Bug 20161

Summary:

Dragging image into Google Presentation crashes Safari

Product:

WebKit

Reporter:

Eric Seidel (no email) <eric>

Component:

HTML Editing

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

justin.garcia

Priority:

Keywords:

GoogleBug, HasReduction, InRadar

Version:

528+ (Nightly build)

Hardware:

All

OS:

OS X 10.5

Attachments:

Description	Flags
test case	none
Fix crash in Google presentations when dragging images into a presentation	eric: review+

Eric Seidel (no email)

Reported 2008-07-24 10:43:14 PDT

To reproduce: 1. Open http://docs.google.com/ 2. Click "New > Presentation" 3. Open a second window, to http://www.google.com/ 4. Drag the Google.com logo into your new presentation from the Google.com page. 5. The drag fails (but works in FF, possibly due to a Google bug possibly due to our bug) 6. Try the drag a second time. BOOM! Process: Safari [3473] Path: /Applications/Safari.app/Contents/MacOS/Safari Identifier: com.apple.Safari Version: 4 Developer Preview (5526.11.2) Build Info: WebBrowser-55261102~10 Code Type: X86 (Native) Parent Process: launchd [363] Date/Time: 2008-07-24 10:40:23.204 -0700 OS Version: Mac OS X 10.5.4 (9E17) Report Version: 6 Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000000 Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.WebCore 0x91ae9c03 WebCore::nextCandidate(WebCore::Position const&) + 19 1 com.apple.WebCore 0x91c4fcd2 WebCore::ReplaceSelectionCommand::positionAtStartOfInsertedContent() + 50 2 com.apple.WebCore 0x91c4c0f9 WebCore::ReplaceSelectionCommand::doApply() + 3129 3 com.apple.WebCore 0x91ae6bed WebCore::EditCommand::apply() + 61 4 com.apple.WebCore 0x91bbe51e WebCore::DragController::concludeDrag(WebCore::DragData*, WebCore::DragDestinationAction) + 2670 5 com.apple.WebCore 0x91bbd620 WebCore::DragController::performDrag(WebCore::DragData*) + 128 6 com.apple.WebKit 0x94956d17 -[WebView performDragOperation:] + 359 7 com.apple.AppKit 0x96321e79 NSCoreDragReceiveProc + 1411 8 com.apple.HIServices 0x907e355c DoDropMessage + 97 9 com.apple.HIServices 0x907e34d2 SendDropMessage + 41 10 com.apple.HIServices 0x907e083a DragInApplication + 492 11 com.apple.HIServices 0x907df2de CoreDragStartDragging + 539 12 com.apple.AppKit 0x9631fcfd -[NSCoreDragManager _dragUntilMouseUp:accepted:] + 597 13 com.apple.AppKit 0x9631ec1e -[NSCoreDragManager dragImage:fromWindow:at:offset:event:pasteboard:source:slideBack:] + 1452 14 com.apple.AppKit 0x9631e668 -[NSWindow(NSDrag) dragImage:at:offset:event:pasteboard:source:slideBack:] + 127 15 com.apple.WebKit 0x9494aa81 -[WebHTMLView dragImage:at:offset:event:pasteboard:source:slideBack:] + 113 16 com.apple.WebKit 0x9494a83f WebDragClient::startDrag(WTF::RetainPtr<NSImage>, WebCore::IntPoint const&, WebCore::IntPoint const&, WebCore::Clipboard*, WebCore::Frame*, bool) + 751 17 com.apple.WebCore 0x91b880ca WebCore::DragController::doSystemDrag(WTF::RetainPtr<NSImage>, WebCore::IntPoint const&, WebCore::IntPoint const&, WebCore::Clipboard*, WebCore::Frame*, bool) + 266 18 com.apple.WebCore 0x91b8785b WebCore::DragController::doImageDrag(WebCore::Element*, WebCore::IntPoint const&, WebCore::IntRect const&, WebCore::Clipboard*, WebCore::Frame*, WebCore::IntPoint&) + 331 19 com.apple.WebCore 0x91b86858 WebCore::DragController::startDrag(WebCore::Frame*, WebCore::Clipboard*, WebCore::DragOperation, WebCore::PlatformMouseEvent const&, WebCore::IntPoint const&, bool) + 3512 20 com.apple.WebCore 0x91b989ee WebCore::EventHandler::handleDrag(WebCore::MouseEventWithHitTestResults const&) + 1166 21 com.apple.WebCore 0x91b9848a WebCore::EventHandler::handleMouseDraggedEvent(WebCore::MouseEventWithHitTestResults const&) + 26 22 com.apple.WebCore 0x91b95d24 WebCore::EventHandler::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&, WebCore::HitTestResult*) + 1140 23 com.apple.WebCore 0x91b18a30 WebCore::EventHandler::mouseDragged(NSEvent*) + 384 24 com.apple.WebKit 0x9493e275 -[WebHTMLView mouseDragged:] + 229 25 com.apple.AppKit 0x9611d4c5 -[NSWindow sendEvent:] + 8511 26 com.apple.Safari 0x000296d3 0x1000 + 165587 27 com.apple.AppKit 0x960e9431 -[NSApplication sendEvent:] + 2941 28 com.apple.Safari 0x00029250 0x1000 + 164432 29 com.apple.AppKit 0x96046e27 -[NSApplication run] + 847 30 com.apple.AppKit 0x96014030 NSApplicationMain + 574 31 com.apple.Safari 0x000b4de6 0x1000 + 736742 Thread 1: 0 libSystem.B.dylib 0x90e4c68e __semwait_signal + 10 1 libSystem.B.dylib 0x90e7736d pthread_cond_wait$UNIX2003 + 73 2 com.apple.WebCore 0x9199c1ff WebCore::IconDatabase::syncThreadMainLoop() + 239 3 com.apple.WebCore 0x91955df5 WebCore::IconDatabase::iconDatabaseSyncThread() + 181 4 libSystem.B.dylib 0x90e766f5 _pthread_start + 321 5 libSystem.B.dylib 0x90e765b2 thread_start + 34 Thread 2: 0 libSystem.B.dylib 0x90e4c68e __semwait_signal + 10 1 libSystem.B.dylib 0x90e7736d pthread_cond_wait$UNIX2003 + 73 2 com.apple.WebCore 0x91fd9bdb WebCore::LocalStorageThread::localStorageThread() + 427 3 libSystem.B.dylib 0x90e766f5 _pthread_start + 321 4 libSystem.B.dylib 0x90e765b2 thread_start + 34 Thread 3: 0 libSystem.B.dylib 0x90e454a6 mach_msg_trap + 10 1 libSystem.B.dylib 0x90e4cc9c mach_msg + 72 2 com.apple.CoreFoundation 0x94a540ce CFRunLoopRunSpecific + 1790 3 com.apple.CoreFoundation 0x94a54cf8 CFRunLoopRunInMode + 88 4 com.apple.CFNetwork 0x95c84a32 CFURLCacheWorkerThread(void*) + 396 5 libSystem.B.dylib 0x90e766f5 _pthread_start + 321 6 libSystem.B.dylib 0x90e765b2 thread_start + 34 Thread 4: 0 libSystem.B.dylib 0x90e454a6 mach_msg_trap + 10 1 libSystem.B.dylib 0x90e4cc9c mach_msg + 72 2 com.apple.CoreFoundation 0x94a540ce CFRunLoopRunSpecific + 1790 3 com.apple.CoreFoundation 0x94a54cf8 CFRunLoopRunInMode + 88 4 com.apple.Foundation 0x92514460 +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] + 320 5 com.apple.Foundation 0x924b0f1d -[NSThread main] + 45 6 com.apple.Foundation 0x924b0ac4 __NSThread__main__ + 308 7 libSystem.B.dylib 0x90e766f5 _pthread_start + 321 8 libSystem.B.dylib 0x90e765b2 thread_start + 34 Thread 5: 0 libSystem.B.dylib 0x90e955e2 select$DARWIN_EXTSN + 10 1 libSystem.B.dylib 0x90e766f5 _pthread_start + 321 2 libSystem.B.dylib 0x90e765b2 thread_start + 34 Thread 6: 0 libSystem.B.dylib 0x90e4c68e __semwait_signal + 10 1 libSystem.B.dylib 0x90e7736d pthread_cond_wait$UNIX2003 + 73 2 com.apple.ColorSync 0x95315460 pthreadSemaphoreWait(t_pthreadSemaphore*) + 42 3 com.apple.ColorSync 0x95327d92 CMMConvTask(void*) + 54 4 libSystem.B.dylib 0x90e766f5 _pthread_start + 321 5 libSystem.B.dylib 0x90e765b2 thread_start + 34 Thread 0 crashed with X86 Thread State (32-bit): eax: 0xbfffe258 ebx: 0x91c4b4d7 ecx: 0x1a2ca580 edx: 0x00000000 edi: 0xbfffe250 esi: 0xbfffe258 ebp: 0xbfffe238 esp: 0xbfffe210 ss: 0x0000001f efl: 0x00010282 eip: 0x91ae9c03 cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 cr2: 0x00000000 Binary Images: 0x1000 - 0x140fe1 com.apple.Safari 4 Developer Preview (5526.11.2) <3bcf4f3ca3c0349e26db30a14658e525> /Applications/Safari.app/Contents/MacOS/Safari 0x18a000 - 0x199ff8 SyndicationUI ??? (???) <f44522033c6fa93f5b0890b2e58a85b1> /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI 0x570000 - 0x68eff7 com.apple.RawCamera.bundle 2.0.7 (2.0.7) /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera 0x13fd8000 - 0x13fd9fff +com.google.GoogleNotifierQuickAddCMPlugin 1.9.100 (1.9.100.0) /Users/eseidel/Library/Contextual Menu Items/Google Notifier Quick Add CM Plugin.plugin/Contents/MacOS/Google Notifier Quick Add CM Plugin 0x13fde000 - 0x13fe0ffe com.apple.AutomatorCMM 1.1 (160) <650079fd95a57e8131e79409a00b2aed> /System/Library/Contextual Menu Items/AutomatorCMM.plugin/Contents/MacOS/AutomatorCMM 0x13fe6000 - 0x13fe7ffd com.apple.BluetoothMenu 2.1 (2.1f17) /System/Library/Contextual Menu Items/BluetoothContextualMenu.plugin/Contents/MacOS/BluetoothContextualMenu 0x13fec000 - 0x13feffff com.apple.BezelServicesFW 1.4.832 (1.4.832) /System/Library/PrivateFrameworks/BezelServices.framework/Versions/A/BezelServices 0x13ff6000 - 0x13ffbfff com.apple.FolderActionsMenu 1.3.2 (1.3.2) <9ba69ef0bec96264a79fa28b3a5f058b> /System/Library/Contextual Menu Items/FolderActionsMenu.plugin/Contents/MacOS/FolderActionsMenu 0x15980000 - 0x15985ff3 libCGXCoreImage.A.dylib ??? (???) <32265ec157db98a33c5dcf0e6687dec2> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXCoreImage.A.dylib 0x167c6000 - 0x167cbfff com.apple.DictionaryServiceComponent 1.1 (1.1) <8edc1180f52db18e9ddfb4e95debe61b> /System/Library/Components/DictionaryService.component/Contents/MacOS/DictionaryService 0x1683e000 - 0x168affff +com.DivXInc.DivXDecoder 6.4.0 (6.4.0) /Library/QuickTime/DivX Decoder.component/Contents/MacOS/DivX Decoder 0x16a75000 - 0x16ae3ff7 com.apple.Bluetooth 2.1 (2.1f17) <29ab5843bb608c155d4d7353320c2194> /System/Library/Frameworks/IOBluetooth.framework/Versions/A/IOBluetooth 0x16d35000 - 0x16d36ffc com.apple.JavaPluginCocoa 12.1.0 (12.1.0) <d21a12c5668d4d89bfe492a5223a75cc> /Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/MacOS/JavaPluginCocoa 0x17020000 - 0x17025ffd com.apple.JavaVM 12.1.0 (12.1.0) <25c546c36e5bed978579d281080ab4c8> /System/Library/Frameworks/JavaVM.framework/Versions/A/JavaVM 0x8fe00000 - 0x8fe2da53 dyld 96.2 (???) <7af47d3b00b2268947563c7fa8c59a07> /usr/lib/dyld 0x9001b000 - 0x9001ffff com.apple.OpenDirectory 10.5 (10.5) <e7e4507f5ecd8c8cdcdb2fc0675da0b4> /System/Library/PrivateFrameworks/OpenDirectory.framework/Versions/A/OpenDirectory 0x9003d000 - 0x90510ffe libGLProgrammability.dylib ??? (???) <475db64244e011cd8811e076035b2632> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib 0x90511000 - 0x90539fff libcups.2.dylib ??? (???) <ece20dff2a2c8ed3ae6ef735ef440c37> /usr/lib/libcups.2.dylib 0x9053a000 - 0x905cdfff com.apple.ink.framework 101.3 (86) <bf3fa8927b4b8baae92381a976fd2079> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x905ce000 - 0x90605fff com.apple.SystemConfiguration 1.9.2 (1.9.2) <8b26ebf26a009a098484f1ed01ec499c> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x90606000 - 0x906e5fff libobjc.A.dylib ??? (???) <a53206274b6c2d42691f677863f379ae> /usr/lib/libobjc.A.dylib 0x906e6000 - 0x906e8fff com.apple.securityhi 3.0 (30817) <2b2854123fed609d1820d2779e2e0963> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x906ef000 - 0x9071afe7 libauto.dylib ??? (???) <42d8422dc23a18071869fdf7b5d8fab5> /usr/lib/libauto.dylib 0x9071b000 - 0x907cbfff edu.mit.Kerberos 6.0.12 (6.0.12) <1dc515ebe407292db8e603938c72d4e8> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos 0x907cc000 - 0x907cefff com.apple.CrashReporterSupport 10.5.0 (156) <3088b785b10d03504ed02f3fee5d3aab> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Versions/A/CrashReporterSupport 0x907cf000 - 0x9081fff7 com.apple.HIServices 1.7.0 (???) <f7e78891a6d08265c83dca8e378be1ea> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x90820000 - 0x908c7feb com.apple.QD 3.11.52 (???) <c72bd7bd2ce12694c3640a731d1ad878> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x908c8000 - 0x908cffff com.apple.agl 3.0.9 (AGL-3.0.9) <7dac4a7cb0de2f6d08ae71c1249379e3> /System/Library/Frameworks/AGL.framework/Versions/A/AGL 0x908d0000 - 0x90972ff3 com.apple.QuickTimeImporters.component 7.5 (861) /System/Library/QuickTime/QuickTimeImporters.component/Contents/MacOS/QuickTimeImporters 0x90973000 - 0x90987ff3 com.apple.ImageCapture 4.0 (5.0.0) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x90988000 - 0x90988ffe com.apple.quartzframework 1.5 (1.5) <4b8f505e32e4f2d67967a276401f9aaf> /System/Library/Frameworks/Quartz.framework/Versions/A/Quartz 0x90989000 - 0x90d99fef libBLAS.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x90de9000 - 0x90e43ff7 com.apple.CoreText 2.0.2 (???) <9fde11f84a72e890bbf2aa8b0b13b79a> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x90e44000 - 0x90fa4ff3 libSystem.B.dylib ??? (???) <a12f397abf2285077b89bd726bff5b18> /usr/lib/libSystem.B.dylib 0x90fa5000 - 0x91086ff7 libxml2.2.dylib ??? (???) <de34eb9b43eb7d4a4e0b7f25529efa12> /usr/lib/libxml2.2.dylib 0x91087000 - 0x91111fe3 com.apple.DesktopServices 1.4.6 (1.4.6) <94d1a28b351b7dff77becadab0967772> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x91112000 - 0x9114bffe com.apple.securityfoundation 3.0 (32989) <e9171eda22c69c884a04a001aeb526e0> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x9114c000 - 0x9116afff libresolv.9.dylib ??? (???) <0629b6dcd71f4aac6a891cbe26253e85> /usr/lib/libresolv.9.dylib 0x9116b000 - 0x91501fff com.apple.QuartzCore 1.5.3 (1.5.3) <1b65c05f89e81a499302fd63295b242d> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x91502000 - 0x917dcff3 com.apple.CoreServices.CarbonCore 786.4 (786.4) <059c4803a7a95e3c1a95a332baeb1edf> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x917dd000 - 0x9181ffef com.apple.NavigationServices 3.5.2 (163) <91844980804067b07a0b6124310d3f31> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x91820000 - 0x91820ffb com.apple.installserver.framework 1.0 (8) /System/Library/PrivateFrameworks/InstallServer.framework/Versions/A/InstallServer 0x91821000 - 0x91821ffd com.apple.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x91836000 - 0x91836ff8 com.apple.Cocoa 6.5 (???) <e064f94d969ce25cb7de3cfb980c3249> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x91837000 - 0x91876fef libTIFF.dylib ??? (???) <6d0f80e9d4d81f3f64c876aca005bd53> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x91877000 - 0x9190aff3 com.apple.ApplicationServices.ATS 3.3 (???) <064eb6d96417afa38a80b1735c4113aa> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x9190b000 - 0x9194ffeb com.apple.DirectoryService.PasswordServerFramework 3.0.3 (3.0.3) <7e80635e8f1380dbf4af27e17e709fcb> /System/Library/PrivateFrameworks/PasswordServer.framework/Versions/A/PasswordServer 0x91950000 - 0x91952ff5 libRadiance.dylib ??? (???) <20eadb285da83df96c795c2c5fa20590> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x91953000 - 0x9209dfff com.apple.WebCore 5526.11 (5526.11) <92070a47a097cbc0df1dde4d4071fa0a> /System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebCore.framework/Versions/A/WebCore 0x9209e000 - 0x920eefeb com.apple.framework.familycontrols 1.0.2 (1.0.2) <90f740755beef77835545ede9e5e975d> /System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/FamilyControls 0x920ef000 - 0x92119fff com.apple.CoreMediaPrivate 9.0 (9.0) <8eb20bcfecc950600aa62dfa07aa47f3> /System/Library/PrivateFrameworks/CoreMediaPrivate.framework/Versions/A/CoreMediaPrivate 0x9211a000 - 0x9211dfff com.apple.help 1.1 (36) <b507b08e484cb89033e9cf23062d77de> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x9211e000 - 0x92214ff7 com.apple.JavaScriptCore 5526.11 (5526.11) <a635620d1ede7c6917bd6a66b9987484> /System/Library/Frameworks/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x9244a000 - 0x92454feb com.apple.audio.SoundManager 3.9.2 (3.9.2) <0f2ba6e891d3761212cf5a5e6134d683> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x92455000 - 0x9245cffe libbsm.dylib ??? (???) <d25c63378a5029648ffd4b4669be31bf> /usr/lib/libbsm.dylib 0x9245d000 - 0x92462ffb com.apple.DisplayServicesFW 2.0 (2.0) <8953865f53e940007a4e4ac5390d3c95> /System/Library/PrivateFrameworks/DisplayServices.framework/Versions/A/DisplayServices 0x92463000 - 0x92472ffe com.apple.DSObjCWrappers.Framework 1.2.1 (1.2.1) <eac1c7b7c07ed3148c85934b6f656308> /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x92473000 - 0x924a5fff com.apple.LDAPFramework 1.4.3 (106) <3a5c9df6032143cd6bc2658a9d328d8e> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x924a6000 - 0x92721fe7 com.apple.Foundation 6.5.5 (677.19) <bfd4ebea1a7739dd6b523f15dca01a37> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x92722000 - 0x92dbefff com.apple.CoreGraphics 1.351.31 (???) <c97a42498636b2596764e48669f98e00> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x92dbf000 - 0x92e3cfef libvMisc.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x92e3d000 - 0x92e42fff com.apple.CommonPanels 1.2.4 (85) <ea0665f57cd267609466ed8b2b20e893> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x92e43000 - 0x92e49fff com.apple.print.framework.Print 218.0.2 (220.1) <8bf7ef71216376d12fcd5ec17e43742c> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x92e4a000 - 0x92f6efe3 com.apple.audio.toolbox.AudioToolbox 1.5.1 (1.5.1) /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x92f6f000 - 0x9313dfff com.apple.security 5.0.4 (34102) <f01d6cbd6a0f24f6c13952ed448e77d6> /System/Library/Frameworks/Security.framework/Versions/A/Security 0x9313e000 - 0x9318dfff com.apple.QuickLookUIFramework 1.1 (170.4) /System/Library/PrivateFrameworks/QuickLookUI.framework/Versions/A/QuickLookUI 0x9318e000 - 0x93495ff7 com.apple.HIToolbox 1.5.3 (???) <e36f5c553e5a32f64b7eb458dadadc71> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x93496000 - 0x93496ffe com.apple.MonitorPanelFramework 1.2.0 (1.2.0) <a2b462be6c51187eddf7d097ef0e0a04> /System/Library/PrivateFrameworks/MonitorPanel.framework/Versions/A/MonitorPanel 0x93497000 - 0x934a2ff9 com.apple.helpdata 1.0 (14) /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/HelpData 0x934a3000 - 0x934aefe7 libCSync.A.dylib ??? (???) <8011fc1963cebdde0c6f101dbee5afd7> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x9351d000 - 0x935a4ff7 libsqlite3.0.dylib ??? (???) <6978bbcca4277d6ae9f042beff643f7d> /usr/lib/libsqlite3.0.dylib 0x935a5000 - 0x935d4fe3 com.apple.AE 402.2 (402.2) <e01596187e91af5d48653920017b8c8e> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x935d5000 - 0x93687ffb libcrypto.0.9.7.dylib ??? (???) <330b0e48e67faffc8c22dfc069ca7a47> /usr/lib/libcrypto.0.9.7.dylib 0x93688000 - 0x9368cfff libGIF.dylib ??? (???) <d4234e6f5e5f530bdafb969157f1f17b> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x9368d000 - 0x947d2ff2 com.apple.QuickTimeComponents.component 7.5 (861) /System/Library/QuickTime/QuickTimeComponents.component/Contents/MacOS/QuickTimeComponents 0x94839000 - 0x9485dfff libxslt.1.dylib ??? (???) <4933ddc7f6618743197aadc85b33b5ab> /usr/lib/libxslt.1.dylib 0x94868000 - 0x9486cfff libmathCommon.A.dylib ??? (???) /usr/lib/system/libmathCommon.A.dylib 0x9486d000 - 0x94874fe9 libgcc_s.1.dylib ??? (???) <f53c808e87d1184c0f9df63aef53ce0b> /usr/lib/libgcc_s.1.dylib 0x94875000 - 0x948a2feb libvDSP.dylib ??? (???) <b232c018ddd040ec4e2c2af632dd497f> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x948a3000 - 0x94915fff com.apple.PDFKit 2.1 (2.1) /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/PDFKit.framework/Versions/A/PDFKit 0x94916000 - 0x949e0fef com.apple.WebKit 5526.11 (5526.11) <e86d888c1926b248efea37192caeb22e> /System/Library/Frameworks/WebKit.framework/Versions/A/WebKit 0x949e1000 - 0x949e1ffd com.apple.Accelerate.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x949e2000 - 0x94b14fff com.apple.CoreFoundation 6.5.3 (476.14) <7ef7f5db09ff6dd0135a6165872803cc> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x94b15000 - 0x94b24fff libsasl2.2.dylib ??? (???) <b9e1ca0b6612e280b6cbea6df0eec5f6> /usr/lib/libsasl2.2.dylib 0x94b25000 - 0x94becff2 com.apple.vImage 3.0 (3.0) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x94bed000 - 0x94bedffa com.apple.CoreServices 32 (32) <2fcc8f3bd5bbfc000b476cad8e6a3dd2> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x94bee000 - 0x94beefff com.apple.Carbon 136 (136) <98a5e3bc0c4fa44bbb09713bb88707fe> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x94bef000 - 0x94d35ff7 com.apple.ImageIO.framework 2.0.2 (2.0.2) <77dfee73f4c0d230425a5151ee0bce05> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x94d36000 - 0x94db0ff8 com.apple.print.framework.PrintCore 5.5.3 (245.3) <222dade7b33b99708b8c09d1303f93fc> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x94db1000 - 0x950d2fea com.apple.QuickTime 7.5.0 (861) <4e1161b204b3b1f1047412c16483c39a> /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime 0x950d3000 - 0x9528eff3 com.apple.QuartzComposer 2.1 (106.5) <1a52b406a3f3d04387c822da4a93c245> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzComposer.framework/Versions/A/QuartzComposer 0x9528f000 - 0x952aaff3 libPng.dylib ??? (???) <c0484bec6e2432b406755591924fe664> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x952ab000 - 0x952e1fef libtidy.A.dylib ??? (???) <f1d1742e06280444baa5637b209fd0af> /usr/lib/libtidy.A.dylib 0x952e2000 - 0x953adfff com.apple.ColorSync 4.5.0 (4.5.0) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x953bc000 - 0x95448ff7 com.apple.LaunchServices 289.2 (289.2) <3577886e3a6d56ee3949850c4fde76c9> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x9552a000 - 0x9553bffe com.apple.CFOpenDirectory 10.5 (10.5) <6a7f55108d77db7384d0e2219d07e9f8> /System/Library/PrivateFrameworks/OpenDirectory.framework/Versions/A/Frameworks/CFOpenDirectory.framework/Versions/A/CFOpenDirectory 0x9553c000 - 0x95576fff com.apple.coreui 1.1 (61) /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI 0x95577000 - 0x955d3ff7 com.apple.htmlrendering 68 (1.1.3) <fe87a9dede38db00e6c8949942c6bd4f> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x955d4000 - 0x95612ff7 libGLImage.dylib ??? (???) <093b1b698ca93a0380f5fa262459ea28> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x95613000 - 0x95613ffd com.apple.Accelerate 1.4.2 (Accelerate 1.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x9587d000 - 0x958d6ff7 libGLU.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x958d7000 - 0x958effff com.apple.openscripting 1.2.6 (???) <b8e553df643f2aec68fa968b3b459b2b> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x959f6000 - 0x95a27ffb com.apple.quartzfilters 1.5.0 (1.5.0) <22581f8fe9dd2cb261f97a897407ec3e> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzFilters.framework/Versions/A/QuartzFilters 0x95a28000 - 0x95a2fff7 libCGATS.A.dylib ??? (???) <9b29a5500efe01cc3adea67bbc42568e> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x95a30000 - 0x95a3effd libz.1.dylib ??? (???) <5ddd8539ae2ebfd8e7cc1c57525385c7> /usr/lib/libz.1.dylib 0x95a3f000 - 0x95b40fff com.apple.PubSub 1.0.3 (65.3) /System/Library/Frameworks/PubSub.framework/Versions/A/PubSub 0x95b41000 - 0x95c78feb com.apple.imageKit 1.0.1 (1.0) <9b6da3210b7e69e75039cbb0fd4a8482> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/ImageKit.framework/Versions/A/ImageKit 0x95c79000 - 0x95cfbff3 com.apple.CFNetwork 330.4 (330.4) <ce5b085df34a78b7f198aff9db5b52ec> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x95df1000 - 0x95e07fe7 com.apple.CoreVideo 1.5.1 (1.5.1) <ed7bb95fb94817ea3212090aac5c65f3> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x95e08000 - 0x95f40ff7 libicucore.A.dylib ??? (???) <5031226ea28b371d8dfdbb32acfb48b5> /usr/lib/libicucore.A.dylib 0x95f41000 - 0x95f60ffa libJPEG.dylib ??? (???) <0cfb80109d624beb9ceb3c43b6c5ec10> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x95f66000 - 0x95fa7fe7 libRIP.A.dylib ??? (???) <c8d988d3880d7268468112c64c626d86> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x95fa8000 - 0x95fb8ffc com.apple.LangAnalysis 1.6.4 (1.6.4) <8b7831b5f74a950a56cf2d22a2d436f6> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x95fb9000 - 0x95fb9ffc com.apple.audio.units.AudioUnit 1.5 (1.5) /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x95fba000 - 0x95fcafff com.apple.speech.synthesis.framework 3.7.1 (3.7.1) <06d8fc0307314f8ffc16f206ad3dbf44> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x96008000 - 0x9600dfff com.apple.backup.framework 1.0 (1.0) /System/Library/PrivateFrameworks/Backup.framework/Versions/A/Backup 0x9600e000 - 0x9680bfef com.apple.AppKit 6.5.3 (949.33) <84b236f43802f4c15011513d18efa101> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x9680c000 - 0x96852fef com.apple.Metadata 10.5.2 (398.18) <adbb3a14e8f7da444e16d2fd61862771> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x96853000 - 0x96877feb libssl.0.9.7.dylib ??? (???) <acee7fc534674498dcac211318aa23e8> /usr/lib/libssl.0.9.7.dylib 0x96878000 - 0x96881fff com.apple.speech.recognition.framework 3.7.24 (3.7.24) <d3180f9edbd9a5e6f283d6156aa3c602> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x96882000 - 0x968dfffb libstdc++.6.dylib ??? (???) <04b812dcec670daa8b7d2852ab14be60> /usr/lib/libstdc++.6.dylib 0x968e0000 - 0x968ecfe7 com.apple.opengl 1.5.6 (1.5.6) <125de77ea2434a91364e79a0905a7771> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x968fa000 - 0x96985fff com.apple.framework.IOKit 1.5.1 (???) <60cfc4b175c4ef60bb8e9036716a29f4> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x96986000 - 0x969a4ff3 com.apple.DirectoryService.Framework 3.5.4 (3.5.4) <fe27e80e1a9e86403fd9ed16dcfe4e11> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x969a5000 - 0x969adfff com.apple.DiskArbitration 2.2.1 (2.2.1) <75b0c8d8940a8a27816961dddcac8e0f> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x969ae000 - 0x969c4fff com.apple.DictionaryServices 1.0.0 (1.0.0) <ad0aa0252e3323d182e17f50defe56fc> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices 0x96a38000 - 0x96bb7fff com.apple.AddressBook.framework 4.1.1 (695) <24a448ba4f9f784189bd3183e3474d81> /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x96bb8000 - 0x96c37ff5 com.apple.SearchKit 1.2.0 (1.2.0) <277b460da86bc222785159fe77e2e2ed> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x96c38000 - 0x96ff6fea libLAPACK.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x96ff7000 - 0x9701fff7 com.apple.shortcut 1 (1.0) <057783867138902b52bc0941fedb74d1> /System/Library/PrivateFrameworks/Shortcut.framework/Versions/A/Shortcut 0x97020000 - 0x970ceffb com.apple.QTKit 7.5 (861) /System/Library/Frameworks/QTKit.framework/Versions/A/QTKit 0x970cf000 - 0x9714bfeb com.apple.audio.CoreAudio 3.1.0 (3.1) <70bb7c657061631491029a61babe0b26> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x9714c000 - 0x97169ff7 com.apple.QuickLookFramework 1.1 (170.4) /System/Library/Frameworks/QuickLook.framework/Versions/A/QuickLook 0x9716a000 - 0x9716bffc libffi.dylib ??? (???) <a3b573eb950ca583290f7b2b4c486d09> /usr/lib/libffi.dylib 0x9716c000 - 0x971aafff com.apple.CoreMediaIOServicesPrivate 9.0 (9.0) /System/Library/PrivateFrameworks/CoreMediaIOServicesPrivate.framework/Versions/A/CoreMediaIOServicesPrivate 0x971ab000 - 0x971f5fe1 com.apple.securityinterface 3.0 (32532) <f521dae416ce7a3bdd594b0d4e2fb517> /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x971f6000 - 0x972b0fe3 com.apple.CoreServices.OSServices 226.5 (226.5) <7e10d25c615a39fe1ab4d48e24a3b555> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x972b1000 - 0x97396ff3 com.apple.CoreData 100.1 (186) <8e28162ef2288692615b52acc01f8b54> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x97397000 - 0x973b7ff2 libGL.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x973b8000 - 0x973b8ff8 com.apple.ApplicationServices 34 (34) <8f910fa65f01d401ad8d04cc933cf887> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x973b9000 - 0x9741fffb com.apple.ISSupport 1.7 (38) /System/Library/PrivateFrameworks/ISSupport.framework/Versions/A/ISSupport 0xfffe8000 - 0xfffebfff libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib 0xffff0000 - 0xffff1780 libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib

Attachments
test case (335 bytes, text/html) 2008-07-25 14:02 PDT, Eric Seidel (no email)	no flags	Details
Fix crash in Google presentations when dragging images into a presentation (1.86 KB, patch) 2008-07-25 14:35 PDT, Eric Seidel (no email)	eric: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Eric Seidel (no email)

Comment 1 2008-07-24 10:51:37 PDT

This happens in Debug mode as well, but no ASSERT is ever hit. Somehow ReplaceSelectionCommand::m_firstNodeInserted ends up as a disconnected node (i.e. a node with no parent pointer), calling nextPosition on such a node will crash. Perhaps Justin can help me understand what's going on here.

Eric Seidel (no email)

Comment 2 2008-07-24 12:31:47 PDT

It appears that the document fragment is empty here: } else { if (setSelectionToDragCaret(innerFrame, dragCaret, range, point)) applyCommand(ReplaceSelectionCommand::create(m_document, fragment, true, dragData->canSmartReplace(), chosePlainText)); } ReplaceSelectionCommand maybe doesn't expect an empty fragment? I'm not sure why only the second drag crashes? Maybe because the image is already selected after the first drag?

Eric Seidel (no email)

Comment 3 2008-07-24 12:38:51 PDT

Actually, the fragment isn't empty. It's huge. It looks like the whole document... Something is confused here.

Eric Seidel (no email)

Comment 4 2008-07-24 12:41:55 PDT

Oh, nm, I'm calling "showTreeForThis" which is printing more than just what's under the fragment node, or?

Oliver Hunt

Comment 5 2008-07-24 12:48:56 PDT

I suspect that this crash is an "editing" bug in that it appears to be screwing up in the code to find the insertion point. Unsure yet why it would fail to insert the first time round though :-/

Oliver Hunt

Comment 6 2008-07-24 12:52:21 PDT

<Rdar://6100249>

Eric Seidel (no email)

Comment 7 2008-07-25 11:38:37 PDT

Ok. Looks like the fragment is correct, it's just a single IMG element. We also seem to be going down the correct path during the replacement. The problem comes at the end of the replacement where: (gdb) p m_firstNodeInserted.get()->parentNode() $6 = (const WebCore::Node *) 0x0 m_firstNodeInserted is correctly the "IMG" node, however it's not actually in the document. Still debugging.

Eric Seidel (no email)

Comment 8 2008-07-25 13:43:19 PDT

Ok, this is where the just-inserted node, is removed from the tree: Google Presentation is doing something in a DOMNodeInserted handler. That something seems to be deleting the current selection. Event dispatch starts under: #39 0x03022345 in dispatchChildInsertionEvents at ContainerNode.cpp:954 #0 0x02f5f0ae in WebCore::TreeShared<WebCore::Node>::setParent at TreeShared.h:85 #1 0x0302435d in WebCore::ContainerNode::removeChild at ContainerNode.cpp:435 #2 0x033f8017 in WebCore::RemoveNodeCommand::doApply at RemoveNodeCommand.cpp:49 #3 0x03143c63 in WebCore::EditCommand::apply at EditCommand.cpp:101 #4 0x030180e3 in WebCore::CompositeEditCommand::applyCommandToComposite at CompositeEditCommand.cpp:97 #5 0x030189fd in WebCore::CompositeEditCommand::removeNode at CompositeEditCommand.cpp:194 #6 0x030fc9ff in WebCore::DeleteSelectionCommand::removeNode at DeleteSelectionCommand.cpp:350 #7 0x030fbce1 in WebCore::DeleteSelectionCommand::handleGeneralDelete at DeleteSelectionCommand.cpp:446 #8 0x030fec85 in WebCore::DeleteSelectionCommand::doApply at DeleteSelectionCommand.cpp:753 #9 0x03143c63 in WebCore::EditCommand::apply at EditCommand.cpp:101 #10 0x030180e3 in WebCore::CompositeEditCommand::applyCommandToComposite at CompositeEditCommand.cpp:97 #11 0x03019ddc in WebCore::CompositeEditCommand::deleteSelection at CompositeEditCommand.cpp:345 #12 0x035bd282 in WebCore::TypingCommand::deleteKeyPressed at TypingCommand.cpp:431 #13 0x035bd769 in WebCore::TypingCommand::doApply at TypingCommand.cpp:254 #14 0x03143c63 in WebCore::EditCommand::apply at EditCommand.cpp:101 #15 0x035bdfa0 in WebCore::TypingCommand::deleteKeyPressed at TypingCommand.cpp:95 #16 0x0314de99 in executeDelete at EditorCommand.cpp:280 #17 0x0314f7ac in WebCore::Editor::Command::execute at EditorCommand.cpp:1371 #18 0x0310b69c in WebCore::Document::execCommand at Document.cpp:3120 #19 0x032d1630 in WebCore::jsDocumentPrototypeFunctionExecCommand at JSDocument.cpp:804 #20 0x004ef496 in KJS::Machine::privateExecute at Machine.cpp:2377 #21 0x004f1417 in KJS::Machine::execute at Machine.cpp:798 #22 0x0045bb4f in KJS::JSFunction::call at JSFunction.cpp:67 #23 0x0045bbeb in KJS::call at CallData.cpp:39 #24 0x00468199 in functionProtoFuncCall at FunctionPrototype.cpp:124 #25 0x004ef496 in KJS::Machine::privateExecute at Machine.cpp:2377 #26 0x004f1417 in KJS::Machine::execute at Machine.cpp:798 #27 0x0045bb4f in KJS::JSFunction::call at JSFunction.cpp:67 #28 0x0045bbeb in KJS::call at CallData.cpp:39 #29 0x00468199 in functionProtoFuncCall at FunctionPrototype.cpp:124 #30 0x004ef496 in KJS::Machine::privateExecute at Machine.cpp:2377 #31 0x004f1417 in KJS::Machine::execute at Machine.cpp:798 #32 0x0045bb4f in KJS::JSFunction::call at JSFunction.cpp:67 #33 0x0045bbeb in KJS::call at CallData.cpp:39 #34 0x03618d7a in WebCore::JSAbstractEventListener::handleEvent at JSEventListener.cpp:95 #35 0x0316a70f in WebCore::EventTarget::handleLocalEvents at EventTarget.cpp:325 #36 0x0316b82c in WebCore::EventTargetNode::handleLocalEvents at EventTargetNode.cpp:116 #37 0x0316ade4 in WebCore::EventTarget::dispatchGenericEvent at EventTarget.cpp:235 #38 0x0316bace in WebCore::EventTargetNode::dispatchEvent at EventTargetNode.cpp:132 #39 0x03022345 in dispatchChildInsertionEvents at ContainerNode.cpp:954 #40 0x0302391d in WebCore::ContainerNode::insertBefore at ContainerNode.cpp:217 #41 0x03289392 in WebCore::InsertNodeBeforeCommand::doApply at InsertNodeBeforeCommand.cpp:51 #42 0x03143c63 in WebCore::EditCommand::apply at EditCommand.cpp:101 #43 0x030180e3 in WebCore::CompositeEditCommand::applyCommandToComposite at CompositeEditCommand.cpp:97 #44 0x03018783 in WebCore::CompositeEditCommand::insertNodeBefore at CompositeEditCommand.cpp:134 #45 0x0301955d in WebCore::CompositeEditCommand::insertNodeAt at CompositeEditCommand.cpp:162 #46 0x034b85c5 in WebCore::ReplaceSelectionCommand::insertNodeAtAndUpdateNodesInserted at ReplaceSelectionCommand.cpp:979 #47 0x034bb1fb in WebCore::ReplaceSelectionCommand::doApply at ReplaceSelectionCommand.cpp:751 #48 0x03143c63 in WebCore::EditCommand::apply at EditCommand.cpp:101 #49 0x03143cdb in WebCore::applyCommand at EditCommand.cpp:236 #50 0x03141189 in WebCore::DragController::concludeDrag at DragController.cpp:413 #51 0x031416f4 in WebCore::DragController::performDrag at DragController.cpp:193 #52 0x0023a707 in -[WebView performDragOperation:] at WebView.mm:2654 #53 0x96321e79 in NSCoreDragReceiveProc #54 0x907e355c in DoDropMessage #55 0x907e34d2 in SendDropMessage #56 0x907e083a in DragInApplication #57 0x907df2de in CoreDragStartDragging #58 0x9631fcfd in -[NSCoreDragManager _dragUntilMouseUp:accepted:] #59 0x9631ec1e in -[NSCoreDragManager dragImage:fromWindow:at:offset:event:pasteboard:source:slideBack:] #60 0x9631e668 in -[NSWindow(NSDrag) dragImage:at:offset:event:pasteboard:source:slideBack:] #61 0x001e3132 in -[WebHTMLView dragImage:at:offset:event:pasteboard:source:slideBack:] at WebHTMLView.mm:3157 #62 0x001bccb0 in WebDragClient::startDrag at WebDragClient.mm:116 #63 0x0313def1 in WebCore::DragController::doSystemDrag at DragController.cpp:741 #64 0x0313e447 in WebCore::DragController::doImageDrag at DragController.cpp:728 #65 0x0313fc45 in WebCore::DragController::startDrag at DragController.cpp:646 #66 0x03160fb8 in WebCore::EventHandler::handleDrag at EventHandler.cpp:1896 #67 0x031610a5 in WebCore::EventHandler::handleMouseDraggedEvent at EventHandler.cpp:378 #68 0x03163817 in WebCore::EventHandler::handleMouseMoveEvent at EventHandler.cpp:1147 #69 0x031681e3 in WebCore::EventHandler::mouseDragged at EventHandlerMac.mm:509 #70 0x001e3224 in -[WebHTMLView mouseDragged:] at WebHTMLView.mm:3170 #71 0x9611d4c5 in -[NSWindow sendEvent:] #72 0x000296d3 in ?? #73 0x960e9431 in -[NSApplication sendEvent:] #74 0x00029250 in ?? #75 0x96046e27 in -[NSApplication run] #76 0x96014030 in NSApplicationMain #77 0x000b4de6 in ??

Eric Seidel (no email)

Comment 9 2008-07-25 14:02:28 PDT

Created attachment 22480 [details] test case Um... I've also seen this test case fail on: ASSERTION FAILED: containerA && containerB (/Users/eseidel/Projects/WebKit/WebCore/dom/Range.cpp:449 static short int WebCore::Range::compareBoundaryPoints(WebCore::Node*, int, WebCore::Node*, int))

Eric Seidel (no email)

Comment 10 2008-07-25 14:35:43 PDT

Created attachment 22482 [details] Fix crash in Google presentations when dragging images into a presentation WebCore/ChangeLog | 13 +++++++++++++ WebCore/editing/ReplaceSelectionCommand.cpp | 3 ++- WebCore/manual-tests/remove-on-drop-crash.html | 10 ++++++++++ 3 files changed, 25 insertions(+), 1 deletions(-)

Eric Seidel (no email)

Comment 11 2008-07-25 14:36:14 PDT

Comment on attachment 22482 [details] Fix crash in Google presentations when dragging images into a presentation Justin should review this, I'm not 100% certain this is the right way to fix this.

Justin Garcia

Comment 12 2008-07-29 11:19:31 PDT

Comment on attachment 22482 [details] Fix crash in Google presentations when dragging images into a presentation if you're sure that m_firstNodeInserted is not in the document because it's removed by Google's code and not because of some other WebCore bug, then r=me.

Eric Seidel (no email)

Comment 13 2008-07-29 13:26:20 PDT

(In reply to comment #12) > (From update of attachment 22482 [details] [edit]) > if you're sure that m_firstNodeInserted is not in the document because it's > removed by Google's code and not because of some other WebCore bug, then r=me. Yeah, I definitely caught it in the debugger. A DOMNodeInserted event had fired and we were acting on a "delete" editing event caused by their event handler. See the above stack trace for verification.

Eric Seidel (no email)

Comment 14 2008-07-29 13:26:42 PDT

Comment on attachment 22482 [details] Fix crash in Google presentations when dragging images into a presentation Justin r+'d this already.

Mark Rowe (bdash)

Comment 15 2008-09-02 23:24:24 PDT

Eric, are you planning on landing this?

Eric Seidel (no email)

Comment 16 2008-09-03 02:14:17 PDT

Looks like I already did: http://trac.webkit.org/changeset/35465 Closing.

Note You need to log in before you can comment on or make changes to this bug.