Bug 32433

Summary:

REGRESSION (r51567): Right click on a link element crashes WebKit nightly

Product:

WebKit

Reporter:

Mihnea Ovidenie <mihnea>

Component:

New Bugs

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

aroben, bweinstein

Priority:

Version:

528+ (Nightly build)

Hardware:

OS:

Windows XP

Attachments:

Description	Flags
User dmp on WinXP	none
DR watson log on WinXP	none
Change IWebFramePrivate's vtable to be compatible with Safari 4.0.4	sfalken: review+

Description Mihnea Ovidenie 2009-12-11 08:01:49 PST

Created attachment 44690 [details]
User dmp on WinXP

Steps to reproduce:

1. I am using WebKit 51951 on WindowsXP SP3/Windows Vista.
2. I run WebKit.exe from the nightly.
3. Load any url - webkit.org for instance
4. right-click on any link in the page
5. WebKit crashes

Regards,
Mihnea

Comment 1 Mihnea Ovidenie 2009-12-11 08:02:26 PST

Created attachment 44691 [details]
DR watson log on WinXP

Comment 2 Adam Roben (:aroben) 2009-12-11 19:23:01 PST

I can't reproduce using Safari 4.0.4 and WebKit r51951.

Comment 3 Adam Roben (:aroben) 2009-12-11 19:26:45 PST

(In reply to comment #2)
> I can't reproduce using Safari 4.0.4 and WebKit r51951.

Oh, wait, yes I can! Here's a better backtrace:

 	00000000()	
 	Safari.dll!SafariView::contextMenuForElement() + 0x24 bytes	C++
 	Safari.dll!BrowserDelegate::contextMenuItemsForElement()	C++
>	WebKit.dll!WebContextMenuClient::getCustomMenuFromDefaultItems(WebCore::ContextMenu * menu=0x7ed4daa0)  Line 107 + 0x1a bytes	C++
 	WebKit.dll!WebCore::ContextMenuController::showContextMenu(WebCore::Event * event=0x7eb0fd80)  Line 136	C++
 	WebKit.dll!WebCore::ContextMenuController::handleContextMenuEvent(WebCore::Event * event=)  Line 96	C++
 	WebKit.dll!WebCore::Node::defaultEventHandler(WebCore::Event * event=0x7eb0fd80)  Line 2831	C++
 	WebKit.dll!WebCore::HTMLAnchorElement::defaultEventHandler(WebCore::Event * evt=0x7eb0fd80)  Line 236	C++
 	WebKit.dll!WebCore::Node::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event> prpEvent={...})  Line 2560	C++
 	WebKit.dll!WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event> prpEvent={...})  Line 2445 + 0xb bytes	C++
 	WebKit.dll!WebCore::Node::dispatchMouseEvent(const WebCore::AtomicString & eventType={...}, int button=2, int detail=0, int pageX=376, int pageY=308, int screenX=568, int screenY=419, bool ctrlKey=false, bool altKey=false, bool shiftKey=false, bool metaKey=false, bool isSimulated=false, WebCore::Node * relatedTargetArg=0x00000000, WTF::PassRefPtr<WebCore::Event> underlyingEvent={...})  Line 2735	C++
 	WebKit.dll!WebCore::Node::dispatchMouseEvent(const WebCore::PlatformMouseEvent & event={...}, const WebCore::AtomicString & eventType={...}, int detail=0, WebCore::Node * relatedTarget=0x00000000)  Line 2644	C++
 	WebKit.dll!WebCore::EventHandler::dispatchMouseEvent(const WebCore::AtomicString & eventType={...}, WebCore::Node * targetNode=0x7ec0dc00, bool __formal=true, int clickCount=0, const WebCore::PlatformMouseEvent & mouseEvent={...}, bool setUnder=true)  Line 1746	C++
 	WebKit.dll!WebCore::EventHandler::sendContextMenuEvent(const WebCore::PlatformMouseEvent & event={...})  Line 1920	C++
 	WebKit.dll!WebView::handleContextMenuEvent(unsigned int wParam=198736, long lParam=0)  Line 1164	C++
 	WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd=, unsigned int message=, unsigned int wParam=, long lParam=)  Line 2049	C++
 	user32.dll!_InternalCallWinProc@20()  + 0x23 bytes	
 	user32.dll!_UserCallWinProcCheckWow@32()  + 0xb7 bytes	
 	user32.dll!_CallWindowProcAorW@24()  + 0x5e bytes	
 	user32.dll!_CallWindowProcW@20()  + 0x1b bytes	
 	comctl32.dll!_CallOriginalWndProc@24()  + 0x1a bytes	
 	comctl32.dll!_CallNextSubclassProc@20()  + 0x3d bytes	
 	comctl32.dll!_DefSubclassProc@16()  + 0x46 bytes	
 	comctl32.dll!TTSubclassProc()  + 0x3c bytes	
 	comctl32.dll!_CallNextSubclassProc@20()  + 0x3d bytes	
 	comctl32.dll!_MasterSubclassProc@16()  + 0x44 bytes	
 	user32.dll!_InternalCallWinProc@20()  + 0x23 bytes	
 	user32.dll!_UserCallWinProcCheckWow@32()  + 0xb7 bytes	
 	user32.dll!_RealDefWindowProcWorker@24()  + 0x167b bytes	
 	user32.dll!_RealDefWindowProcW@16()  + 0x2a bytes	
 	user32.dll!_DefWindowProcW@16()  + 0x54 bytes	
 	WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd=0x00030850, unsigned int message=517, unsigned int wParam=0, long lParam=20185464)  Line 2145 + 0x10 bytes	C++
 	user32.dll!_InternalCallWinProc@20()  + 0x23 bytes	
 	user32.dll!_UserCallWinProcCheckWow@32()  + 0xb7 bytes	
 	user32.dll!_CallWindowProcAorW@24()  + 0x5e bytes	
 	user32.dll!_CallWindowProcW@20()  + 0x1b bytes	
 	comctl32.dll!_CallOriginalWndProc@24()  + 0x1a bytes	
 	comctl32.dll!_CallNextSubclassProc@20()  + 0x3d bytes	
 	comctl32.dll!_DefSubclassProc@16()  + 0x46 bytes	
 	comctl32.dll!TTSubclassProc()  + 0x3c bytes	
 	comctl32.dll!_CallNextSubclassProc@20()  + 0x3d bytes	
 	comctl32.dll!_MasterSubclassProc@16()  + 0x44 bytes	
 	user32.dll!_InternalCallWinProc@20()  + 0x23 bytes	
 	user32.dll!_UserCallWinProcCheckWow@32()  + 0xb7 bytes	
 	user32.dll!_DispatchMessageWorker@8()  + 0xed bytes	
 	user32.dll!_DispatchMessageW@4()  + 0xf bytes	
 	Safari.dll!RunMessagePump()  + 0x7 bytes	C++
 	Safari.dll!run()	C++
 	Safari.dll!safariMain() 0xa bytes	C++
 	Safari.dll!safariDLLMain() + 0x10 bytes	C++
 	Safari.exe!wWinMain()	C++
 	Safari.exe!__tmainCRTStartup()  Line 589 + 0x1c bytes	C
 	kernel32.dll!@BaseThreadInitThunk@12()  + 0x12 bytes	
 	ntdll.dll!___RtlUserThreadStart@8()  + 0x27 bytes	
 	ntdll.dll!__RtlUserThreadStart@8()  + 0x1b bytes

Comment 4 Adam Roben (:aroben) 2009-12-14 09:09:32 PST

Looks like we're crashing while calling IWebDataSource::subresourceForURL.

Comment 5 Adam Roben (:aroben) 2009-12-14 09:10:31 PST

Strange thing is, IWebDataSource hasn't changed since Safari 4.0.4.

Comment 6 Adam Roben (:aroben) 2009-12-14 09:31:01 PST

Looks like when Safari tries to call IWebFramePrivate::allowsFollowingLink, it ends up in WebFrame::isDisplayingStandaloneImage instead. IWebFramePrivate was changed in an incompatible way in r51567 <http://trac.webkit.org/changeset/51567/trunk/WebKit/win/Interfaces/IWebFramePrivate.idl>. I will undo that change and see if that fixes the crash.

Comment 7 Adam Roben (:aroben) 2009-12-14 09:42:52 PST

(In reply to comment #6)
> Looks like when Safari tries to call IWebFramePrivate::allowsFollowingLink, it
> ends up in WebFrame::isDisplayingStandaloneImage instead. IWebFramePrivate was
> changed in an incompatible way in r51567
> <http://trac.webkit.org/changeset/51567/trunk/WebKit/win/Interfaces/IWebFramePrivate.idl>.
> I will undo that change and see if that fixes the crash.

It does. Patch coming...

Comment 8 Adam Roben (:aroben) 2009-12-14 09:44:02 PST

I guess I had the regression range wrong previously.

Comment 9 Adam Roben (:aroben) 2009-12-14 09:44:55 PST

Created attachment 44804 [details]
Change IWebFramePrivate's vtable to be compatible with Safari 4.0.4

Comment 10 Adam Roben (:aroben) 2009-12-14 09:47:04 PST

Committed r52098: <http://trac.webkit.org/changeset/52098>