Bug 62544

Summary: REGRESSION (r81518): Crash in makeRange() when invoking the dictionary panel over a file input
Product: WebKit Reporter: mitz
Component: FormsAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: adele, darin, dglazkov, enrica, rniwa, tkent
Priority: P1 Keywords: InRadar, Regression
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
URL: data:text/html,%3Cinput%20type=file%3E
Attachments:
Description Flags
fixes the crash mitz: review+

mitz
Reported 2011-06-13 09:19:44 PDT
<radar://problem/9544885> To reproduce: open the URL, move the mouse cursor over the Choose File button and press Command-Control-D (the default Dictionary panel shortcut). Results: crash with this backtrace: 0 com.apple.WebCore 0x00007fff89bb9585 WebCore::makeRange(WebCore::VisiblePosition const&, WebCore::VisiblePosition const&) + 277 1 com.apple.WebCore 0x00007fff89f8d4ff WebCore::Frame::rangeForPoint(WebCore::IntPoint const&) + 243 2 com.apple.WebKit2 0x00007fff88509ad1 WebKit::WebPage::performDictionaryLookupAtLocation(WebCore::FloatPoint const&) + 249 In a debug build, an assertion failure occurs in positionInParentAfterNode(), since nonShadowBoundaryParentNode() returns 0 (the parent of the button is a shadow root).
Attachments
fixes the crash (2.94 KB, patch)
2011-06-13 12:05 PDT, Ryosuke Niwa 		mitz: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
mitz
Comment 1 2011-06-13 09:52:18 PDT
While the details of the crash in its current incarnation have to do with r87067, the crash itself probably predates that revision.
mitz
Comment 2 2011-06-13 11:06:10 PDT
Caused by <http://trac.webkit.org/changeset/81518>
Ryosuke Niwa
Comment 3 2011-06-13 11:43:37 PDT
Do you know how I can open up dictionary panel in DRT? Or is that even supported?
mitz
Comment 4 2011-06-13 11:50:31 PDT
I don’t think you can open the dictionary panel, but the TextInputController characterIndexForPoint function may trigger the same code path.
Ryosuke Niwa
Comment 5 2011-06-13 12:05:33 PDT
Created attachment 96986 [details] fixes the crash
Ryosuke Niwa
Comment 6 2011-06-13 13:46:30 PDT
Committed r88685: <http://trac.webkit.org/changeset/88685>
mitz
Comment 7 2011-06-13 13:50:44 PDT
Thanks!
Ryosuke Niwa
Comment 8 2011-06-13 14:01:17 PDT
(In reply to comment #7) > Thanks! Nope. Thanks for the timely review!
Note You need to log in before you can comment on or make changes to this bug.