Bug 36017

Summary: REGRESSION (r53857): Crash when tabbing to <map>
Product: WebKit Reporter: Matt Lilek <dev+webkit>
Component: WebCore Misc.Assignee: chris fleizach <cfleizach>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, cfleizach
Priority: P1 Keywords: InRadar, NeedsReduction, Regression
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.6   
URL: http://www.register.prometric.com/Login.asp
Attachments:
Description Flags
patch darin: review+

Matt Lilek
Reported 2010-03-11 08:34:22 PST
Go to <http://www.register.prometric.com/Login.asp> and press tab -> *BOOM*. This happens regardless of whether Safari is set to tab to individual elements or not. Tested in r55841 on Snow Leopard. Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010169e1d0 WebCore::RenderObject::document() const + 16 (RenderObject.h:426) 1 com.apple.WebCore 0x00000001012771e1 WebCore::HTMLMapElement::imageElement() const + 29 (HTMLMapElement.cpp:82) 2 com.apple.WebCore 0x0000000101236018 WebCore::HTMLAreaElement::updateFocusAppearance(bool) + 86 (HTMLAreaElement.cpp:214) 3 com.apple.WebCore 0x000000010115bcef WebCore::Element::focus(bool) + 323 (Element.cpp:1323) 4 com.apple.WebCore 0x0000000101188110 WebCore::FocusController::advanceFocusInDocumentOrder(WebCore::FocusDirection, WebCore::KeyboardEvent*, bool) + 1592 (FocusController.cpp:283) 5 com.apple.WebCore 0x000000010118840a WebCore::FocusController::advanceFocus(WebCore::FocusDirection, WebCore::KeyboardEvent*, bool) + 68 (FocusController.cpp:167) 6 com.apple.WebCore 0x0000000101163f88 WebCore::EventHandler::defaultTabEventHandler(WebCore::KeyboardEvent*) + 204 (EventHandler.cpp:2550) 7 com.apple.WebCore 0x000000010116ce71 WebCore::EventHandler::defaultKeyboardEventHandler(WebCore::KeyboardEvent*) + 155 (EventHandler.cpp:2176) 8 com.apple.WebCore 0x00000001015f8448 WebCore::Node::defaultEventHandler(WebCore::Event*) + 212 (Node.cpp:2951) 9 com.apple.WebCore 0x00000001015f918b WebCore::Node::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>) + 1645 (Node.cpp:2681) 10 com.apple.WebCore 0x00000001015f9409 WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 149 (Node.cpp:2567) 11 com.apple.WebCore 0x000000010117681c WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&) + 178 (EventTarget.cpp:254) 12 com.apple.WebCore 0x0000000101164f2a WebCore::EventHandler::keyEvent(WebCore::PlatformKeyboardEvent const&) + 906 (EventHandler.cpp:2112) 13 com.apple.WebCore 0x00000001011712a9 WebCore::EventHandler::keyEvent(NSEvent*) + 181 (EventHandlerMac.mm:150) 14 com.apple.WebKit 0x000000010037fbd9 -[WebHTMLView keyDown:] + 430 (WebHTMLView.mm:4006) 15 com.apple.AppKit 0x00007fff84fb93af -[NSWindow sendEvent:] + 8769 16 com.apple.Safari 0x0000000100049117 0x100000000 + 299287 17 com.apple.AppKit 0x00007fff84eede22 -[NSApplication sendEvent:] + 4719 18 com.apple.Safari 0x0000000100031c10 0x100000000 + 203792 19 com.apple.AppKit 0x00007fff84e84796 -[NSApplication run] + 474 20 com.apple.AppKit 0x00007fff84e7d468 NSApplicationMain + 364 21 com.apple.Safari 0x0000000100001a28 0x100000000 + 6696
Attachments
patch (3.63 KB, patch)
2010-03-16 16:27 PDT, chris fleizach 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2010-03-12 21:47:20 PST
Tabbing inside an element that doesn't have a renderer.
Alexey Proskuryakov
Comment 2 2010-03-12 21:47:56 PST
<rdar://problem/7750748>
Alexey Proskuryakov
Comment 3 2010-03-16 15:01:45 PDT
<http://trac.webkit.org/changeset/53857>.
chris fleizach
Comment 4 2010-03-16 16:27:42 PDT
Created attachment 50851 [details] patch
Alexey Proskuryakov
Comment 5 2010-03-16 16:52:14 PDT
Comment on attachment 50851 [details] patch > +On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". > + > + > +PASS document.activeElement.id is 'area1' > + There is no TEST COMPLETE in expected results. I don't see why. Ideally, a test provides instructions for running it manually if eventSender is needed, but not available.
chris fleizach
Comment 6 2010-03-16 16:53:07 PDT
how do i add a test complete with the layout tests?
Alexey Proskuryakov
Comment 7 2010-03-16 17:01:31 PDT
It's supposed to be added by this line: +<script src="../fast/js/resources/js-test-post.js"></script> Something went wrong with it - probably something simple, but I don't see the problem.
chris fleizach
Comment 8 2010-03-16 17:06:02 PDT
looks like i'm including the wrong path
chris fleizach
Comment 9 2010-03-16 17:10:43 PDT
http://trac.webkit.org/changeset/56094
Note You need to log in before you can comment on or make changes to this bug.