Bug 49962

Summary: REGRESSION: Crash when deleting text after textarea's value is modified on input event
Product: WebKit Reporter: Martin Wittemann <martin.wittemann>
Component: HTML EditingAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: adele, ap, darin, enrica, jonnytrap, justin.garcia, leviw, mjs, ojan, rniwa, tkent, tony
Priority: P1 Keywords: Regression
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Test-Case
none
reduction
none
fixes the crash
none
demo for insertText case
none
fixes the bug for good darin: review+

Description Martin Wittemann 2010-11-23 02:17:17 PST 
Created attachment 74635 [details]
Test-Case

I used a textarea and implemented a max length myself using JavaScript. The code is pretty simple, listen to the input event and set the value using substring if its longer than desired. Unfortunately, I found a way to crash the whole browser with that. Just take a look at the attached HTML file to get it reproduced.





Here is error report from the OS:

Process:         Safari [16809]
Path:            /Applications/Safari.app/Contents/MacOS/Safari
Identifier:      org.webkit.nightly.WebKit
Version:         r72487 (72487)
Code Type:       X86-64 (Native)
Parent Process:  launchd [111]

Date/Time:       2010-11-23 11:10:29.995 +0100
OS Version:      Mac OS X 10.6.5 (10H574)
Report Version:  6

Interval Since Last Report:          263228 sec
Crashes Since Last Report:           4
Per-App Interval Since Last Report:  10 sec
Per-App Crashes Since Last Report:   1
Anonymous UUID:                      5CB4CEA0-9960-40A1-891D-2912B992C400

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000050
Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x000000010180c1ef WebCore::TypingCommand::makeEditableRootEmpty() + 31
1   com.apple.WebCore             	0x000000010180deb8 WebCore::TypingCommand::deleteKeyPressed(WebCore::TextGranularity, bool) + 4312
2   com.apple.WebCore             	0x000000010180e9fe WebCore::TypingCommand::deleteKeyPressed(WebCore::Document*, bool, WebCore::TextGranularity, bool) + 286
3   com.apple.WebCore             	0x0000000100edd711 WebCore::Editor::deleteWithDirection(WebCore::SelectionController::EDirection, WebCore::TextGranularity, bool, bool) + 321
4   com.apple.WebCore             	0x0000000100ee5ccf WebCore::executeDeleteBackward(WebCore::Frame*, WebCore::Event*, WebCore::EditorCommandSource, WTF::String const&) + 31
5   com.apple.WebCore             	0x0000000100ee4a41 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const + 113
6   com.apple.WebCore             	0x0000000100ee5de2 WebCore::Editor::Command::execute(WebCore::Event*) const + 34
7   com.apple.WebKit              	0x0000000100a528b0 -[WebHTMLView(WebNSTextInputSupport) doCommandBySelector:] + 560
8   com.apple.WebKit              	0x0000000100a52636 -[WebHTMLView(WebInternal) _interceptEditingKeyEvent:shouldSaveCommand:] + 726
9   com.apple.WebKit              	0x0000000100a18cf8 WebEditorClient::handleKeyboardEvent(WebCore::KeyboardEvent*) + 88
10  com.apple.WebCore             	0x0000000100f01f72 WebCore::EventHandler::defaultKeyboardEventHandler(WebCore::KeyboardEvent*) + 258
11  com.apple.WebCore             	0x000000010155e815 WebCore::Node::defaultEventHandler(WebCore::Event*) + 709
12  com.apple.WebCore             	0x000000010155c18f WebCore::Node::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>) + 1151
13  com.apple.WebCore             	0x000000010155c422 WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 178
14  com.apple.WebCore             	0x0000000100f08537 WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&) + 135
15  com.apple.WebCore             	0x0000000100ef9bf9 WebCore::EventHandler::keyEvent(WebCore::PlatformKeyboardEvent const&) + 681
16  com.apple.WebCore             	0x0000000100f04b20 WebCore::EventHandler::keyEvent(NSEvent*) + 128
17  com.apple.WebKit              	0x0000000100a4d762 -[WebHTMLView keyDown:] + 274
18  com.apple.AppKit              	0x00007fff8278406f -[NSWindow sendEvent:] + 8769
19  com.apple.Safari              	0x0000000100042489 0x100000000 + 271497
20  com.apple.Safari              	0x0000000100042416 0x100000000 + 271382
21  com.apple.AppKit              	0x00007fff826b8a86 -[NSApplication sendEvent:] + 4719
22  com.apple.Safari              	0x0000000100039146 0x100000000 + 233798
23  com.apple.AppKit              	0x00007fff8264f4da -[NSApplication run] + 474
24  com.apple.AppKit              	0x00007fff826481a8 NSApplicationMain + 364
25  com.apple.Safari              	0x000000010000a1c0 0x100000000 + 41408

Thread 1:  Dispatch queue: com.apple.libdispatch-manager
0   libSystem.B.dylib             	0x00007fff8149516a kevent + 10
1   libSystem.B.dylib             	0x00007fff8149703d _dispatch_mgr_invoke + 154
2   libSystem.B.dylib             	0x00007fff81496d14 _dispatch_queue_invoke + 185
3   libSystem.B.dylib             	0x00007fff8149683e _dispatch_worker_thread2 + 252
4   libSystem.B.dylib             	0x00007fff81496168 _pthread_wqthread + 353
5   libSystem.B.dylib             	0x00007fff81496005 start_wqthread + 13

Thread 2:
0   libSystem.B.dylib             	0x00007fff81495f8a __workq_kernreturn + 10
1   libSystem.B.dylib             	0x00007fff8149639c _pthread_wqthread + 917
2   libSystem.B.dylib             	0x00007fff81496005 start_wqthread + 13

Thread 3:  WebCore: IconDatabase
0   libSystem.B.dylib             	0x00007fff814b6fca __semwait_signal + 10
1   libSystem.B.dylib             	0x00007fff814bade1 _pthread_cond_wait + 1286
2   com.apple.WebCore             	0x000000010106c24d WebCore::IconDatabase::syncThreadMainLoop() + 269
3   com.apple.WebCore             	0x000000010106c38c WebCore::IconDatabase::iconDatabaseSyncThread() + 172
4   libSystem.B.dylib             	0x00007fff814b5536 _pthread_start + 331
5   libSystem.B.dylib             	0x00007fff814b53e9 thread_start + 13

Thread 4:  Safari: SafeBrowsingManager
0   libSystem.B.dylib             	0x00007fff8147c2da mach_msg_trap + 10
1   libSystem.B.dylib             	0x00007fff8147c94d mach_msg + 59
2   com.apple.CoreFoundation      	0x00007fff80cf4932 __CFRunLoopRun + 1698
3   com.apple.CoreFoundation      	0x00007fff80cf3dbf CFRunLoopRunSpecific + 575
4   com.apple.Safari              	0x000000010002f899 0x100000000 + 194713
5   com.apple.Safari              	0x000000010002f829 0x100000000 + 194601
6   libSystem.B.dylib             	0x00007fff814b5536 _pthread_start + 331
7   libSystem.B.dylib             	0x00007fff814b53e9 thread_start + 13

Thread 5:
0   libSystem.B.dylib             	0x00007fff8147c2da mach_msg_trap + 10
1   libSystem.B.dylib             	0x00007fff8147c94d mach_msg + 59
2   com.apple.CoreFoundation      	0x00007fff80cf4932 __CFRunLoopRun + 1698
3   com.apple.CoreFoundation      	0x00007fff80cf3dbf CFRunLoopRunSpecific + 575
4   com.apple.Foundation          	0x00007fff806d207f +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] + 297
5   com.apple.Foundation          	0x00007fff806530a5 __NSThread__main__ + 1429
6   libSystem.B.dylib             	0x00007fff814b5536 _pthread_start + 331
7   libSystem.B.dylib             	0x00007fff814b53e9 thread_start + 13

Thread 6:  com.apple.CFSocket.private
0   libSystem.B.dylib             	0x00007fff814bfe92 select$DARWIN_EXTSN + 10
1   com.apple.CoreFoundation      	0x00007fff80d16498 __CFSocketManager + 824
2   libSystem.B.dylib             	0x00007fff814b5536 _pthread_start + 331
3   libSystem.B.dylib             	0x00007fff814b53e9 thread_start + 13

Thread 7:  Safari: SnapshotStore
0   libSystem.B.dylib             	0x00007fff814b6fca __semwait_signal + 10
1   libSystem.B.dylib             	0x00007fff814bade1 _pthread_cond_wait + 1286
2   com.apple.JavaScriptCore      	0x000000010090c140 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 64
3   com.apple.Safari              	0x00000001001be869 0x100000000 + 1828969
4   com.apple.Safari              	0x000000010004737b 0x100000000 + 291707
5   com.apple.Safari              	0x00000001000471f9 0x100000000 + 291321
6   libSystem.B.dylib             	0x00007fff814b5536 _pthread_start + 331
7   libSystem.B.dylib             	0x00007fff814b53e9 thread_start + 13

Thread 0 crashed with X86 Thread State (64-bit):
  rax: 0x0000000000000000  rbx: 0x0000000000000000  rcx: 0x0000000000000000  rdx: 0x00000001177397e8
  rdi: 0x0000000000000000  rsi: 0x0000000000000000  rbp: 0x00007fff5fbfe660  rsp: 0x00007fff5fbfe5b0
   r8: 0x0000000000000001   r9: 0x0000000000000000  r10: 0x000000011772853c  r11: 0x0000000100cea3d0
  r12: 0x0000000117682ce8  r13: 0x0000000117682c60  r14: 0x0000000000000000  r15: 0x0000000000000000
  rip: 0x000000010180c1ef  rfl: 0x0000000000010202  cr2: 0x0000000000000050

Binary Images:
       0x100000000 -        0x1006afff7  com.apple.Safari 5.0.3 (6533.19.4) <B19794C1-5278-9BBE-1505-AB9C9DDA84E0> /Applications/Safari.app/Contents/MacOS/Safari
       0x100758000 -        0x10075bfff +WebKitNightlyEnabler.dylib ??? (???) <DA8C170E-F60F-7B64-82B2-34C57B71362B> /Applications/WebKit.app/Contents/Resources/WebKitNightlyEnabler.dylib
       0x100760000 -        0x10096bff7  com.apple.JavaScriptCore 534+ (534.13+) <9EF5ED80-75D4-F25D-C613-69C2894AE751> /Applications/WebKit.app/Contents/Frameworks/10.6/JavaScriptCore.framework/Versions/A/JavaScriptCore
       0x1009df000 -        0x100b6bfef  com.apple.WebKit r72487 (534.13+) <A59EAD09-1169-E3F0-A527-F0243D870AB0> /Applications/WebKit.app/Contents/Frameworks/10.6/WebKit.framework/Versions/A/WebKit
       0x100c41000 -        0x101be8ff7  com.apple.WebCore 534+ (534.13+) <2DC355E5-D25A-83EB-A975-06208CA6F0B4> /Applications/WebKit.app/Contents/Frameworks/10.6/WebCore.framework/Versions/A/WebCore
       0x1022e4000 -        0x10230dff7 +org.andymatuschak.Sparkle 1.5 Beta (git) (830f633) <945EA036-7EC3-D020-C889-29ECB588B891> /Applications/WebKit.app/Contents/Frameworks/10.6/Sparkle.framework/Versions/A/Sparkle
       0x102328000 -        0x10240efe7  libcrypto.0.9.7.dylib 0.9.7 (compatibility 0.9.7) <64B3566E-5F3A-A466-ED3F-B91F4B3E5F56> /usr/lib/libcrypto.0.9.7.dylib
    0x7fff5fc00000 -     0x7fff5fc3bdef  dyld 132.1 (???) <B536F2F1-9DF1-3B6C-1C2C-9075EA219A06> /usr/lib/dyld
    0x7fff80003000 -     0x7fff80005fff  libRadiance.dylib ??? (???) <76438F90-DD4B-9941-9367-F2DFDF927876> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib
    0x7fff80006000 -     0x7fff8005bfef  com.apple.framework.familycontrols 2.0.1 (2010) <239940AC-2427-44C6-9E29-998D0ABECDF3> /System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/FamilyControls
    0x7fff8005c000 -     0x7fff800d9fef  com.apple.backup.framework 1.2.2 (1.2.2) <BB72F0C7-20E2-76DC-6764-5B93A7AC0EB5> /System/Library/PrivateFrameworks/Backup.framework/Versions/A/Backup
    0x7fff800da000 -     0x7fff80121ff7  com.apple.coreui 2 (114) <31118426-355F-206A-65AB-CCA2D2D3EBD7> /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI
    0x7fff80122000 -     0x7fff8015dfff  com.apple.AE 496.4 (496.4) <CB905496-4D6B-F26A-399D-840D26DBEE5B> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE
    0x7fff8015e000 -     0x7fff8031cfff  libicucore.A.dylib 40.0.0 (compatibility 1.0.0) <781E7B63-2AD0-E9BA-927C-4521DB616D02> /usr/lib/libicucore.A.dylib
    0x7fff80322000 -     0x7fff80322ff7  com.apple.Cocoa 6.6 (???) <C69E895A-1C66-3DA9-5F63-8BE85DB9C4E1> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa
    0x7fff80323000 -     0x7fff80325fff  com.apple.print.framework.Print 6.1 (237.1) <CA8564FB-B366-7413-B12E-9892DA3C6157> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print
    0x7fff8033f000 -     0x7fff803b0ff7  com.apple.AppleVAFramework 4.10.12 (4.10.12) <1B68BE43-4C54-87F5-0723-0B0A14CD21E8> /System/Library/PrivateFrameworks/AppleVA.framework/Versions/A/AppleVA
    0x7fff803ee000 -     0x7fff805a5fef  com.apple.ImageIO.framework 3.0.4 (3.0.4) <2CB9997A-A28D-80BC-5921-E7D50BBCACA7> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO
    0x7fff805d6000 -     0x7fff805ebff7  com.apple.LangAnalysis 1.6.6 (1.6.6) <DC999B32-BF41-94C8-0583-27D9AB463E8B> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis
    0x7fff805ec000 -     0x7fff80629fff  com.apple.LDAPFramework 2.0 (120.1) <F3B7B267-D580-F287-6DE7-8AC91C92AB35> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
    0x7fff8062a000 -     0x7fff80635ff7  com.apple.speech.recognition.framework 3.11.1 (3.11.1) <C359B93B-CC9B-FC0B-959E-FB10674103A7> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition
    0x7fff80642000 -     0x7fff808c5ff7  com.apple.Foundation 6.6.4 (751.42) <9A99D378-E97A-8C0F-3857-D0FAA30FCDD5> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
    0x7fff808c6000 -     0x7fff808d5fff  com.apple.opengl 1.6.11 (1.6.11) <43D5BE71-E1F6-6974-210C-17C68919AE08> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
    0x7fff808d6000 -     0x7fff809effef  libGLProgrammability.dylib ??? (???) <13E8114C-6E07-A66E-35E6-C185E54840AE> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib
    0x7fff809f0000 -     0x7fff80acafff  com.apple.vImage 4.0 (4.0) <B5A8B93B-D302-BC30-5A18-922645DB2F56> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage
    0x7fff80acb000 -     0x7fff80b1aff7  com.apple.DirectoryService.PasswordServerFramework 6.0 (6.0) <F5B744D7-AEAF-6B66-43CF-6E31CDA18EAB> /System/Library/PrivateFrameworks/PasswordServer.framework/Versions/A/PasswordServer
    0x7fff80ca8000 -     0x7fff80e1ffe7  com.apple.CoreFoundation 6.6.4 (550.42) <770C572A-CF70-168F-F43C-242B9114FCB5> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
    0x7fff80e20000 -     0x7fff80ea5ff7  com.apple.print.framework.PrintCore 6.3 (312.7) <CDFE82DD-D811-A091-179F-6E76069B432D> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore
    0x7fff80f33000 -     0x7fff81037fff  com.apple.PubSub 1.0.5 (65.20) <67A088DF-7F4A-DC23-6F96-F9BAA4C238DC> /System/Library/Frameworks/PubSub.framework/Versions/A/PubSub
    0x7fff81038000 -     0x7fff81142ff7  com.apple.MeshKitIO 1.1 (49.2) <D7227401-9DC9-C2CB-C83B-C2B10C61D4E4> /System/Library/PrivateFrameworks/MeshKit.framework/Versions/A/Frameworks/MeshKitIO.framework/Versions/A/MeshKitIO
    0x7fff81143000 -     0x7fff81149ff7  com.apple.DiskArbitration 2.3 (2.3) <AAB5CC56-334A-3C60-3C27-54E8F34D754E> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
    0x7fff8114a000 -     0x7fff81448fe7  com.apple.HIToolbox 1.6.3 (???) <CF0C8524-FA82-3908-ACD0-A9176C704AED> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox
    0x7fff81449000 -     0x7fff81449ff7  com.apple.Accelerate 1.6 (Accelerate 1.6) <15DF8B4A-96B2-CB4E-368D-DEC7DF6B62BB> /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
    0x7fff8147b000 -     0x7fff8163cfff  libSystem.B.dylib 125.2.1 (compatibility 1.0.0) <71E6D4C9-F945-6EC2-998C-D61AD590DAB6> /usr/lib/libSystem.B.dylib
    0x7fff8163d000 -     0x7fff8166ffff  libTrueTypeScaler.dylib ??? (???) <B9ECE1BD-A716-9F65-6466-4444D641F584> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libTrueTypeScaler.dylib
    0x7fff81670000 -     0x7fff816b9ff7  com.apple.securityinterface 4.0.1 (37214) <08DB37D6-A716-DC37-536C-7889999EF395> /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface
    0x7fff816ba000 -     0x7fff816d5ff7  com.apple.openscripting 1.3.1 (???) <DC329CD4-1159-A40A-A769-70CAA70F601A> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting
    0x7fff818d5000 -     0x7fff81916fff  com.apple.SystemConfiguration 1.10.5 (1.10.2) <FB39F09C-57BB-D8CC-348D-93E00C602F7D> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
    0x7fff8199e000 -     0x7fff819c1fff  com.apple.opencl 12.3 (12.3) <D30A45FC-4520-45AF-3CA5-092313DB5D54> /System/Library/Frameworks/OpenCL.framework/Versions/A/OpenCL
    0x7fff819c2000 -     0x7fff81a3eff7  com.apple.ISSupport 1.9.4 (52) <93A57F16-3BD5-25AD-5CFF-00007A141129> /System/Library/PrivateFrameworks/ISSupport.framework/Versions/A/ISSupport
    0x7fff81a3f000 -     0x7fff81b60fe7  libcrypto.0.9.8.dylib 0.9.8 (compatibility 0.9.8) <48AEAFE1-21F4-B3C8-4199-35AD5E8D0613> /usr/lib/libcrypto.0.9.8.dylib
    0x7fff81b61000 -     0x7fff82065fe7  com.apple.VideoToolbox 0.484.20 (484.20) <8B6B82D2-350B-E9D3-5433-51453CDA65B4> /System/Library/PrivateFrameworks/VideoToolbox.framework/Versions/A/VideoToolbox
    0x7fff82066000 -     0x7fff82067ff7  com.apple.audio.units.AudioUnit 1.6.5 (1.6.5) <14F14B5E-9287-BC36-0C3F-6592E6696CD4> /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
    0x7fff82144000 -     0x7fff82205fe7  libFontParser.dylib ??? (???) <8B12D37E-3A95-5A73-509C-3AA991E0C546> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libFontParser.dylib
    0x7fff82206000 -     0x7fff82249ff7  libRIP.A.dylib 545.0.0 (compatibility 64.0.0) <7E30B5F6-99FD-C716-8670-5DD4B4BAED72> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib
    0x7fff8225f000 -     0x7fff822a7ff7  libvDSP.dylib 268.0.1 (compatibility 1.0.0) <98FC4457-F405-0262-00F7-56119CA107B6> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib
    0x7fff822a8000 -     0x7fff82645fe7  com.apple.QuartzCore 1.6.3 (227.34) <215222AF-B30A-7CE5-C46C-1A766C1D1D2E> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
    0x7fff82646000 -     0x7fff8303cfff  com.apple.AppKit 6.6.7 (1038.35) <9F4DF818-9DB9-98DA-490C-EF29EA757A97> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
    0x7fff8303d000 -     0x7fff8307efef  com.apple.QD 3.36 (???) <5DC41E81-32C9-65B2-5528-B33E934D5BB4> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD
    0x7fff8307f000 -     0x7fff83084fff  libGFXShared.dylib ??? (???) <A94DE483-A586-A172-104F-1CFC5F0BFD57> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGFXShared.dylib
    0x7fff830d0000 -     0x7fff8333afef  com.apple.QuartzComposer 4.2 ({156.28}) <7586E7BD-D3BD-0EAC-5AC9-0BFA3679017C> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzComposer.framework/Versions/A/QuartzComposer
    0x7fff83400000 -     0x7fff83642fef  com.apple.AddressBook.framework 5.0.3 (875) <78FDBCC6-8F4C-C4DF-4A60-BB038572B870> /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook
    0x7fff83643000 -     0x7fff838c9fef  com.apple.security 6.1.1 (37594) <17CF7858-52D9-9665-3AE8-23F07CC8BEA1> /System/Library/Frameworks/Security.framework/Versions/A/Security
    0x7fff838ca000 -     0x7fff83904fff  libssl.0.9.8.dylib 0.9.8 (compatibility 0.9.8) <C7153747-50E3-32DA-426F-CC4C505D1D6C> /usr/lib/libssl.0.9.8.dylib
    0x7fff83905000 -     0x7fff839bafe7  com.apple.ColorSync 4.6.3 (4.6.3) <AA93AD96-6974-9104-BF55-AF7A813C8A1B> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync
    0x7fff83a30000 -     0x7fff83ae6fff  libobjc.A.dylib 227.0.0 (compatibility 1.0.0) <1960E662-D35C-5D98-EB16-D43166AE6A22> /usr/lib/libobjc.A.dylib
    0x7fff83ae7000 -     0x7fff83ae7ff7  com.apple.vecLib 3.6 (vecLib 3.6) <96FB6BAD-5568-C4E0-6FA7-02791A58B584> /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib
    0x7fff83b9f000 -     0x7fff83cddfff  com.apple.CoreData 102.1 (251) <96C5E9A6-C28C-E9CC-A0DB-27801A22A49F> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
    0x7fff83dd7000 -     0x7fff83ddafff  com.apple.help 1.3.1 (41) <AEDDF93F-BAC0-0308-68FD-039A99F3A158> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help
    0x7fff83e24000 -     0x7fff83e61ff7  libFontRegistry.dylib ??? (???) <8C69F685-3507-1B8F-51AD-6183D5E88979> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libFontRegistry.dylib
    0x7fff83ec0000 -     0x7fff83fa5fef  com.apple.DesktopServices 1.5.9 (1.5.9) <27890B2C-0CD2-7C27-9D0C-D5952C5E8438> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv
    0x7fff83fa6000 -     0x7fff83fc3ff7  libPng.dylib ??? (???) <14043CBC-329F-4009-299E-DEE411E16134> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
    0x7fff83fc4000 -     0x7fff83fc4ff7  com.apple.quartzframework 1.5 (1.5) <FA660AAC-70CD-7EA2-5DF1-A8724D8F4B1B> /System/Library/Frameworks/Quartz.framework/Versions/A/Quartz
    0x7fff83fc5000 -     0x7fff84009fe7  com.apple.ImageCaptureCore 1.0.3 (1.0.3) <913FFA89-0AC8-0A8D-CC2A-364CB0F303BA> /System/Library/Frameworks/ImageCaptureCore.framework/Versions/A/ImageCaptureCore
    0x7fff8402d000 -     0x7fff840bdfff  com.apple.SearchKit 1.3.0 (1.3.0) <45BA1053-9196-3C2F-2421-AFF5E09627CC> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit
    0x7fff840be000 -     0x7fff84105fff  com.apple.QuickLookFramework 2.3 (327.6) <11DFB135-24A6-C0BC-5B97-ECE352A4B488> /System/Library/Frameworks/QuickLook.framework/Versions/A/QuickLook
    0x7fff84108000 -     0x7fff84119ff7  libz.1.dylib 1.2.3 (compatibility 1.0.0) <FB5EE53A-0534-0FFA-B2ED-486609433717> /usr/lib/libz.1.dylib
    0x7fff8411a000 -     0x7fff84184fe7  libvMisc.dylib 268.0.1 (compatibility 1.0.0) <7BD7F19B-ACD4-186C-B42D-4DEBA6795628> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib
    0x7fff844c9000 -     0x7fff84512fef  libGLU.dylib ??? (???) <EB4255DD-A9E5-FAD0-52A4-CCB4E792B86F> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
    0x7fff84513000 -     0x7fff84524fff  com.apple.DSObjCWrappers.Framework 10.6 (134) <CF1D9C05-8D77-0FFE-38E8-63D8A23E92E1> /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers
    0x7fff84525000 -     0x7fff84585fe7  com.apple.framework.IOKit 2.0 (???) <D107CB8A-5182-3AC4-35D0-07068A695C05> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
    0x7fff845c5000 -     0x7fff845cbfff  libCGXCoreImage.A.dylib 545.0.0 (compatibility 64.0.0) <4EE16374-A094-D542-5BC5-7E846D0CE56E> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXCoreImage.A.dylib
    0x7fff846cd000 -     0x7fff846cdff7  com.apple.CoreServices 44 (44) <DC7400FB-851E-7B8A-5BF6-6F50094302FB> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
    0x7fff846ce000 -     0x7fff846e7fff  com.apple.CFOpenDirectory 10.6 (10.6) <CCF79716-7CC6-2520-C6EB-A4F56AD0A207> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/Frameworks/CFOpenDirectory.framework/Versions/A/CFOpenDirectory
    0x7fff846fc000 -     0x7fff8477afff  com.apple.CoreText 3.5.0 (???) <4D5C7932-293B-17FF-7309-B580BB1953EA> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText
    0x7fff8477b000 -     0x7fff847e3fff  com.apple.MeshKitRuntime 1.1 (49.2) <A490FE03-313D-1317-A9B8-25EF75CB1A81> /System/Library/PrivateFrameworks/MeshKit.framework/Versions/A/Frameworks/MeshKitRuntime.framework/Versions/A/MeshKitRuntime
    0x7fff848bd000 -     0x7fff848cefff  SyndicationUI ??? (???) <91DAD490-897C-E5E9-C30B-161D4F42BF98> /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI
    0x7fff848cf000 -     0x7fff84914fff  com.apple.CoreMediaIOServices 133.0 (1158) <53F7A2A6-78CA-6C34-0BB6-471388019799> /System/Library/PrivateFrameworks/CoreMediaIOServices.framework/Versions/A/CoreMediaIOServices
    0x7fff84ac8000 -     0x7fff84d03fef  com.apple.imageKit 2.0.3 (1.0) <5D18C246-303A-6580-9DC9-79BE79467C95> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/ImageKit.framework/Versions/A/ImageKit
    0x7fff84d04000 -     0x7fff84d09fff  libGIF.dylib ??? (???) <9A2723D8-61F9-6D65-D254-4F9273CDA54A> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib
    0x7fff84d0a000 -     0x7fff84d8cfff  com.apple.QuickLookUIFramework 2.3 (327.6) <9093682A-0E2D-7D27-5F22-C96FD00AE970> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuickLookUI.framework/Versions/A/QuickLookUI
    0x7fff84d8d000 -     0x7fff85597fe7  libBLAS.dylib 219.0.0 (compatibility 1.0.0) <2F26CDC7-DAE9-9ABE-6806-93BBBDA20DA0> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
    0x7fff85600000 -     0x7fff8560ffff  com.apple.NetFS 3.2.1 (3.2.1) <DE59FB56-8536-9999-352A-2016ADCF4FCF> /System/Library/Frameworks/NetFS.framework/Versions/A/NetFS
    0x7fff856c6000 -     0x7fff859fafff  com.apple.CoreServices.CarbonCore 861.23 (861.23) <08F360FA-1771-4F0B-F356-BEF68BB9D421> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore
    0x7fff859fb000 -     0x7fff85acdfe7  com.apple.CFNetwork 454.11.5 (454.11.5) <B3E2BE12-D7AA-5940-632A-1E5E7BF8E6E3> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
    0x7fff85ace000 -     0x7fff85b11fef  libtidy.A.dylib ??? (???) <2F4273D3-418B-668C-F488-7E659D3A8C23> /usr/lib/libtidy.A.dylib
    0x7fff85b12000 -     0x7fff85b1dfff  com.apple.CrashReporterSupport 10.6.5 (252) <0895BE37-CC7E-1939-8020-489BFCB3E2C6> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Versions/A/CrashReporterSupport
    0x7fff86792000 -     0x7fff86bd5fef  libLAPACK.dylib 219.0.0 (compatibility 1.0.0) <57D38705-6F21-2A82-F3F6-03CFFF214775> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib
    0x7fff86bd6000 -     0x7fff86becfff  com.apple.ImageCapture 6.0.1 (6.0.1) <09ABF2E9-D110-71A9-4A6F-8A61B683E936> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture
    0x7fff86bed000 -     0x7fff86c3cfef  libTIFF.dylib ??? (???) <AE9DC484-1382-F7AD-FE25-C28082FCB5D9> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib
    0x7fff86c3d000 -     0x7fff86c4bff7  libkxld.dylib ??? (???) <4016E9E6-0645-5384-A697-2775B5228113> /usr/lib/system/libkxld.dylib
    0x7fff86c4c000 -     0x7fff86c50ff7  libCGXType.A.dylib 545.0.0 (compatibility 64.0.0) <63F77AC8-84CB-0C2F-8D2B-190EE5CCDB45> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXType.A.dylib
    0x7fff86c51000 -     0x7fff86c60fff  libxar.1.dylib ??? (???) <CBAF862A-3C77-6446-56C2-9C4461631AAF> /usr/lib/libxar.1.dylib
    0x7fff86cbf000 -     0x7fff86d4efff  com.apple.PDFKit 2.5.1 (2.5.1) <C0E3AE4B-E71A-16D8-0D51-FB7D3E3AD793> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/PDFKit.framework/Versions/A/PDFKit
    0x7fff86d4f000 -     0x7fff86d4fff7  com.apple.ApplicationServices 38 (38) <0E2FC75E-2BE2-D04D-CA78-76E38A89DD30> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
    0x7fff86d50000 -     0x7fff8712afff  com.apple.RawCamera.bundle 3.4.1 (546) <F7865FD2-4869-AB19-10AA-EFF1B3BC4178> /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera
    0x7fff8712b000 -     0x7fff871dafff  edu.mit.Kerberos 6.5.10 (6.5.10) <F3F76EDF-5660-78F0-FE6E-33B6174F55A4> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos
    0x7fff8723c000 -     0x7fff872a8ff7  com.apple.CorePDF 1.3 (1.3) <6770FFB0-DEA0-61E0-3520-4B95CCF5D1CF> /System/Library/PrivateFrameworks/CorePDF.framework/Versions/A/CorePDF
    0x7fff872a9000 -     0x7fff872a9ff7  com.apple.Carbon 150 (152) <19B37B7B-1594-AD0A-7F14-FA2F85AD7241> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
    0x7fff872aa000 -     0x7fff872fbfef  com.apple.HIServices 1.8.1 (???) <BE479ABF-3D27-A5C7-800E-3FFC1731767A> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices
    0x7fff872fc000 -     0x7fff87312fef  libbsm.0.dylib ??? (???) <0321D32C-9FE1-3919-E03E-2530A0C1191B> /usr/lib/libbsm.0.dylib
    0x7fff87313000 -     0x7fff87392fe7  com.apple.audio.CoreAudio 3.2.6 (3.2.6) <1DD64A62-0DE4-223F-F781-B272FECF80F0> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
    0x7fff87393000 -     0x7fff87394fff  com.apple.MonitorPanelFramework 1.3.0 (1.3.0) <EC039008-5367-090D-51FD-EA4D2623671A> /System/Library/PrivateFrameworks/MonitorPanel.framework/Versions/A/MonitorPanel
    0x7fff87395000 -     0x7fff873a9fff  libGL.dylib ??? (???) <1EB1BD0F-C17F-55DF-B8B4-8E9CF99359D4> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
    0x7fff873aa000 -     0x7fff874d0fff  com.apple.audio.toolbox.AudioToolbox 1.6.5 (1.6.5) <B51023BB-A5C9-3C65-268B-6B86B901BB2C> /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
    0x7fff874ec000 -     0x7fff874fefe7  libsasl2.2.dylib 3.15.0 (compatibility 3.0.0) <30FE378B-99FE-8C7C-06D0-A3AA0A0A70D4> /usr/lib/libsasl2.2.dylib
    0x7fff87584000 -     0x7fff87624fff  com.apple.LaunchServices 362.1 (362.1) <B4083624-2C88-0C4F-B047-40D3CC5B3325> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices
    0x7fff878f8000 -     0x7fff87975fef  libstdc++.6.dylib 7.9.0 (compatibility 7.0.0) <35ECA411-2C08-FD7D-11B1-1B7A04921A5C> /usr/lib/libstdc++.6.dylib
    0x7fff87976000 -     0x7fff87981fff  com.apple.corelocation 12.1 (12.1) <0B15767B-D752-7DA6-A8BB-5A1C9C39C5C8> /System/Library/Frameworks/CoreLocation.framework/Versions/A/CoreLocation
    0x7fff87982000 -     0x7fff8798ffe7  libCSync.A.dylib 545.0.0 (compatibility 64.0.0) <397B9057-5CDF-3B19-4E61-9DFD49369375> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib
    0x7fff879e0000 -     0x7fff87a42fe7  com.apple.datadetectorscore 2.0 (80.7) <C3A68083-AFB0-CFC6-8AA5-517C9D1489B6> /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/DataDetectorsCore
    0x7fff87a43000 -     0x7fff87a44ff7  com.apple.TrustEvaluationAgent 1.1 (1) <A91CE5B9-3C63-5F8C-5052-95CCAB866F72> /System/Library/PrivateFrameworks/TrustEvaluationAgent.framework/Versions/A/TrustEvaluationAgent
    0x7fff87a45000 -     0x7fff87a5bfe7  com.apple.MultitouchSupport.framework 207.10 (207.10) <1828C264-A54A-7FDD-FE1B-49DDE3F50779> /System/Library/PrivateFrameworks/MultitouchSupport.framework/Versions/A/MultitouchSupport
    0x7fff87a8c000 -     0x7fff87a8cff7  com.apple.Accelerate.vecLib 3.6 (vecLib 3.6) <4CCE5D69-F1B3-8FD3-1483-E0271DB2CCF3> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib
    0x7fff87a8d000 -     0x7fff87b46fff  libsqlite3.dylib 9.6.0 (compatibility 9.0.0) <2C5ED312-E646-9ADE-73A9-6199A2A43150> /usr/lib/libsqlite3.dylib
    0x7fff87b47000 -     0x7fff87b5bff7  com.apple.speech.synthesis.framework 3.10.35 (3.10.35) <574C1BE0-5E5E-CCAF-06F8-92A69CB2892D> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis
    0x7fff87b5c000 -     0x7fff87c84ff7  com.apple.MediaToolbox 0.484.20 (484.20) <628A7245-7ADE-AD47-3368-CF8EDCA6CC1C> /System/Library/PrivateFrameworks/MediaToolbox.framework/Versions/A/MediaToolbox
    0x7fff87c85000 -     0x7fff87d11fef  SecurityFoundation ??? (???) <6860DE26-0D42-D1E8-CD7C-5B42D78C1E1D> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation
    0x7fff87d12000 -     0x7fff87d5cff7  com.apple.Metadata 10.6.3 (507.12) <9231045A-E2E3-B0C2-C81A-92C9EA98A4DF> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata
    0x7fff87d5d000 -     0x7fff87d63ff7  IOSurface ??? (???) <04EDCEDE-E36F-15F8-DC67-E61E149D2C9A> /System/Library/Frameworks/IOSurface.framework/Versions/A/IOSurface
    0x7fff87d64000 -     0x7fff87d65fff  liblangid.dylib ??? (???) <D0666597-B331-C43C-67BB-F2E754079A7A> /usr/lib/liblangid.dylib
    0x7fff87d66000 -     0x7fff87d72fff  libbz2.1.0.dylib 1.0.5 (compatibility 1.0.0) <ECA200F9-9C46-579A-6447-16B8BFB93D96> /usr/lib/libbz2.1.0.dylib
    0x7fff87ec0000 -     0x7fff87f75fe7  com.apple.ink.framework 1.3.3 (107) <A68339AA-909D-E46C-35C0-72808EE3D043> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink
    0x7fff87fb5000 -     0x7fff87fbeff7  com.apple.DisplayServicesFW 2.3.0 (283) <3D05929C-AB17-B8A4-DC81-87C27C59E664> /System/Library/PrivateFrameworks/DisplayServices.framework/Versions/A/DisplayServices
    0x7fff87fbf000 -     0x7fff87fe0fff  libresolv.9.dylib 41.0.0 (compatibility 1.0.0) <6993F348-428F-C97E-7A84-7BD2EDC46A62> /usr/lib/libresolv.9.dylib
    0x7fff87fe1000 -     0x7fff88150fe7  com.apple.QTKit 7.6.6 (1756) <250AB242-816D-9F5D-94FB-18BF2AE9AAE7> /System/Library/Frameworks/QTKit.framework/Versions/A/QTKit
    0x7fff88151000 -     0x7fff88176ff7  com.apple.CoreVideo 1.6.2 (45.6) <E138C8E7-3CB6-55A9-0A2C-B73FE63EA288> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo
    0x7fff8835b000 -     0x7fff88360ff7  com.apple.CommonPanels 1.2.4 (91) <8B088D78-E508-6622-E477-E34C22CF2F67> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels
    0x7fff88361000 -     0x7fff88368fff  com.apple.OpenDirectory 10.6 (10.6) <4200CFB0-DBA1-62B8-7C7C-91446D89551F> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/OpenDirectory
    0x7fff88369000 -     0x7fff8836cff7  com.apple.securityhi 4.0 (36638) <38935851-09E4-DDAB-DB1D-30ADC39F7ED0> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI
    0x7fff8836d000 -     0x7fff883a6ff7  com.apple.MeshKit 1.1 (49.2) <B85DDDC7-4053-4DB8-E1B5-AA0CBD4CDD1C> /System/Library/PrivateFrameworks/MeshKit.framework/Versions/A/MeshKit
    0x7fff883a7000 -     0x7fff883d6fff  com.apple.quartzfilters 1.6.0 (1.6.0) <52D41730-D485-A7AE-4937-FE37FC732F65> /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzFilters.framework/Versions/A/QuartzFilters
    0x7fff883d7000 -     0x7fff883fdfe7  libJPEG.dylib ??? (???) <6690F15D-E970-2678-430E-590A94F5C8E9> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib
    0x7fff883fe000 -     0x7fff884bbff7  com.apple.CoreServices.OSServices 357 (357) <718F0719-DC9F-E392-7C64-9D7DFE3D02E2> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices
    0x7fff884bc000 -     0x7fff88556fff  com.apple.ApplicationServices.ATS 4.4 (???) <395849EE-244A-7323-6CBA-E71E3B722984> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS
    0x7fff88747000 -     0x7fff88780fef  libcups.2.dylib 2.8.0 (compatibility 2.0.0) <97F968EB-80ED-36FB-7819-D438B489E46E> /usr/lib/libcups.2.dylib
    0x7fff88797000 -     0x7fff887e3fff  libauto.dylib ??? (???) <F7221B46-DC4F-3153-CE61-7F52C8C293CF> /usr/lib/libauto.dylib
    0x7fff887e4000 -     0x7fff8880fff7  libxslt.1.dylib 3.24.0 (compatibility 3.0.0) <6589F0FC-41DB-8494-CA8B-487F4E328EB9> /usr/lib/libxslt.1.dylib
    0x7fff88810000 -     0x7fff88813ff7  libCoreVMClient.dylib ??? (???) <B1F41E5B-8B59-DB81-1654-C1F9B11E885F> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libCoreVMClient.dylib
    0x7fff88814000 -     0x7fff88f1106f  com.apple.CoreGraphics 1.545.0 (???) <356D59D6-1DD1-8BFF-F9B3-1CE51D2F1EC7> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
    0x7fff88f33000 -     0x7fff88f64fff  libGLImage.dylib ??? (???) <57DA0064-4581-62B8-37A8-A07ADEF46EE2> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib
    0x7fff88f65000 -     0x7fff88f8dfff  com.apple.DictionaryServices 1.1.2 (1.1.2) <E9269069-93FA-2B71-F9BA-FDDD23C4A65E> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices
    0x7fff88fb6000 -     0x7fff88ff7ff7  com.apple.CoreMedia 0.484.20 (484.20) <42F3B74A-F886-33A0-40EE-8399B12BD32A> /System/Library/PrivateFrameworks/CoreMedia.framework/Versions/A/CoreMedia
    0x7fff88ff8000 -     0x7fff8902dfef  com.apple.framework.Apple80211 6.2.3 (623.1) <E58C0A3A-BA14-9703-F6A3-3951A862570C> /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Apple80211
    0x7fff8902e000 -     0x7fff89145fef  libxml2.2.dylib 10.3.0 (compatibility 10.0.0) <AFE91118-DBF3-6313-37B8-8A2002C6A46B> /usr/lib/libxml2.2.dylib
    0x7fff89146000 -     0x7fff89166ff7  com.apple.DirectoryService.Framework 3.6 (621.9) <FF6567B5-56BD-F3EC-E59D-1EC583C3CF73> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService
    0x7fff89167000 -     0x7fff8916bff7  libmathCommon.A.dylib 315.0.0 (compatibility 1.0.0) <95718673-FEEE-B6ED-B127-BCDBDB60D4E5> /usr/lib/system/libmathCommon.A.dylib
    0x7fffffe00000 -     0x7fffffe01fff  libSystem.B.dylib ??? (???) <71E6D4C9-F945-6EC2-998C-D61AD590DAB6> /usr/lib/libSystem.B.dylib

Model: MacBookPro7,1, BootROM MBP71.0039.B0B, 2 processors, Intel Core 2 Duo, 2.4 GHz, 4 GB, SMC 1.62f6
Graphics: NVIDIA GeForce 320M, NVIDIA GeForce 320M, PCI, 256 MB
Memory Module: global_name
AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x8D), Broadcom BCM43xx 1.0 (5.10.131.36.1)
Bluetooth: Version 2.3.8f7, 2 service, 19 devices, 1 incoming serial ports
Network Service: Ethernet, Ethernet, en0
Serial ATA Device: TOSHIBA MK2555GSXF, 232,89 GB
Serial ATA Device: MATSHITADVD-R   UJ-898
USB Device: Built-in iSight, 0x05ac  (Apple Inc.), 0x8507, 0x24600000
USB Device: Internal Memory Card Reader, 0x05ac  (Apple Inc.), 0x8403, 0x26100000
USB Device: Hub in Apple Pro Keyboard, 0x05ac  (Apple Inc.), 0x1003, 0x06400000
USB Device: Optical USB Mouse, 0x046d  (Logitech Inc.), 0xc016, 0x06420000
USB Device: Apple Pro Keyboard, 0x05ac  (Apple Inc.), 0x020c, 0x06430000
USB Device: BRCM2046 Hub, 0x0a5c  (Broadcom Corp.), 0x4500, 0x06600000
USB Device: Bluetooth USB Host Controller, 0x05ac  (Apple Inc.), 0x8213, 0x06610000
USB Device: IR Receiver, 0x05ac  (Apple Inc.), 0x8242, 0x06500000
USB Device: Apple Internal Keyboard / Trackpad, 0x05ac  (Apple Inc.), 0x0237, 0x06300000
Comment 1 Ryosuke Niwa 2010-12-01 12:25:03 PST 
Is this really a regression?
Comment 2 Ryosuke Niwa 2010-12-01 12:41:27 PST 
Created attachment 75307 [details]
reduction
Comment 3 Alexey Proskuryakov 2010-12-01 12:45:29 PST 
Doesn't crash Safari 5.0.2.
Comment 4 Ryosuke Niwa 2010-12-01 13:14:28 PST 
(In reply to comment #3)
> Doesn't crash Safari 5.0.2.

I see.  Thanks for the clarification.  The problem appears to be that the endingSelection() and form's selections are pointing at different nodes.  Namely, in enabledDelete, selection returned by frame->editor()->selectionForCommand is pointing at new text node replaced by the input event handler ("b" in my reduced test case) but endingSelection used in TypingCommand::deleteKeyPressed is pointing at the old node ("a" in my reduced test case).
Comment 5 Ryosuke Niwa 2010-12-01 13:49:54 PST 
The problem is that EditCommand::endingSelection() is just retrieving the stored value.  We should update m_endingSelection or stop using it whenever we invoke the last edit command's m_endingSelection may be out of date.
Comment 6 Ryosuke Niwa 2010-12-01 15:14:55 PST 
I'm not even sure if we should be using the last typing command if the selection has changed.  It seems like we should create a new typing command.

Consider the following case:
1. User type "hello " into input element, and delete the last space.
2. Script modifies it to "world"
3. User undo

In this case, undo isn't even going to work.
Comment 7 Ryosuke Niwa 2010-12-01 15:23:03 PST 
Created attachment 75328 [details]
fixes the crash
Comment 8 Ryosuke Niwa 2010-12-01 15:27:51 PST 
(In reply to comment #7)
> Created an attachment (id=75328) [details]
> fixes the crash

I'm not sure if this is the correct fix for the problem because always updating the selection breaks undo.  As I wrote on the previous comment, I feel like we should be closing the typing command when we're updating the selection in the event handler.  However, setSelection is called before the typing command corresponding to InsertLineBreak concludes, and this prevents us from closing the type command because the command hasn't been added to the undo stack.  Furthermore, in some cases, we need to let typing command and its child commands update selection without closing itself.

Could someone familiar with typing command comment on this issue?
Comment 9 Darin Adler 2010-12-01 16:49:14 PST 
Comment on attachment 75328 [details]
fixes the crash

View in context: https://bugs.webkit.org/attachment.cgi?id=75328&action=review

I’m not sure this fix is quite right. It seems to me that a node involved in an editing operation might be removed for multiple reasons. Maybe there’s a better way to cope with it than changing the selection.

> WebCore/editing/TypingCommand.cpp:97
> +        VisibleSelection lastSelection = lastTypingCommand->endingSelection();
> +        VisibleSelection currentSelection = frame->selection()->selection();
> +        if (lastSelection != currentSelection) {

I don’t think you need the lastSelection local here. Might read better without it.
Comment 10 Ryosuke Niwa 2010-12-01 18:30:22 PST 
(In reply to comment #9)
> I’m not sure this fix is quite right. It seems to me that a node involved in an editing operation might be removed for multiple reasons.

Right.  But because those changes happen in the event handler, there are basically two options:
1. Update the selection of the previous typing command
2. Start a new typing command; i.e. close the last typing command.

But I'm not sure what is the correct timing to close the typing command if we chose option 2.  I chose option 1 because there's already code that does very similar thing in TypingCommand::inputText.

> > WebCore/editing/TypingCommand.cpp:97
> > +        VisibleSelection lastSelection = lastTypingCommand->endingSelection();
> > +        VisibleSelection currentSelection = frame->selection()->selection();
> > +        if (lastSelection != currentSelection) {
> 
> I don’t think you need the lastSelection local here. Might read better without it.

Good point.  Will fix later.
Comment 11 Ryosuke Niwa 2010-12-01 21:14:26 PST 
The similar selection changes made in TypingCommand::insertText is made by http://trac.webkit.org/changeset/19313.
Comment 12 Ryosuke Niwa 2010-12-01 21:36:34 PST 
(In reply to comment #11)
> The similar selection changes made in TypingCommand::insertText is made by http://trac.webkit.org/changeset/19313.

This change is addressing a slightly different issue though, which is to use the selection for insertion when it differs from what selection controller has.  But I can't think of why this should ever be the case because we update the frame's selection after modifying form text control's selection range.

Could someone tell me how this condition may arise?
Comment 13 Ryosuke Niwa 2010-12-02 17:11:53 PST 
Created attachment 75438 [details]
demo for insertText case

The same problem exists for insertText as well, and here's a demo.  We can fix this bug by the following change:

Index: WebCore/editing/InsertTextCommand.h
===================================================================
--- WebCore/editing/InsertTextCommand.h	(revision 73113)
+++ WebCore/editing/InsertTextCommand.h	(working copy)
@@ -54,6 +54,8 @@
     bool performTrivialReplace(const String&, bool selectInsertedText);
 
     unsigned m_charactersAdded;
+
+    friend class TypingCommand;
 };
 
 } // namespace WebCore
Index: WebCore/editing/TypingCommand.cpp
===================================================================
--- WebCore/editing/TypingCommand.cpp	(revision 73113)
+++ WebCore/editing/TypingCommand.cpp	(working copy)
@@ -163,12 +163,12 @@
     RefPtr<EditCommand> lastEditCommand = frame->editor()->lastEditCommand();
     if (isOpenForMoreTypingCommand(lastEditCommand.get())) {
         TypingCommand* lastTypingCommand = static_cast<TypingCommand*>(lastEditCommand.get());
-        if (changeSelection) {
+        if (lastTypingCommand->endingSelection() != selectionForInsertion) {
             lastTypingCommand->setStartingSelection(selectionForInsertion);
             lastTypingCommand->setEndingSelection(selectionForInsertion);
         }
         lastTypingCommand->insertText(newText, selectInsertedText);
-        if (changeSelection) {
+        if (lastTypingCommand->endingSelection() != selectionForInsertion) {
             lastTypingCommand->setEndingSelection(currentSelection);
             frame->selection()->setSelection(currentSelection);
         }
@@ -371,6 +371,10 @@
         command = InsertTextCommand::create(document());
         applyCommandToComposite(command);
     }
+    if (endingSelection() != command->endingSelection()) {
+        command->setStartingSelection(endingSelection());
+        command->setEndingSelection(endingSelection());
+    }
     command->input(text, selectInsertedText);
     typingAddedToOpenCommand(InsertText);
 }
Comment 14 Ryosuke Niwa 2010-12-03 00:46:24 PST 
Created attachment 75469 [details]
fixes the bug for good
Comment 15 Darin Adler 2010-12-03 09:27:07 PST 
Comment on attachment 75469 [details]
fixes the bug for good

Seems OK. It’s not good that the selection handling is so intimately tied in with the editing commands; at some point I think we can improve this greatly by refactoring and breaking the selection management away from the DOM mutation itself.
Comment 16 Ryosuke Niwa 2010-12-03 09:58:35 PST 
(In reply to comment #15)
> (From update of attachment 75469 [details])
> Seems OK. It’s not good that the selection handling is so intimately tied in with the editing commands; at some point I think we can improve this greatly by refactoring and breaking the selection management away from the DOM mutation itself.

Yeah, we need a better way of managing position in editing commands instead of using selection.  Ideally, we can make editing commands agnostic of what current selection is except when they're first instantiated.
Comment 17 Ryosuke Niwa 2010-12-03 10:56:57 PST 
Thanks for the review, Darin.  I'll be landing it shortly.
Comment 18 Ryosuke Niwa 2010-12-03 11:26:37 PST 
Committed r73279: <http://trac.webkit.org/changeset/73279>