Bug 36856

Summary: REGRESSION (r56439) - Crash choosing the icon for file uploads
Product: WebKit Reporter: Brady Eidson <beidson>
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: tkent
Priority: P1 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   

Brady Eidson
Reported 2010-03-30 15:31:30 PDT
REGRESSION (r56439) - Crash choosing the icon for file uploads Drag a file onto a "Choose file..." button somewhere in an input type=file. I used http://www.largefilesasap.com, for example. The FileChooser passed to the ChromeClient is null, resulting in a null deref crash: #0 0x1023ad6ac in WTF::RefPtr<WebCore::Icon>::operator= at RefPtr.h:129 #1 0x1023ad2b3 in WebCore::FileChooser::iconLoaded at FileChooser.cpp:87 #2 0x101b50afd in WebChromeClient::chooseIconForFiles at WebChromeClient.mm:649 #3 0x102148eda in WebCore::Chrome::chooseIconForFiles at Chrome.cpp:435 #4 0x1029107e7 in WebCore::RenderFileUploadControl::chooseIconForFiles at RenderFileUploadControl.cpp:120 #5 0x1023ad28f in WebCore::FileChooser::loadIcon at FileChooser.cpp:82 #6 0x1023ad899 in WebCore::FileChooser::FileChooser at FileChooser.cpp:44 #7 0x1023ad4a8 in WebCore::FileChooser::create at FileChooser.cpp:49 #8 0x102910d5c in WebCore::RenderFileUploadControl::RenderFileUploadControl at RenderFileUploadControl.cpp:73 #9 0x10249c8c1 in WebCore::HTMLInputElement::createRenderer at HTMLInputElement.cpp:1186 #10 0x1028458b7 in WebCore::Node::createRendererIfNeeded at Node.cpp:1387 #11 0x10238a0c3 in WebCore::Element::attach at Element.cpp:830 #12 0x102486a4d in WebCore::HTMLFormControlElement::attach at HTMLFormControlElement.cpp:129 #13 0x10249d951 in WebCore::HTMLInputElement::attach at HTMLInputElement.cpp:1222 #14 0x102389a0e in WebCore::Element::recalcStyle at Element.cpp:908 #15 0x102486549 in WebCore::HTMLFormControlElement::recalcStyle at HTMLFormControlElement.cpp:258 #16 0x102389fc2 in WebCore::Element::recalcStyle at Element.cpp:971 ... #48 0x102389fc2 in WebCore::Element::recalcStyle at Element.cpp:971 #49 0x102293c91 in WebCore::Document::recalcStyle at Document.cpp:1357 #50 0x102293310 in WebCore::Document::updateStyleIfNeeded at Document.cpp:1399 #51 0x10228d27a in WebCore::Document::updateStyleForAllDocuments at Document.cpp:1416 #52 0x1028418d7 in WebCore::Node::dispatchGenericEvent at Node.cpp:2704 #53 0x1028419ad in WebCore::Node::dispatchEvent at Node.cpp:2567 #54 0x1024863c6 in WebCore::HTMLFormControlElement::dispatchFormControlChangeEvent at HTMLFormControlElement.cpp:214 #55 0x1029108e6 in WebCore::RenderFileUploadControl::valueChanged at RenderFileUploadControl.cpp:99 #56 0x1023ad430 in WebCore::FileChooser::chooseFiles at FileChooser.cpp:76 #57 0x1023ad465 in WebCore::FileChooser::chooseFile at FileChooser.cpp:66 #58 0x10290f4cb in WebCore::RenderFileUploadControl::receiveDroppedFiles at RenderFileUploadControl.cpp:299 #59 0x10236d738 in WebCore::DragController::concludeEditDrag at DragController.cpp:411 #60 0x10236e896 in WebCore::DragController::performDrag at DragController.cpp:197 #61 0x101c1d5d5 in -[WebView performDragOperation:] at WebView.mm:3460
Attachments
Add attachment proposed patch, testcase, etc.
Brady Eidson
Comment 1 2010-03-30 15:32:47 PDT
In radar as <rdar://problem/7802461>
Brady Eidson
Comment 2 2010-03-30 15:39:40 PDT
Seems to not repro when I have certain breakpoints enabled - somehow timing related. Very reliable without breakpoints, though.
Brady Eidson
Comment 3 2010-03-30 16:20:19 PDT
RenderFileUploadControl::chooseIconForFiles is being called from within the RenderFileUploadControl constructor, while the FileChooser is still being created.
Kent Tamura
Comment 4 2010-03-30 18:09:17 PDT
*** This bug has been marked as a duplicate of bug 36723 ***
Note You need to log in before you can comment on or make changes to this bug.