:hints:flipped:]_block_invoke + 68 frame #4: 0x00007fff2b17c538 AppKit`-[NSImage _usingBestRepresentationForRect:context:hints:body:] + 156 frame #5: 0x00007fff2b1ec53e AppKit`-[NSImage lockFocusWithRect:context:hints:flipped:] + 141 frame #6: 0x00007fff2b2f134b AppKit`-[NSImage lockFocusFlipped:] + 111 frame #7: 0x00000005f899f931 WebCore`WebCore::dissolveDragImageToFraction(image=(m_ptr = 0x00007fee8173fe30), delta=0.75) at DragImageMac.mm:88 frame #8: 0x00000005fab4b292 WebCore`WebCore::DragController::doImageDrag(this=0x000000060fcd85a0, element=0x0000000613600138, dragOrigin={ x = 127, y = 37 }, layoutRect={ x = 33, y = 58, width = 150, height = 0 }, frame={ origin = https://bug-191817-attachments.webkit.org, url = https://bug-191817-attachments.webkit.org/attachment.cgi?id=355214, isMainFrame = 1, pageCacheState = NotInPageCache }, dragImageOffset={ x = 0, y = 0 }, state=0x00000005fd33ac50, attachmentInfo=0x00007ffee10d4078) at DragController.cpp:1212 frame #9: 0x00000005fab4835e WebCore`WebCore::DragController::startDrag(this=0x000000060fcd85a0, src={ origin = https://bug-191817-attachments.webkit.org, url = https://bug-191817-attachments.webkit.org/attachment.cgi?id=355214, isMainFrame = 1, pageCacheState = NotInPageCache }, state=0x00000005fd33ac50, srcOp=DragOperationEvery, dragEvent=0x00007ffee10d4f50, dragOrigin={ x = 127, y = 37 }, hasData=No) at DragController.cpp:1052
Simon Fraser (smfr)
Comment 4 2018-11-17 17:27:27 PST
Image size is 0x0
Radar WebKit Bug Importer
Comment 5 2018-11-18 17:25:47 PST
<rdar://problem/46159222>
Wenson Hsieh
Comment 6 2018-11-18 21:27:06 PST
Created attachment 355253 [details] Patch
EWS Watchlist
Comment 7 2018-11-19 00:22:55 PST
Comment on attachment 355253 [details] Patch Attachment 355253 [details] did not pass ios-sim-ews (ios-simulator-wk2): Output: https://webkit-queues.webkit.org/results/10074900 New failing tests: media/no-fullscreen-when-hidden.html
EWS Watchlist
Comment 8 2018-11-19 00:22:57 PST
Created attachment 355257 [details] Archive of layout-test-results from ews126 for ios-simulator-wk2 The attached test failures were seen while running run-webkit-tests on the ios-sim-ews. Bot: ews126 Port: ios-simulator-wk2 Platform: Mac OS X 10.13.6
WebKit Commit Bot
Comment 9 2018-11-19 08:31:30 PST
Comment on attachment 355253 [details] Patch Clearing flags on attachment: 355253 Committed r238375: <https://trac.webkit.org/changeset/238375>
WebKit Commit Bot
Comment 10 2018-11-19 08:31:32 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.