Bug 309080
| Summary: | REGRESSION(308357@main): editing/pasteboard/data-transfer-set-data-sanitize-html-when-dragging-in-null-origin.html crashes on Debug wk1 | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Jonathan Bedard <jbedard> |
| Component: | New Bugs | Assignee: | Jessica Cheung <jcheung23> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | WebKit Nightly Build | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Bug Depends on: | |||
| Bug Blocks: | 307501 | ||
Jonathan Bedard
editing/pasteboard/data-transfer-set-data-sanitize-html-when-dragging-in-null-origin.html crashes on Debug wk1 after https://commits.webkit.org/308357@main.
Impacted tests:
editing/pasteboard/data-transfer-set-data-sanitize-html-when-dragging-in-null-origin.html
editing/pasteboard/data-transfer-set-data-sanitize-url-when-dragging-in-null-origin.html
editing/pasteboard/drag-image-in-about-blank-frame.html
History:
https://results.webkit.org/?suite=layout-tests&suite=layout-tests&suite=layout-tests&test=editing%2Fpasteboard%2Fdata-transfer-set-data-sanitize-html-when-dragging-in-null-origin.html&test=editing%2Fpasteboard%2Fdata-transfer-set-data-sanitize-url-when-dragging-in-null-origin.html&test=editing%2Fpasteboard%2Fdrag-image-in-about-blank-frame.html
CI run:
https://build.webkit.org/#/builders/1709/builds/2908
Reproduction:
run-webkit-tests --no-build --no-retry --no-show-results --exit-after-n-failures=1 --expect-pass --iterations=1000 --force -1 --debug editing/pasteboard/data-transfer-set-data-sanitize-html-when-dragging-in-null-origin.html
Stacktrace:
ASSERTION FAILED: ![self _webView] || [self _isTopHTMLView]
/Volumes/Data/worker/Apple-Tahoe-Debug-Build/build/Source/WebKitLegacy/mac/WebView/WebHTMLView.mm(4291) : -[WebHTMLView draggingSourceOperationMaskForLocal:]
1 0x1023d5138 -[WebHTMLView draggingSourceOperationMaskForLocal:]
2 0x10008fba8 -[DumpRenderTreeDraggingInfo draggingSourceOperationMask]
3 0x1024243c8 -[WebView draggingUpdated:]
4 0x100129708 -[UIDelegate webView:dragImage:at:offset:event:pasteboard:source:slideBack:forView:]
5 0x1024f4b98 WebDragClient::startDrag(WebCore::DragItem, WebCore::DataTransfer&, WebCore::Frame&, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::NodeIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>> const&)
6 0x306ae83b8 WebCore::DragController::doSystemDrag(WebCore::DragImage, WebCore::IntPoint const&, WebCore::IntPoint const&, WebCore::LocalFrame&, WebCore::DragState const&, WebCore::PromisedAttachmentInfo&&, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>> const&)
7 0x306ae79a4 WebCore::DragController::startDrag(WebCore::LocalFrame&, WebCore::DragState const&, WTF::OptionSet<WebCore::DragOperation, (WTF::ConcurrencyTag)0>, WebCore::PlatformMouseEvent const&, WebCore::IntPoint const&, WebCore::HasNonDefaultPasteboardData, std::__1::optional<WTF::ObjectIdentifierGeneric<WebCore::FrameIdentifierType, WTF::ObjectIdentifierMainThreadAccessTraits<unsigned long long>, unsigned long long>> const&)
8 0x306b3cda8 WebCore::EventHandler::handleDrag(WebCore::MouseEventWithHitTestResults const&, WebCore::CheckDragHysteresis)
9 0x306b3bc24 WebCore::EventHandler::handleMouseDraggedEvent(WebCore::MouseEventWithHitTestResults const&, WebCore::CheckDragHysteresis)
10 0x306b45640 WebCore::EventHandler::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&, WebCore::HitTestResult*, bool)
11 0x3025f9d0c WebCore::EventHandler::passSubframeEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::LocalFrame&, WebCore::HitTestResult*)
12 0x3025fbf84 WebCore::EventHandler::passMouseMoveEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::LocalFrame&, WebCore::HitTestResult*)
13 0x306b4545c WebCore::EventHandler::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&, WebCore::HitTestResult*, bool)
14 0x3025fad28 WebCore::EventHandler::mouseDragged(NSEvent*, NSEvent*)
15 0x1023d5080 -[WebHTMLView mouseDragged:]
16 0x1000a30b8 -[EventSendingController mouseMoveToX:Y:]
17 0x19fe06ea4 __invoking___
18 0x19fe06d2c -[NSInvocation invoke]
19 0x1000a4148 +[EventSendingController replaySavedEvents]
20 0x1000a22d4 -[EventSendingController mouseUp:withModifiers:]
21 0x19fe06ea4 __invoking___
22 0x19fe06d2c -[NSInvocation invoke]
23 0x300869e0c JSC::Bindings::ObjcInstance::invokeObjcMethod(JSC::JSGlobalObject*, JSC::CallFrame*, JSC::Bindings::ObjcMethod*)
24 0x30086963c JSC::Bindings::ObjcInstance::invokeMethod(JSC::JSGlobalObject*, JSC::CallFrame*, JSC::RuntimeMethod*)
25 0x304c50468 JSC::callRuntimeMethod(JSC::JSGlobalObject*, JSC::CallFrame*)
26 0x127b9c3b0 25 ??? 0x0000000127b9c3b0 0x0 + 4961452976
27 0x1180f6a60 op_call_return_location
28 0x1180ce95c llint_call_javascript
29 0x116e98960 JSC::Interpreter::executeProgram(JSC::SourceCode const&, JSC::JSGlobalObject*, JSC::JSObject*)
30 0x1172a3d84 JSC::evaluate(JSC::JSGlobalObject*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
31 0x1172a3ed4 JSC::profiledEvaluate(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&)
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/171634734>
Jonathan Bedard
Pull request: https://github.com/WebKit/WebKit/pull/59809
EWS
Test gardening commit 308561@main (aa41b5ac148e): <https://commits.webkit.org/308561@main>
Reviewed commits have been landed. Closing PR #59809 and removing active labels.
Jessica Cheung
Pull request: https://github.com/WebKit/WebKit/pull/59843
EWS
Committed 308592@main (527ceabbd833): <https://commits.webkit.org/308592@main>
Reviewed commits have been landed. Closing PR #59843 and removing active labels.