Bug 74585

Summary:

Crash when navigating with arrow key into empty anchor block with padding

Product:

WebKit

Reporter:

Daniel Jalkut <jalkut>

Component:

HTML Editing

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED WORKSFORME

Severity:

Major

CC:

enrica, eric, leviw, rniwa, webkit-bug-importer, webkit.review.bot, xji

Priority:

Keywords:

InRadar

Version:

528+ (Nightly build)

Hardware:

Mac (Intel)

OS:

OS X 10.7

Attachments:

Description	Flags
Fix and manual test to prevent crashing when navigating into an empty anchor	none
Patch take two	none
Patch take three	rniwa: review-
Patch take four	none
Patch take five: amend ChangeLog to reference the automated layout test	none

Daniel Jalkut

Reported 2011-12-14 21:46:52 PST

1. Enter the following HTML into the snippet editor, or load it as a standalone web page: <div contentEditable="true"> Click to place the editing cursor anywhere on this line ... then click the down arrow.<br /> <a style="background-color:red; padding-left:200px;"></a> </div> 2. Follow the instructions of clicking and pressing the arrow key down. 100% reproduceable crash on shipping Safari and with the latest nightly build from yesterday. Note that it's not as ridiculous as it seems to have an empty anchor. The real-world scenario where I saw this crash involved an "empty" anchor that nonetheless had a background image and padding, and was intended to be clicked. Process: WebProcess [46551] Path: /System/Library/PrivateFrameworks/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Identifier: com.apple.WebProcess Version: 7534.52 (7534.52.7) Build Info: WebKit2-7534052007000000~1 Code Type: X86-64 (Native) Parent Process: Safari [46416] Date/Time: 2011-12-15 00:40:38.083 -0500 OS Version: Mac OS X 10.7.2 (11C74) Report Version: 9 Interval Since Last Report: 203930 sec Crashes Since Last Report: 54 Per-App Interval Since Last Report: 976533 sec Per-App Crashes Since Last Report: 14 Anonymous UUID: 88E4A792-CFE4-4739-B750-B9A97FE938B4 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000035 VM Regions Near 0x35: --> __TEXT 0000000102e7c000-0000000102e7d000 [ 4K] r-x/rwx SM=COW /System/Library/PrivateFrameworks/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Application Specific Information: objc[46551]: garbage collection is OFF Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00007fff8fef8ea3 WebCore::RootInlineBox::closestLeafChildForLogicalLeftPosition(int, bool) + 103 1 com.apple.WebCore 0x00007fff9006bd5d WebCore::nextLinePosition(WebCore::VisiblePosition const&, int) + 1261 2 com.apple.WebCore 0x00007fff90069af5 WebCore::FrameSelection::modifyMovingForward(WebCore::TextGranularity) + 1517 3 com.apple.WebCore 0x00007fff90047565 WebCore::FrameSelection::modify(WebCore::FrameSelection::EAlteration, WebCore::SelectionDirection, WebCore::TextGranularity, bool) + 775 4 com.apple.WebCore 0x00007fff90047316 WebCore::FrameSelection::modify(WebCore::FrameSelection::EAlteration, WebCore::SelectionDirection, WebCore::TextGranularity, bool) + 184 5 com.apple.WebCore 0x00007fff900ea79f _ZN7WebCoreL15executeMoveDownEPNS_5FrameEPNS_5EventENS_19EditorCommandSourceERKN3WTF6StringE + 31 6 com.apple.WebCore 0x00007fff9004409d WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const + 171 7 com.apple.WebCore 0x00007fff9008639f WebCore::Editor::Command::execute(WebCore::Event*) const + 31 8 com.apple.WebKit2 0x00007fff924060b2 WebKit::WebPage::executeKeypressCommandsInternal(WTF::Vector<WebCore::KeypressCommand, 0ul> const&, WebCore::KeyboardEvent*) + 270 9 com.apple.WebKit2 0x00007fff924063ef WebKit::WebPage::handleEditingKeyboardEvent(WebCore::KeyboardEvent*, bool) + 473 10 com.apple.WebKit2 0x00007fff92422c7e WebKit::WebEditorClient::handleKeyboardEvent(WebCore::KeyboardEvent*) + 26 11 com.apple.WebCore 0x00007fff900861a4 WebCore::EventHandler::defaultKeyboardEventHandler(WebCore::KeyboardEvent*) + 64 12 com.apple.WebCore 0x00007fff8fcf1511 WebCore::Node::defaultEventHandler(WebCore::Event*) + 155 13 com.apple.WebCore 0x00007fff8fcf0bdb WebCore::EventDispatcher::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 1079 14 com.apple.WebCore 0x00007fff8fcf0768 WebCore::EventDispatchMediator::dispatchEvent(WebCore::EventDispatcher*) const + 40 15 com.apple.WebCore 0x00007fff8fcf0669 WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WebCore::EventDispatchMediator const&) + 41 16 com.apple.WebCore 0x00007fff8fcf05d7 WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 55 17 com.apple.WebCore 0x00007fff8fecd274 WebCore::EventTarget::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&) + 86 18 com.apple.WebCore 0x00007fff9008575e WebCore::EventHandler::keyEvent(WebCore::PlatformKeyboardEvent const&) + 976 19 com.apple.WebKit2 0x00007fff923fed62 WebKit::WebPage::keyEvent(WebKit::WebKeyboardEvent const&) + 110 20 com.apple.WebKit2 0x00007fff92427c37 void CoreIPC::handleMessage<Messages::WebPage::KeyEvent, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&)>(CoreIPC::ArgumentDecoder*, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebKeyboardEvent const&)) + 98 21 com.apple.WebKit2 0x00007fff9238b6ae CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) + 172 22 com.apple.WebKit2 0x00007fff9238b5c7 CoreIPC::Connection::dispatchMessages() + 145 23 com.apple.WebKit2 0x00007fff92387f03 RunLoop::performWork() + 111 24 com.apple.WebKit2 0x00007fff92387e74 RunLoop::performWork(void*) + 76 25 com.apple.CoreFoundation 0x00007fff8afb9b51 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 26 com.apple.CoreFoundation 0x00007fff8afb93bd __CFRunLoopDoSources0 + 253 27 com.apple.CoreFoundation 0x00007fff8afe01a9 __CFRunLoopRun + 905 28 com.apple.CoreFoundation 0x00007fff8afdfae6 CFRunLoopRunSpecific + 230 29 com.apple.HIToolbox 0x00007fff8c7863d3 RunCurrentEventLoopInMode + 277 30 com.apple.HIToolbox 0x00007fff8c78d63d ReceiveNextEventCommon + 355 31 com.apple.HIToolbox 0x00007fff8c78d4ca BlockUntilNextEventMatchingListInMode + 62 32 com.apple.AppKit 0x00007fff8dc843f1 _DPSNextEvent + 659 33 com.apple.AppKit 0x00007fff8dc83cf5 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135 34 com.apple.AppKit 0x00007fff8dc8062d -[NSApplication run] + 470 35 com.apple.WebKit2 0x00007fff924117bd WebKit::WebProcessMain(WebKit::CommandLine const&) + 587 36 com.apple.WebKit2 0x00007fff923fb9ce WebKitMain + 268 37 com.apple.WebProcess 0x0000000102e7ce56 0x102e7c000 + 3670 38 com.apple.WebProcess 0x0000000102e7cd64 0x102e7c000 + 3428 Thread 1:: Dispatch queue: com.apple.libdispatch-manager 0 libsystem_kernel.dylib 0x00007fff879647e6 kevent + 10 1 libdispatch.dylib 0x00007fff91cbc5be _dispatch_mgr_invoke + 923 2 libdispatch.dylib 0x00007fff91cbb14e _dispatch_mgr_thread + 54 Thread 2:: JavaScriptCore::BlockFree 0 libsystem_kernel.dylib 0x00007fff87963bca __psynch_cvwait + 10 1 libsystem_c.dylib 0x00007fff8776b274 _pthread_cond_wait + 840 2 com.apple.JavaScriptCore 0x00007fff867dc5f7 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 151 3 com.apple.JavaScriptCore 0x00007fff86a08ccf JSC::Heap::blockFreeingThreadMain() + 319 4 com.apple.JavaScriptCore 0x00007fff86a08d09 JSC::Heap::blockFreeingThreadStartFunc(void*) + 9 5 libsystem_c.dylib 0x00007fff877678bf _pthread_start + 335 6 libsystem_c.dylib 0x00007fff8776ab75 thread_start + 13 Thread 3:: WebCore: LocalStorage 0 libsystem_kernel.dylib 0x00007fff87963bca __psynch_cvwait + 10 1 libsystem_c.dylib 0x00007fff8776b274 _pthread_cond_wait + 840 2 com.apple.JavaScriptCore 0x00007fff867dc5a0 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 64 3 com.apple.WebCore 0x00007fff8fcd2d5a WTF::MessageQueue<WebCore::LocalStorageTask>::waitForMessage() + 132 4 com.apple.WebCore 0x00007fff8fcd2cb3 WebCore::LocalStorageThread::threadEntryPoint() + 99 5 com.apple.WebCore 0x00007fff8fcd2bfb WebCore::LocalStorageThread::threadEntryPointCallback(void*) + 9 6 libsystem_c.dylib 0x00007fff877678bf _pthread_start + 335 7 libsystem_c.dylib 0x00007fff8776ab75 thread_start + 13 Thread 4:: com.apple.NSURLConnectionLoader 0 libsystem_kernel.dylib 0x00007fff8796267a mach_msg_trap + 10 1 libsystem_kernel.dylib 0x00007fff87961d71 mach_msg + 73 2 com.apple.CoreFoundation 0x00007fff8afd7b6c __CFRunLoopServiceMachPort + 188 3 com.apple.CoreFoundation 0x00007fff8afe02d4 __CFRunLoopRun + 1204 4 com.apple.CoreFoundation 0x00007fff8afdfae6 CFRunLoopRunSpecific + 230 5 com.apple.Foundation 0x00007fff8bb6d0ab +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] + 335 6 com.apple.Foundation 0x00007fff8bb617fe -[NSThread main] + 68 7 com.apple.Foundation 0x00007fff8bb61776 __NSThread__main__ + 1575 8 libsystem_c.dylib 0x00007fff877678bf _pthread_start + 335 9 libsystem_c.dylib 0x00007fff8776ab75 thread_start + 13 Thread 5:: com.apple.CFSocket.private 0 libsystem_kernel.dylib 0x00007fff87963df2 __select + 10 1 com.apple.CoreFoundation 0x00007fff8b028f9b __CFSocketManager + 1355 2 libsystem_c.dylib 0x00007fff877678bf _pthread_start + 335 3 libsystem_c.dylib 0x00007fff8776ab75 thread_start + 13 Thread 6:: WebCore: LocalStorage 0 libsystem_kernel.dylib 0x00007fff87963bca __psynch_cvwait + 10 1 libsystem_c.dylib 0x00007fff8776b274 _pthread_cond_wait + 840 2 com.apple.JavaScriptCore 0x00007fff867dc5a0 WTF::ThreadCondition::timedWait(WTF::Mutex&, double) + 64 3 com.apple.WebCore 0x00007fff8fcd2d5a WTF::MessageQueue<WebCore::LocalStorageTask>::waitForMessage() + 132 4 com.apple.WebCore 0x00007fff8fcd2cb3 WebCore::LocalStorageThread::threadEntryPoint() + 99 5 com.apple.WebCore 0x00007fff8fcd2bfb WebCore::LocalStorageThread::threadEntryPointCallback(void*) + 9 6 libsystem_c.dylib 0x00007fff877678bf _pthread_start + 335 7 libsystem_c.dylib 0x00007fff8776ab75 thread_start + 13 Thread 7: 0 libsystem_kernel.dylib 0x00007fff87964192 __workq_kernreturn + 10 1 libsystem_c.dylib 0x00007fff87769594 _pthread_wqthread + 758 2 libsystem_c.dylib 0x00007fff8776ab85 start_wqthread + 13 Thread 0 crashed with X86 Thread State (64-bit): rax: 0x0000000000000000 rbx: 0x0000000000000001 rcx: 0x0000000103166948 rdx: 0x0000000000000001 rdi: 0x0000000103166d60 rsi: 0x0000000000000067 rbp: 0x00007fff62a79670 rsp: 0x00007fff62a79640 r8: 0x00007fff62a79628 r9: 0x0000000000000000 r10: 0x0000000000000030 r11: 0x00007ff69a128960 r12: 0x0000000000000000 r13: 0x000000010a8b23c0 r14: 0x0000000000000067 r15: 0x0000000000000000 rip: 0x00007fff8fef8ea3 rfl: 0x0000000000010246 cr2: 0x0000000000000035 Logical CPU: 2 Binary Images: 0x102e7c000 - 0x102e7cfff com.apple.WebProcess (7534.52 - 7534.52.7) <119A6F31-64D6-32B5-A8A4-E9FACFF688E7> /System/Library/PrivateFrameworks/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess 0x102e85000 - 0x102e85fff WebProcessShim.dylib (534.52.7 - compatibility 1.0.0) <D8CC57E7-6E7A-39E8-8EE6-78128E07A8B4> /System/Library/PrivateFrameworks/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcessShim.dylib 0x102eb7000 - 0x102f1ffff com.apple.CoreSymbolication (2.1 - 71) <C391E76A-255F-39A2-B3F0-0D67FF841A20> /System/Library/PrivateFrameworks/CoreSymbolication.framework/Versions/A/CoreSymbolication 0x102f5d000 - 0x102fb9ff7 com.apple.Symbolication (1.3 - 91) <58F8CDE7-632B-3EB7-880B-70B7EE342B80> /System/Library/PrivateFrameworks/Symbolication.framework/Versions/A/Symbolication 0x102ff9000 - 0x10302ffff com.apple.DebugSymbols (93 - 93) <C4093285-5AFE-36FA-900C-183192E0467B> /System/Library/PrivateFrameworks/DebugSymbols.framework/Versions/A/DebugSymbols 0x1064b5000 - 0x1064b6fff ATSHI.dylib (??? - ???) <F13B3CE7-DFD5-3FB4-B56F-73F6348A80EE> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/ATSHI.dylib 0x7fff62a7c000 - 0x7fff62ab0ac7 dyld (195.5 - ???) <4A6E2B28-C7A2-3528-ADB7-4076B9836041> /usr/lib/dyld 0x7fff85965000 - 0x7fff85972ff7 libbz2.1.0.dylib (1.0.5 - compatibility 1.0.0) <8EDE3492-D916-37B2-A066-3E0F054411FD> /usr/lib/libbz2.1.0.dylib 0x7fff85982000 - 0x7fff859abfff com.apple.CoreServicesInternal (113.8 - 113.8) <C1A3CF1B-BC45-3FC6-82B3-1511EBBA9D51> /System/Library/PrivateFrameworks/CoreServicesInternal.framework/Versions/A/CoreServicesInternal 0x7fff859ac000 - 0x7fff85dd9fff libLAPACK.dylib (??? - ???) <4F2E1055-2207-340B-BB45-E4F16171EE0D> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x7fff85dda000 - 0x7fff85e1afff libtidy.A.dylib (??? - ???) <E500CDB9-C010-3B1A-B995-774EE64F39BE> /usr/lib/libtidy.A.dylib 0x7fff85e1b000 - 0x7fff85ebafff com.apple.LaunchServices (480.21 - 480.21) <6BFADEA9-5BC1-3B53-A013-488EB7F1AB57> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x7fff85ebb000 - 0x7fff85f09fff libauto.dylib (??? - ???) <D8AC8458-DDD0-3939-8B96-B6CED81613EF> /usr/lib/libauto.dylib 0x7fff85f0a000 - 0x7fff85f30ff7 com.apple.framework.familycontrols (3.0 - 300) <41A6DFC2-EAF5-390A-83A1-C8832528705C> /System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/FamilyControls 0x7fff85f31000 - 0x7fff85f4efff libPng.dylib (??? - ???) <3C70A94C-9442-3E11-AF51-C1B0EF81680E> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x7fff85fb8000 - 0x7fff85fc6ff7 libkxld.dylib (??? - ???) <65BE345D-6618-3D1A-9E2B-255E629646AA> /usr/lib/system/libkxld.dylib 0x7fff85fc7000 - 0x7fff86012ff7 com.apple.SystemConfiguration (1.11.1 - 1.11) <F832FE21-5509-37C6-B1F1-48928F31BE45> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x7fff86013000 - 0x7fff86037ff7 com.apple.RemoteViewServices (1.2 - 39) <862849C8-84C1-32A1-B87E-B29E74778C9F> /System/Library/PrivateFrameworks/RemoteViewServices.framework/Versions/A/RemoteViewServices 0x7fff8606e000 - 0x7fff86079ff7 libc++abi.dylib (14.0.0 - compatibility 1.0.0) <8FF3D766-D678-36F6-84AC-423C878E6D14> /usr/lib/libc++abi.dylib 0x7fff86382000 - 0x7fff8638dff7 com.apple.speech.recognition.framework (4.0.19 - 4.0.19) <7ADAAF5B-1D78-32F2-9FFF-D2E3FBB41C2B> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x7fff8638e000 - 0x7fff86391fff libMatch.1.dylib (??? - ???) <B5F68196-AB9D-3899-8A0A-76001720C479> /usr/lib/libMatch.1.dylib 0x7fff863ee000 - 0x7fff86458fff com.apple.framework.IOKit (2.0 - ???) <87D55F1D-CDB5-3D13-A5F9-98EA4E22F8EE> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x7fff864bf000 - 0x7fff86618fff com.apple.audio.toolbox.AudioToolbox (1.7.1 - 1.7.1) <4877267E-F736-3019-85D3-40A32A042A80> /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x7fff86619000 - 0x7fff86646ff7 com.apple.opencl (1.50.63 - 1.50.63) <DB335C5C-3ABD-38C8-B6A5-8436EE1484D3> /System/Library/Frameworks/OpenCL.framework/Versions/A/OpenCL 0x7fff86647000 - 0x7fff8666eff7 libsandbox.1.dylib (??? - ???) <E30D1C79-C6B3-3167-AF20-045055A9C607> /usr/lib/libsandbox.1.dylib 0x7fff8666f000 - 0x7fff866a2ff7 com.apple.GSS (2.1 - 2.0) <9A2C9736-DA10-367A-B376-2C7A584E6C7A> /System/Library/Frameworks/GSS.framework/Versions/A/GSS 0x7fff866cf000 - 0x7fff866d0ff7 libremovefile.dylib (21.0.0 - compatibility 1.0.0) <C6C49FB7-1892-32E4-86B5-25AD165131AA> /usr/lib/system/libremovefile.dylib 0x7fff867d1000 - 0x7fff86a5cfff com.apple.JavaScriptCore (7534.52 - 7534.52.7) <4B188A38-3A5B-327D-ABE9-8EE2420B3791> /System/Library/Frameworks/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x7fff86a5d000 - 0x7fff86d79ff7 com.apple.CoreServices.CarbonCore (960.18 - 960.18) <6020C3FB-6125-3EAE-A55D-1E77E38BEDEA> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x7fff86f58000 - 0x7fff86f5cfff libmathCommon.A.dylib (2026.0.0 - compatibility 1.0.0) <FF83AFF7-42B2-306E-90AF-D539C51A4542> /usr/lib/system/libmathCommon.A.dylib 0x7fff86f5d000 - 0x7fff86f88ff7 libxslt.1.dylib (3.24.0 - compatibility 3.0.0) <8051A3FC-7385-3EA9-9634-78FC616C3E94> /usr/lib/libxslt.1.dylib 0x7fff86fde000 - 0x7fff87039ff7 com.apple.HIServices (1.10 - ???) <BAB8B422-7047-3D2D-8E0A-13FCF153E4E7> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x7fff8703a000 - 0x7fff871c4ff7 com.apple.WebKit (7534.52 - 7534.52.7) <D858B247-71C2-395A-9A44-A0B8B0713E3A> /System/Library/Frameworks/WebKit.framework/Versions/A/WebKit 0x7fff87233000 - 0x7fff87435fff libicucore.A.dylib (46.1.0 - compatibility 1.0.0) <38CD6ED3-C8E4-3CCD-89AC-9C3198803101> /usr/lib/libicucore.A.dylib 0x7fff87436000 - 0x7fff8743bfff libcache.dylib (47.0.0 - compatibility 1.0.0) <B7757E2E-5A7D-362E-AB71-785FE79E1527> /usr/lib/system/libcache.dylib 0x7fff8743c000 - 0x7fff8751afff com.apple.ImageIO.framework (3.1.1 - 3.1.1) <13E549F8-5BD6-3BAE-8C33-1D0BD269C081> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x7fff8751b000 - 0x7fff8757bfff libvDSP.dylib (325.4.0 - compatibility 1.0.0) <3A7521E6-5510-3FA7-AB65-79693A7A5839> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x7fff8757c000 - 0x7fff8767ffff libsqlite3.dylib (9.6.0 - compatibility 9.0.0) <7F60B0FF-4946-3639-89AB-B540D318B249> /usr/lib/libsqlite3.dylib 0x7fff87680000 - 0x7fff876bfff7 libGLImage.dylib (??? - ???) <2D1D8488-EC5F-3229-B983-CFDE0BB37586> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x7fff876c0000 - 0x7fff876c5fff libpam.2.dylib (3.0.0 - compatibility 3.0.0) <D952F17B-200A-3A23-B9B2-7C1F7AC19189> /usr/lib/libpam.2.dylib 0x7fff876c6000 - 0x7fff876c6fff com.apple.Cocoa (6.6 - ???) <021D4214-9C23-3CD8-AFB2-F331697A4508> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x7fff876c7000 - 0x7fff87709ff7 libcommonCrypto.dylib (55010.0.0 - compatibility 1.0.0) <A5B9778E-11C3-3F61-B740-1F2114E967FB> /usr/lib/system/libcommonCrypto.dylib 0x7fff87719000 - 0x7fff877f6fef libsystem_c.dylib (763.12.0 - compatibility 1.0.0) <FF69F06E-0904-3C08-A5EF-536FAFFFDC22> /usr/lib/system/libsystem_c.dylib 0x7fff8794d000 - 0x7fff8796dfff libsystem_kernel.dylib (1699.22.73 - compatibility 1.0.0) <69F2F501-72D8-3B3B-8357-F4418B3E1348> /usr/lib/system/libsystem_kernel.dylib 0x7fff8796e000 - 0x7fff87979fff com.apple.CommonAuth (2.1 - 2.0) <BFDD0A8D-4BEA-39EC-98B3-2E083D7B1ABD> /System/Library/PrivateFrameworks/CommonAuth.framework/Versions/A/CommonAuth 0x7fff8797a000 - 0x7fff879e2ff7 com.apple.audio.CoreAudio (4.0.1 - 4.0.1) <7966E3BE-376B-371A-A21D-9BD763C0BAE7> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x7fff87a34000 - 0x7fff87ea2fff com.apple.RawCamera.bundle (3.8.2 - 579) <3D4EBC1A-4139-3E22-B407-0D4887D8D208> /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera 0x7fff87ea3000 - 0x7fff87ea6fff libRadiance.dylib (??? - ???) <CD89D70D-F177-3BAE-8A26-644EA7D5E28E> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x7fff87eb2000 - 0x7fff87eb2fff com.apple.Accelerate (1.7 - Accelerate 1.7) <82DDF6F5-FBC3-323D-B71D-CF7ABC5CF568> /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x7fff87eb3000 - 0x7fff8818bff7 com.apple.security (7.0 - 55010) <93713FF4-FE86-3B4C-8150-5FCC7F3320C8> /System/Library/Frameworks/Security.framework/Versions/A/Security 0x7fff88285000 - 0x7fff8828eff7 libsystem_notify.dylib (80.1.0 - compatibility 1.0.0) <A4D651E3-D1C6-3934-AD49-7A104FD14596> /usr/lib/system/libsystem_notify.dylib 0x7fff882bd000 - 0x7fff882bdfff com.apple.vecLib (3.7 - vecLib 3.7) <9A58105C-B36E-35B5-812C-4ED693F2618F> /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x7fff882c7000 - 0x7fff882c9fff libquarantine.dylib (36.0.0 - compatibility 1.0.0) <4C3BFBC7-E592-3939-B376-1C2E2D7C5389> /usr/lib/system/libquarantine.dylib 0x7fff882dd000 - 0x7fff883dfff7 libxml2.2.dylib (10.3.0 - compatibility 10.0.0) <D46F371D-6422-31B7-BCE0-D80713069E0E> /usr/lib/libxml2.2.dylib 0x7fff889a4000 - 0x7fff889a4fff libkeymgr.dylib (23.0.0 - compatibility 1.0.0) <61EFED6A-A407-301E-B454-CD18314F0075> /usr/lib/system/libkeymgr.dylib 0x7fff889a5000 - 0x7fff889adfff libsystem_dnssd.dylib (??? - ???) <7749128E-D0C5-3832-861C-BC9913F774FA> /usr/lib/system/libsystem_dnssd.dylib 0x7fff889ae000 - 0x7fff889b5fff com.apple.NetFS (4.0 - 4.0) <B9F41443-679A-31AD-B0EB-36557DAF782B> /System/Library/Frameworks/NetFS.framework/Versions/A/NetFS 0x7fff889b6000 - 0x7fff889b7fff libdnsinfo.dylib (395.6.0 - compatibility 1.0.0) <718A135F-6349-354A-85D5-430B128EFD57> /usr/lib/system/libdnsinfo.dylib 0x7fff889b8000 - 0x7fff88a3bfef com.apple.Metadata (10.7.0 - 627.20) <E00156B0-663A-35EF-A307-A2CEB00F1845> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x7fff88a3c000 - 0x7fff88a41fff libcompiler_rt.dylib (6.0.0 - compatibility 1.0.0) <98ECD5F6-E85C-32A5-98CD-8911230CB66A> /usr/lib/system/libcompiler_rt.dylib 0x7fff88a42000 - 0x7fff88b37fff libiconv.2.dylib (7.0.0 - compatibility 7.0.0) <5C40E880-0706-378F-B864-3C2BD922D926> /usr/lib/libiconv.2.dylib 0x7fff89214000 - 0x7fff89298ff7 com.apple.ApplicationServices.ATS (317.5.0 - ???) <FE629F2D-6BC0-3A58-9844-D8B9A6808A00> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x7fff892ae000 - 0x7fff892affff libDiagnosticMessagesClient.dylib (??? - ???) <3DCF577B-F126-302B-BCE2-4DB9A95B8598> /usr/lib/libDiagnosticMessagesClient.dylib 0x7fff89342000 - 0x7fff89359fff com.apple.CFOpenDirectory (10.7 - 144) <9709423E-8484-3B26-AAE8-EF58D1B8FB3F> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/Frameworks/CFOpenDirectory.framework/Versions/A/CFOpenDirectory 0x7fff8938b000 - 0x7fff8938ffff libCGXType.A.dylib (600.0.0 - compatibility 64.0.0) <5EEAD17D-006C-3855-8093-C7A4A97EE0D0> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXType.A.dylib 0x7fff89390000 - 0x7fff893b9fff libJPEG.dylib (??? - ???) <64D079F9-256A-323B-A837-84628B172F21> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x7fff89497000 - 0x7fff89498ff7 libsystem_blocks.dylib (53.0.0 - compatibility 1.0.0) <8BCA214A-8992-34B2-A8B9-B74DEACA1869> /usr/lib/system/libsystem_blocks.dylib 0x7fff89499000 - 0x7fff89499fff com.apple.audio.units.AudioUnit (1.7.1 - 1.7.1) <04C10813-CCE5-3333-8C72-E8E35E417B3B> /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x7fff894f0000 - 0x7fff89983fff com.apple.Safari.framework (7534 - 7534.52.7) <566A916D-C5B2-33C5-BA2C-DE1FA2B3A156> /System/Library/PrivateFrameworks/Safari.framework/Versions/A/Safari 0x7fff899d8000 - 0x7fff899fcfff com.apple.Kerberos (1.0 - 1) <1F826BCE-DA8F-381D-9C4C-A36AA0EA1CB9> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos 0x7fff899fd000 - 0x7fff89b36fef com.apple.vImage (5.1 - 5.1) <EB634387-CD15-3246-AC28-5FB368ACCEA2> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x7fff89c16000 - 0x7fff89c23fff libCSync.A.dylib (600.0.0 - compatibility 64.0.0) <931F40EB-CA75-3A90-AC97-4DB8E210BC76> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x7fff89fc3000 - 0x7fff89fc9fff com.apple.DiskArbitration (2.4.1 - 2.4.1) <CEA34337-63DE-302E-81AA-10D717E1F699> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x7fff89fca000 - 0x7fff8a00bfff com.apple.QD (3.12 - ???) <4F3C5629-97C7-3E55-AF3C-ACC524929DA2> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x7fff8a00c000 - 0x7fff8a010ff7 com.apple.CommonPanels (1.2.5 - 94) <0BB2C436-C9D5-380B-86B5-E355A7711259> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x7fff8a20b000 - 0x7fff8a27bfff com.apple.datadetectorscore (3.0 - 179.4) <2A822A13-94B3-3A43-8724-98FDF698BB12> /System/Library/PrivateFrameworks/DataDetectorsCore.framework/Versions/A/DataDetectorsCore 0x7fff8a27e000 - 0x7fff8a282fff libdyld.dylib (195.5.0 - compatibility 1.0.0) <F1903B7A-D3FF-3390-909A-B24E09BAD1A5> /usr/lib/system/libdyld.dylib 0x7fff8a2ab000 - 0x7fff8a2b0fff com.apple.OpenDirectory (10.7 - 146) <91A87249-6A2F-3F89-A8DE-0E95C0B54A3A> /System/Library/Frameworks/OpenDirectory.framework/Versions/A/OpenDirectory 0x7fff8a2b1000 - 0x7fff8a2f3fff com.apple.corelocation (330.12 - 330.12) <CFDF7694-382A-30A8-8347-505BA0CAF312> /System/Library/Frameworks/CoreLocation.framework/Versions/A/CoreLocation 0x7fff8a2fb000 - 0x7fff8a318ff7 com.apple.openscripting (1.3.3 - ???) <A64205E6-D3C5-3E12-B1A0-72243151AF7D> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x7fff8a31e000 - 0x7fff8a324ff7 libunwind.dylib (30.0.0 - compatibility 1.0.0) <1E9C6C8C-CBE8-3F4B-A5B5-E03E3AB53231> /usr/lib/system/libunwind.dylib 0x7fff8a36e000 - 0x7fff8a47afff libcrypto.0.9.8.dylib (44.0.0 - compatibility 0.9.8) <3A8E1F89-5E26-3C8B-B538-81F5D61DBF8A> /usr/lib/libcrypto.0.9.8.dylib 0x7fff8a47b000 - 0x7fff8a48fff7 com.apple.LangAnalysis (1.7.0 - 1.7.0) <04C31EF0-912A-3004-A08F-CEC27030E0B2> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x7fff8a4ca000 - 0x7fff8a545ff7 com.apple.print.framework.PrintCore (7.1 - 366.1) <3F140DEB-9F87-3672-97CC-F983752581AC> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x7fff8a583000 - 0x7fff8a5f8ff7 libc++.1.dylib (19.0.0 - compatibility 1.0.0) <C0EFFF1B-0FEB-3F99-BE54-506B35B555A9> /usr/lib/libc++.1.dylib 0x7fff8a7fc000 - 0x7fff8a802fff IOSurface (??? - ???) <06FA3FDD-E6D5-391F-B60D-E98B169DAB1B> /System/Library/Frameworks/IOSurface.framework/Versions/A/IOSurface 0x7fff8a803000 - 0x7fff8a82afff com.apple.PerformanceAnalysis (1.10 - 10) <2A058167-292E-3C3A-B1F8-49813336E068> /System/Library/PrivateFrameworks/PerformanceAnalysis.framework/Versions/A/PerformanceAnalysis 0x7fff8a82b000 - 0x7fff8a837fff com.apple.CrashReporterSupport (10.7.2 - 347) <0F6D3509-9062-3647-B7C4-F25AF3AE9B71> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Versions/A/CrashReporterSupport 0x7fff8a872000 - 0x7fff8a9d8fff com.apple.CFNetwork (520.2.5 - 520.2.5) <406712D9-3F0C-3763-B4EB-868D01F1F042> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x7fff8af10000 - 0x7fff8afa6ff7 libvMisc.dylib (325.4.0 - compatibility 1.0.0) <642D8D54-F9F5-3FBB-A96C-EEFE94C6278B> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x7fff8afa7000 - 0x7fff8b17bfff com.apple.CoreFoundation (6.7.1 - 635.15) <FE4A86C2-3599-3CF8-AD1A-822F1FEA820F> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x7fff8b22f000 - 0x7fff8b24bff7 com.apple.GenerationalStorage (1.0 - 125) <31F60175-E38D-3C63-8D95-32CFE7062BCB> /System/Library/PrivateFrameworks/GenerationalStorage.framework/Versions/A/GenerationalStorage 0x7fff8b28b000 - 0x7fff8b32ffef com.apple.ink.framework (1.3.2 - 110) <F69DBD44-FEC8-3C14-8131-CC0245DBBD42> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x7fff8b35a000 - 0x7fff8b35bfff libunc.dylib (24.0.0 - compatibility 1.0.0) <C67B3B14-866C-314F-87FF-8025BEC2CAAC> /usr/lib/system/libunc.dylib 0x7fff8b3d3000 - 0x7fff8b3e5ff7 libbsm.0.dylib (??? - ???) <349BB16F-75FA-363F-8D98-7A9C3FA90A0D> /usr/lib/libbsm.0.dylib 0x7fff8b45f000 - 0x7fff8b475ff7 com.apple.ImageCapture (7.0 - 7.0) <69E6E2E1-777E-332E-8BCF-4F0611517DD0> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x7fff8b4ea000 - 0x7fff8b4f1fff libcopyfile.dylib (85.1.0 - compatibility 1.0.0) <172B1985-F24A-34E9-8D8B-A2403C9A0399> /usr/lib/system/libcopyfile.dylib 0x7fff8b4fe000 - 0x7fff8b501ff7 com.apple.securityhi (4.0 - 1) <B37B8946-BBD4-36C1-ABC6-18EDBC573F03> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x7fff8b502000 - 0x7fff8bae6fff libBLAS.dylib (??? - ???) <C34F6D88-187F-33DC-8A68-C0C9D1FA36DF> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x7fff8bae7000 - 0x7fff8bb06fff libresolv.9.dylib (46.0.0 - compatibility 1.0.0) <33263568-E6F3-359C-A4FA-66AD1300F7D4> /usr/lib/libresolv.9.dylib 0x7fff8bb07000 - 0x7fff8be20ff7 com.apple.Foundation (6.7.1 - 833.20) <D922F590-FDA6-3D89-A271-FD35E2290624> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x7fff8beb2000 - 0x7fff8bfbffff libJP2.dylib (??? - ???) <6052C973-9354-35CB-AAB9-31D00D8786F9> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib 0x7fff8c0bf000 - 0x7fff8c186ff7 com.apple.ColorSync (4.7.0 - 4.7.0) <F325A9D7-7203-36B7-8C1C-B6A4D5CC73A8> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x7fff8c1d6000 - 0x7fff8c228ff7 libGLU.dylib (??? - ???) <3C9153A0-8499-3DC0-AAA4-9FA6E488BE13> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x7fff8c229000 - 0x7fff8c6f0fff FaceCoreLight (1.4.7 - compatibility 1.0.0) <E9D2A69C-6E81-358C-A162-510969F91490> /System/Library/PrivateFrameworks/FaceCoreLight.framework/Versions/A/FaceCoreLight 0x7fff8c784000 - 0x7fff8caa8fff com.apple.HIToolbox (1.8 - ???) <A3BE7C59-52E6-3A7F-9B30-24B7DD3E95F2> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x7fff8cabc000 - 0x7fff8cabffff libCoreVMClient.dylib (??? - ???) <E034C772-4263-3F48-B083-25A758DD6228> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libCoreVMClient.dylib 0x7fff8cac4000 - 0x7fff8cadbfff com.apple.MultitouchSupport.framework (220.62.1 - 220.62.1) <F21C79C0-4B5A-3645-81A6-74F8EFA900CE> /System/Library/PrivateFrameworks/MultitouchSupport.framework/Versions/A/MultitouchSupport 0x7fff8cb7e000 - 0x7fff8cbbeff7 libcups.2.dylib (2.9.0 - compatibility 2.0.0) <B7173CA4-CE16-3BAB-8D83-185FCEFA15F5> /usr/lib/libcups.2.dylib 0x7fff8cbbf000 - 0x7fff8cbfefff com.apple.AE (527.7 - 527.7) <B82F7ABC-AC8B-3507-B029-969DD5CA813D> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x7fff8cbff000 - 0x7fff8cc53ff7 com.apple.ScalableUserInterface (1.0 - 1) <1873D7BE-2272-31A1-8F85-F70C4D706B3B> /System/Library/Frameworks/QuartzCore.framework/Versions/A/Frameworks/ScalableUserInterface.framework/Versions/A/ScalableUserInterface 0x7fff8cc54000 - 0x7fff8cdf3fff com.apple.QuartzCore (1.7 - 270.0) <E8FC9AA4-A5CB-384B-AD29-7190A1387D3E> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x7fff8d54c000 - 0x7fff8d54cfff com.apple.Accelerate.vecLib (3.7 - vecLib 3.7) <C06A140F-6114-3B8B-B080-E509303145B8> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x7fff8d54d000 - 0x7fff8d54dfff com.apple.Carbon (153 - 153) <895C2BF2-1666-3A59-A669-311B1F4F368B> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x7fff8d7bd000 - 0x7fff8d870fff com.apple.CoreText (220.11.0 - ???) <4EA8E2DF-542D-38D5-ADB9-C0DAA73F898B> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x7fff8d871000 - 0x7fff8d8c4fff libFontRegistry.dylib (??? - ???) <57FBD85F-41A6-3DB9-B5F4-FCC6B260F1AD> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libFontRegistry.dylib 0x7fff8daf0000 - 0x7fff8db66fff com.apple.ISSupport (1.9.8 - 56) <2CEE7E6B-D841-36D8-BC9F-081B33F6E501> /System/Library/PrivateFrameworks/ISSupport.framework/Versions/A/ISSupport 0x7fff8db67000 - 0x7fff8db67fff com.apple.CoreServices (53 - 53) <043C8026-8EDD-3241-B090-F589E24062EF> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x7fff8dc7b000 - 0x7fff8e87cff7 com.apple.AppKit (6.7.2 - 1138.23) <5CD2C850-4F52-3BA2-BA11-3107DFD2D23C> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x7fff8e87d000 - 0x7fff8e982ff7 libFontParser.dylib (??? - ???) <B9A53808-C97E-3293-9C33-1EA9D4E83EC8> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/libFontParser.dylib 0x7fff8e983000 - 0x7fff8ea64fff com.apple.CoreServices.OSServices (478.29 - 478.29) <B487110E-C942-33A8-A494-3BDEDB88B1CD> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x7fff8ea65000 - 0x7fff8eaeaff7 com.apple.Heimdal (2.1 - 2.0) <C92E327E-CB5F-3C9B-92B0-F1680095C8A3> /System/Library/PrivateFrameworks/Heimdal.framework/Versions/A/Heimdal 0x7fff8eaeb000 - 0x7fff8eb18fe7 libSystem.B.dylib (159.1.0 - compatibility 1.0.0) <095FDD3C-3961-3865-A59B-A5B0A4B8B923> /usr/lib/libSystem.B.dylib 0x7fff8eb60000 - 0x7fff8f273587 com.apple.CoreGraphics (1.600.0 - ???) <A9F2451E-6F60-350E-A6E5-539669B53074> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x7fff8f274000 - 0x7fff8f28afff libGL.dylib (??? - ???) <6A473BF9-4D35-34C6-9F8B-86B68091A9AF> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x7fff8f28b000 - 0x7fff8f2a8ff7 libxpc.dylib (77.17.0 - compatibility 1.0.0) <72A16104-2F23-3C22-B474-1953F06F9376> /usr/lib/system/libxpc.dylib 0x7fff8f2a9000 - 0x7fff8f30bfff com.apple.coreui (1.2.1 - 164.1) <F7972630-F696-3FC5-9FCF-A6E1C8771078> /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI 0x7fff8f30c000 - 0x7fff8f312fff libGFXShared.dylib (??? - ???) <343AE6C0-EB02-333C-8D35-DF6093B92758> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGFXShared.dylib 0x7fff8f313000 - 0x7fff8f314fff libsystem_sandbox.dylib (??? - ???) <8D14139B-B671-35F4-9E5A-023B4C523C38> /usr/lib/system/libsystem_sandbox.dylib 0x7fff8f74d000 - 0x7fff8f775ff7 com.apple.CoreVideo (1.7 - 70.1) <98F917B2-FB53-3EA3-B548-7E97B38309A7> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x7fff8f776000 - 0x7fff8f779fff com.apple.help (1.3.2 - 42) <AB67588E-7227-3993-927F-C9E6DAC507FD> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x7fff8f7f7000 - 0x7fff8f8dbdef libobjc.A.dylib (228.0.0 - compatibility 1.0.0) <C5F2392D-B481-3A9D-91BE-3D039FFF4DEC> /usr/lib/libobjc.A.dylib 0x7fff8f8dc000 - 0x7fff8f917ff7 libsystem_info.dylib (??? - ???) <9C8C2DCB-96DB-3471-9DCE-ADCC26BE2DD4> /usr/lib/system/libsystem_info.dylib 0x7fff8fa6e000 - 0x7fff8fa70fff com.apple.TrustEvaluationAgent (2.0 - 1) <1F31CAFF-C1C6-33D3-94E9-11B721761DDF> /System/Library/PrivateFrameworks/TrustEvaluationAgent.framework/Versions/A/TrustEvaluationAgent 0x7fff8fa71000 - 0x7fff8fa78ff7 com.apple.CommerceCore (1.0 - 17) <AA783B87-48D4-3CA6-8FF6-0316396022F4> /System/Library/PrivateFrameworks/CommerceKit.framework/Versions/A/Frameworks/CommerceCore.framework/Versions/A/CommerceCore 0x7fff8fa79000 - 0x7fff8fa8bff7 libz.1.dylib (1.2.5 - compatibility 1.0.0) <30CBEF15-4978-3DED-8629-7109880A19D4> /usr/lib/libz.1.dylib 0x7fff8fa8d000 - 0x7fff8fca7fef com.apple.CoreData (104 - 358.12) <33B1FA75-7970-3751-9DCC-FF809D3E1FA2> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x7fff8fcb0000 - 0x7fff909bbff7 com.apple.WebCore (7534.52 - 7534.52.12) <32AF92F7-44FC-3ADB-A6DD-D58A3EA88EFE> /System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebCore.framework/Versions/A/WebCore 0x7fff90d28000 - 0x7fff90d7ffff libTIFF.dylib (??? - ???) <FF0D9A24-6956-3F03-81EA-3EEAD22C9DB8> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x7fff90d80000 - 0x7fff90da9ff7 com.apple.framework.Apple80211 (7.1.1 - 711.1) <FD0675E6-6602-3C28-85AA-6A4AF6B36D78> /System/Library/PrivateFrameworks/Apple80211.framework/Versions/A/Apple80211 0x7fff90daa000 - 0x7fff90e1dfff libstdc++.6.dylib (52.0.0 - compatibility 7.0.0) <6BDD43E4-A4B1-379E-9ED5-8C713653DFF2> /usr/lib/libstdc++.6.dylib 0x7fff90e80000 - 0x7fff910f3fff com.apple.CoreImage (7.82 - 1.0.1) <282801B6-5D80-3E2C-88A4-00FE29906D5A> /System/Library/Frameworks/QuartzCore.framework/Versions/A/Frameworks/CoreImage.framework/Versions/A/CoreImage 0x7fff91889000 - 0x7fff9188efff libGIF.dylib (??? - ???) <393E2DB5-9479-39A6-A75A-B5F20B852532> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x7fff91bb6000 - 0x7fff91cb8ff7 com.apple.PubSub (1.0.5 - 65.28) <8251731B-2EAA-3957-82B6-3FF0E096645A> /System/Library/Frameworks/PubSub.framework/Versions/A/PubSub 0x7fff91cb9000 - 0x7fff91cc7fff libdispatch.dylib (187.7.0 - compatibility 1.0.0) <712AAEAC-AD90-37F7-B71F-293FF8AE8723> /usr/lib/system/libdispatch.dylib 0x7fff91cdb000 - 0x7fff91ce1fff libmacho.dylib (800.0.0 - compatibility 1.0.0) <D86F63EC-D2BD-32E0-8955-08B5EAFAD2CC> /usr/lib/system/libmacho.dylib 0x7fff91d7c000 - 0x7fff91dacff7 com.apple.DictionaryServices (1.2.1 - 158.2) <3FC86118-7553-38F7-8916-B329D2E94476> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices 0x7fff91dad000 - 0x7fff91dc0ff7 libCRFSuite.dylib (??? - ???) <034D4DAA-63F0-35E4-BCEF-338DD7A453DD> /usr/lib/libCRFSuite.dylib 0x7fff91dc1000 - 0x7fff91e63ff7 com.apple.securityfoundation (5.0 - 55005) <0D59908C-A61B-389E-AF37-741ACBBA6A94> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x7fff91e64000 - 0x7fff91e65fff liblangid.dylib (??? - ???) <CACBE3C3-2F7B-3EED-B50E-EDB73F473B77> /usr/lib/liblangid.dylib 0x7fff91f9c000 - 0x7fff91fabff7 com.apple.opengl (1.7.5 - 1.7.5) <2945F1A6-910C-3596-9988-5701B04BD821> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x7fff91fac000 - 0x7fff91fefff7 libRIP.A.dylib (600.0.0 - compatibility 64.0.0) <2B1571E1-8E87-364E-BC36-C9C9B5D3EAC4> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x7fff91ffe000 - 0x7fff92116ff7 com.apple.DesktopServices (1.6.1 - 1.6.1) <4418EAA6-7163-3A77-ABD3-F8289796C81A> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x7fff92117000 - 0x7fff92128ff7 SyndicationUI (??? - ???) <C8084303-1ABA-3FE8-A3F2-2EF67A70FF50> /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI 0x7fff92129000 - 0x7fff921c3ff7 com.apple.SearchKit (1.4.0 - 1.4.0) <4E70C394-773E-3A4B-A93C-59A88ABA9509> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x7fff92228000 - 0x7fff92271fff com.apple.framework.CoreWLAN (2.1.1 - 211.3) <0FBC6087-6872-3403-A317-CE888969CF4C> /System/Library/Frameworks/CoreWLAN.framework/Versions/A/CoreWLAN 0x7fff92272000 - 0x7fff92277ff7 libsystem_network.dylib (??? - ???) <5DE7024E-1D2D-34A2-80F4-08326331A75B> /usr/lib/system/libsystem_network.dylib 0x7fff92278000 - 0x7fff92287fff libxar.1.dylib (??? - ???) <58B07AA0-BC12-36E3-94FC-C252719A1BDF> /usr/lib/libxar.1.dylib 0x7fff922a6000 - 0x7fff922b4fff com.apple.NetAuth (1.0 - 3.0) <F384FFFD-70F6-3B1C-A886-F5B446E456E7> /System/Library/PrivateFrameworks/NetAuth.framework/Versions/A/NetAuth 0x7fff922b5000 - 0x7fff922cafff com.apple.speech.synthesis.framework (4.0.74 - 4.0.74) <C061ECBB-7061-3A43-8A18-90633F943295> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x7fff922d8000 - 0x7fff9230dfff com.apple.securityinterface (5.0 - 55004) <790DDF7E-6BA9-36DD-B818-2322A712E1F5> /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x7fff9235f000 - 0x7fff92369ff7 liblaunch.dylib (392.18.0 - compatibility 1.0.0) <39EF04F2-7F0C-3435-B785-BF283727FFBD> /usr/lib/system/liblaunch.dylib 0x7fff9236a000 - 0x7fff9236cfff libCVMSPluginSupport.dylib (??? - ???) <61D89F3C-C64D-3733-819F-8AAAE4E2E993> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libCVMSPluginSupport.dylib 0x7fff9236d000 - 0x7fff9236fff7 com.apple.print.framework.Print (7.1 - 247.1) <8A4925A5-BAA3-373C-9B5D-03E0270C6B12> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x7fff92370000 - 0x7fff92523fff com.apple.WebKit2 (7534.52 - 7534.52.7) <052082D7-344A-3077-9F7B-EC74DC345DD8> /System/Library/PrivateFrameworks/WebKit2.framework/Versions/A/WebKit2 0x7fff92524000 - 0x7fff92524fff com.apple.ApplicationServices (41 - 41) <03F3FA8F-8D2A-3AB6-A8E3-40B001116339> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices External Modification Summary: Calls made by other processes targeting this process: task_for_pid: 8 thread_create: 0 thread_set_state: 0 Calls made by this process: task_for_pid: 0 thread_create: 0 thread_set_state: 0 Calls made by all processes on this machine: task_for_pid: 165747 thread_create: 4 thread_set_state: 73089 VM Region Summary: ReadOnly portion of Libraries: Total=169.3M resident=90.1M(53%) swapped_out_or_unallocated=79.2M(47%) Writable regions: Total=1.2G written=64.7M(5%) resident=86.1M(7%) swapped_out=10.2M(1%) unallocated=1.1G(93%) REGION TYPE VIRTUAL =========== ======= ATS (font support) 32.0M ATS (font support) (reserved) 4K reserved VM address space (unallocated) CG shared images 3408K CoreGraphics 16K CoreServices 7124K JS JIT generated code 128.0M JS JIT generated code (reserved) 896.0M reserved VM address space (unallocated) JS VM register file 4096K JS garbage collector 5920K MALLOC 90.7M MALLOC guard page 32K MALLOC_LARGE (reserved) 536K reserved VM address space (unallocated) Memory tag=242 12K Memory tag=251 48K SQLite page cache 2784K STACK GUARD 56.0M Stack 11.1M VM_ALLOCATE 16.4M WebCore purgeable data 280K __CI_BITMAP 80K __DATA 16.4M __IMAGE 1256K __LINKEDIT 47.9M __TEXT 121.4M __UNICODE 544K mapped file 35.9M shared memory 4736K =========== ======= TOTAL 1.4G TOTAL, minus reserved VM space 585.5M Model: MacBookPro6,2, BootROM MBP61.0057.B0C, 2 processors, Intel Core i7, 2.8 GHz, 8 GB, SMC 1.58f16 Graphics: NVIDIA GeForce GT 330M, NVIDIA GeForce GT 330M, PCIe, 512 MB Graphics: Intel HD Graphics, Intel HD Graphics, Built-In, 288 MB Memory Module: BANK 0/DIMM0, 4 GB, DDR3, 1067 MHz, 0x80CE, 0x4D34373142353237334348302D4346382020 Memory Module: BANK 1/DIMM0, 4 GB, DDR3, 1067 MHz, 0x80CE, 0x4D34373142353237334348302D4346382020 AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x93), Broadcom BCM43xx 1.0 (5.100.98.75.18) Bluetooth: Version 4.0.1f4, 2 service, 11 devices, 1 incoming serial ports Network Service: Wi-Fi, AirPort, en1 Serial ATA Device: APPLE SSD TS256B, 251 GB Serial ATA Device: MATSHITADVD-R UJ-898 USB Device: hub_device, 0x0424 (SMSC), 0x2514, 0xfd100000 / 2 USB Device: Hub in Apple Extended USB Keyboard, apple_vendor_id, 0x1003, 0xfd130000 / 5 USB Device: ScanSnap S1500, 0x04c5 (Fujitsu Ltd.), 0x11a2, 0xfd131000 / 8 USB Device: ET-0405A-UV2.0-3, 0x056a (WACOM Co., Ltd.), 0x0011, 0xfd132000 / 7 USB Device: Apple Extended USB Keyboard, apple_vendor_id, 0x020b, 0xfd133000 / 6 USB Device: IR Receiver, apple_vendor_id, 0x8242, 0xfd120000 / 4 USB Device: Built-in iSight, apple_vendor_id, 0x8507, 0xfd110000 / 3 USB Device: hub_device, 0x0424 (SMSC), 0x2514, 0xfa100000 / 2 USB Device: Apple Internal Keyboard / Trackpad, apple_vendor_id, 0x0236, 0xfa120000 / 5 USB Device: BRCM2070 Hub, 0x0a5c (Broadcom Corp.), 0x4500, 0xfa110000 / 4 USB Device: Bluetooth USB Host Controller, apple_vendor_id, 0x8218, 0xfa113000 / 7 USB Device: Internal Memory Card Reader, apple_vendor_id, 0x8403, 0xfa130000 / 3

Attachments
Fix and manual test to prevent crashing when navigating into an empty anchor (4.84 KB, patch) 2011-12-30 11:22 PST, Daniel Jalkut	no flags	Details Formatted Diff Diff
Patch take two (6.26 KB, patch) 2011-12-30 11:37 PST, Daniel Jalkut	no flags	Details Formatted Diff Diff
Patch take three (6.19 KB, patch) 2011-12-30 11:49 PST, Daniel Jalkut	rniwa: review-	Details Formatted Diff Diff
Patch take four (6.16 KB, patch) 2011-12-30 13:03 PST, Daniel Jalkut	no flags	Details Formatted Diff Diff
Patch take five: amend ChangeLog to reference the automated layout test (6.14 KB, patch) 2011-12-30 13:10 PST, Daniel Jalkut	no flags	Details Formatted Diff Diff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2011-12-16 12:41:22 PST

<rdar://problem/10594869>

Daniel Jalkut

Comment 2 2011-12-30 07:45:10 PST

The crash seems to stem from the assumption that a given InlineBox will have non-NULL leaf children. InlineBox* RootInlineBox::closestLeafChildForLogicalLeftPosition(int leftPosition, bool onlyEditableLeaves) { InlineBox* firstLeaf = firstLeafChild(); InlineBox* lastLeaf = lastLeafChild(); if (firstLeaf == lastLeaf && (!onlyEditableLeaves || isEditableLeaf(firstLeaf))) return firstLeaf; Currently the behavior when this method is reached for a box with no children, is to crash hard later in the method, trying to dereference firstLeaf. The implicit contract for closestLeafChildForLogicalLeftPosition seems to be that it will always return a non-NULL result (its callers blindly dereference the result). So what is the appropriate return value when a RootInlineBox with no children is asked for the closestLeafChildForLogicalLeftPosition? Is it just the box itself? What if "onlyEditableLeaves" is true but the box itself is not editable?

Daniel Jalkut

Comment 3 2011-12-30 08:13:23 PST

I think in deciding how to address this bug, it should be determined whether navigating into this empty anchor block should or shouldn't succeed. I think ideally it would move the insertion position to the point in the block where a character would exist if it were part of the anchor innerHTML. Currently if you position the cursor to the LEFT of the problematic block, and attempt to right-arrow into the block, it also fails, but doesn't crash. In this scenario, modifyMovingRight rejects the block as a navigable target, and returns the current position. This behavior would be an acceptable compromise for the attempt to move up or down into the block as well (selectNextLine and selectPreviousLine).

Daniel Jalkut

Comment 4 2011-12-30 11:22:10 PST

Created attachment 120807 [details] Fix and manual test to prevent crashing when navigating into an empty anchor I decided I could offer a patch that at least alleviates the crashing nature of the bug. With the attached patch, the closestLeafChild... methods in RootInlineBox are allowed to return 0, and the callers (only two I could find) are now expected to handle this situation gracefully. I feel that ideally the behavior when navigating into this empty anchor would be to place the cursor where typing would change the innerHTML of the anchor from void to something. But I don't feel qualified to develop a patch achieving this yet. I hope you will consider the patch as-is since it will at least change the behavior from one where WebKit crashes every time, to one where the behavior is merely a little frustrating (the cursor navigates as far in the adjacent box as possible, without entering the empty anchor).

Daniel Jalkut

Comment 5 2011-12-30 11:24:48 PST

Comment on attachment 120807 [details] Fix and manual test to prevent crashing when navigating into an empty anchor Oops - my patch doesn't contain the manual tests I added. Will fix and reattach.

WebKit Review Bot

Comment 6 2011-12-30 11:24:55 PST

Attachment 120807 [details] did not pass style-queue: Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'ChangeLog', u'Source/WebCore/ChangeLog', u..." exit_code: 1 Source/WebCore/editing/visible_units.cpp:612: Tests for true/false, null/non-null, and zero/non-zero should all be done without equality comparisons. [readability/comparison_to_zero] [5] Source/WebCore/editing/visible_units.cpp:718: Tests for true/false, null/non-null, and zero/non-zero should all be done without equality comparisons. [readability/comparison_to_zero] [5] Total errors found: 2 in 4 files If any of these errors are false positives, please file a bug against check-webkit-style.

Daniel Jalkut

Comment 7 2011-12-30 11:37:06 PST

Created attachment 120809 [details] Patch take two I added the ManualTests to the patch and also fixed some style issues.

WebKit Review Bot

Comment 8 2011-12-30 11:40:08 PST

Attachment 120809 [details] did not pass style-queue: Failed to run "['Tools/Scripts/check-webkit-style', '--diff-files', u'ChangeLog', u'ManualTests/crash-on-arrow-i..." exit_code: 1 Source/WebCore/editing/visible_units.cpp:619: An else should appear on the same line as the preceding } [whitespace/newline] [4] Source/WebCore/editing/visible_units.cpp:612: An else statement can be removed when the prior "if" concludes with a return, break, continue or goto statement. [readability/control_flow] [4] Source/WebCore/editing/visible_units.cpp:725: An else should appear on the same line as the preceding } [whitespace/newline] [4] Source/WebCore/editing/visible_units.cpp:718: An else statement can be removed when the prior "if" concludes with a return, break, continue or goto statement. [readability/control_flow] [4] Total errors found: 4 in 5 files If any of these errors are false positives, please file a bug against check-webkit-style.

Daniel Jalkut

Comment 9 2011-12-30 11:41:47 PST

Comment on attachment 120809 [details] Patch take two Ugh! Not running check-webkit-style myself diligently enough, obviously. Sorry about this.

Daniel Jalkut

Comment 10 2011-12-30 11:49:18 PST

Created attachment 120810 [details] Patch take three To further comply with style guidelines I just removed the else statements that set root = 0. The variable is not referenced again in the function but it was my instinct to defensively nil it.

Ryosuke Niwa

Comment 11 2011-12-30 11:58:49 PST

Comment on attachment 120810 [details] Patch take three View in context: https://bugs.webkit.org/attachment.cgi?id=120810&action=review > ManualTests/crash-on-arrow-into-empty-anchor.html:9 > +<li>Press the up or down arrow key to attempt to enter the red rectangle.</li> You should be able to automate this using getSelection().modify. r- for this. > Source/WebCore/ChangeLog:8 > + Return 0 from closestLeafChildForLogicalLeftPosition instead of crashing when a non-leaf box with no children is being asked for its leaf children. Adjust logic for callers in previousLinePosition and nextLinePosition to detect 0 response and treat the box as non-navigable. This line is way too long. Please wrap line as needed. See other entries for example. > Source/WebCore/editing/visible_units.cpp:716 > + InlineBox* leafChild = root->closestLeafChildForPoint(pointInLine, isEditablePosition(p)); > + if (leafChild) { It's odd that we can get null here. What is box in line 702 then? Is it a root inline box? We should probably check that root box as at least line leaf in line 700 immediately after pos.getInlineBoxAndOffset(DOWNSTREAM, box, ignoredCaretOffset); and fall back to return VisiblePosition(pos, DOWNSTREAM); because that's the code path we normally use for an empty block.

Daniel Jalkut

Comment 12 2011-12-30 12:55:25 PST

Thanks, I am naive about the layout tests and assumed you couldn't test crashes. I've developed a test case that uses the technique of updating the body innerHTML to a "not crashed" content. (In reply to comment #11) > > Source/WebCore/editing/visible_units.cpp:716 > > + InlineBox* leafChild = root->closestLeafChildForPoint(pointInLine, isEditablePosition(p)); > > + if (leafChild) { > > It's odd that we can get null here. What is box in line 702 then? Is it a root inline box? We should probably check that root box as at least line leaf in line 700 immediately after pos.getInlineBoxAndOffset(DOWNSTREAM, box, ignoredCaretOffset); and fall back to return VisiblePosition(pos, DOWNSTREAM); because that's the code path we normally use for an empty block. In the crashing scenario, line 702 is not reached. The root is established at line 677: if (box) { root = box->root()->nextRootBox(); // We want to skip zero height boxes. // This could happen in case it is a TrailingFloatsRootInlineBox. if (!root || !root->logicalHeight()) root = 0; } box is an InlineBox and root is established as a RootInlineBox (gdb) p box $1 = ('WebCore::InlineBox' *) 0x106d84118 (gdb) p box->root() $2 = (const 'WebCore::RootInlineBox' *) 0x106dcfef8 (gdb) p box->root()->nextRootBox() $3 = ('WebCore::RootInlineBox' *) 0x106de5648 It is this RootInlineBox that has one child, but no "leaf" children. (gdb) p root->m_firstChild $3 = ('WebCore::InlineBox' *) 0x1082d42b8 (gdb) p root->m_firstChild->isLeaf() $4 = false (gdb) p root->m_lastChild $5 = ('WebCore::InlineBox' *) 0x1082d42b8 I'm in over my head here with the box stuff, so I'm not sure how much more I can do on my own. But if you have a better idea for how to protect against this I'm happy to execute it in the patch and test it. Since the code at line 700 is never reached in this case, I'm guessing you think we should be doing some test around line 676 to see if the first getInlineBoxAndOffset() box returned is suitable for further examination?

Daniel Jalkut

Comment 13 2011-12-30 13:03:34 PST

Created attachment 120815 [details] Patch take four I modified the patch to include an automated layout test. Let me know if you think we should be pursuing another means of safeguarding against the crashing behavior.

Daniel Jalkut

Comment 14 2011-12-30 13:10:59 PST

Created attachment 120817 [details] Patch take five: amend ChangeLog to reference the automated layout test

Ryosuke Niwa

Comment 15 2011-12-30 14:37:15 PST

(In reply to comment #12) > (gdb) p box > $1 = ('WebCore::InlineBox' *) 0x106d84118 > (gdb) p box->root() > $2 = (const 'WebCore::RootInlineBox' *) 0x106dcfef8 > (gdb) p box->root()->nextRootBox() > $3 = ('WebCore::RootInlineBox' *) 0x106de5648 > > It is this RootInlineBox that has one child, but no "leaf" children. How can it have a child and not a leaf? Can you call box->showLineTreeForThis() and print out the line tree ?

Daniel Jalkut

Comment 16 2011-12-30 15:15:41 PST

(In reply to comment #15) > How can it have a child and not a leaf? Can you call box->showLineTreeForThis() and print out the line tree ? It seems that the RootInlineBox being targeted (the one that contains this pesky empty anchor node) contains only an "InlineFlowBox" which seems to have its "isLeaf()" hardcoded to false. I tried changing the implementation of isLeaf to return true if it has no children, but that seemed to cause logic problems elsewhere. (gdb) call (void) box->showLineTreeForThis() RenderBlock 0x10919b2d8 P 0x10d954c30 RootInlineBox 0x10911d638 RenderBlock 0x10919b2d8 InlineTextBox 0x1091c4ed8 RenderText 0x109181a88 (0,74) "Click to place the editing cursor anywhere on this line ... then click the" RootInlineBox 0x1091c45d8 RenderBlock 0x10919b2d8 * InlineTextBox 0x1091d7998 RenderText 0x109181a88 (75,86) "down arrow." InlineTextBox 0x10dc04398 RenderBR 0x1091a92f8 (0,1) "\n" RootInlineBox 0x10911a9e8 RenderBlock 0x10919b2d8 InlineFlowBox 0x1091de488 RenderInline 0x1091849a8 (gdb) p root $7 = ('WebCore::RootInlineBox' *) 0x10911a9e8 (gdb) p root->isLeaf() $8 = false (gdb) p root->m_firstChild->isLeaf() $9 = false

Ryosuke Niwa

Comment 17 2011-12-30 22:22:50 PST

(In reply to comment #16) > (In reply to comment #15) > > How can it have a child and not a leaf? Can you call box->showLineTreeForThis() and print out the line tree ? > > It seems that the RootInlineBox being targeted (the one that contains this pesky empty anchor node) contains only an "InlineFlowBox" which seems to have its "isLeaf()" hardcoded to false. I tried changing the implementation of isLeaf to return true if it has no children, but that seemed to cause logic problems elsewhere. Okay. Thanks for the clarification. I think we need to deal it around line 677 and add a similar bail out as line 706: return VisiblePosition(pos, DOWNSTREAM);. Also, I'd like to see a test case where we have some contents after the anchor. I bet your current patch won't work as expected in such case.

Daniel Jalkut

Comment 18 2011-12-31 05:26:26 PST

(In reply to comment #17) > Okay. Thanks for the clarification. I think we need to deal it around line 677 and add a similar bail out as line 706: return VisiblePosition(pos, DOWNSTREAM);. > > Also, I'd like to see a test case where we have some contents after the anchor. I bet your current patch won't work as expected in such case. Can you give me some advice for how I could test the box and its children for this situation? Should it literally look for a "no leaf children" situation or is there a higher-level test of the found root that makes more sense? I'm still very shaky on the box classes and only know a little from poking around at this bug. I will amend the test case to have content on the bottom, too. I actually tested this manually to make sure that up-arrowing (which also crashed) is fixed as well. In the scenario where there is content on the other side of the anchor (another line), my patch does still prevent the crash, and the selection ends up at the end of the anchor line, where further arrowing will continue moving the cursor to the good line of content that follows. Sample source for this which I will be incorporating into the test case: <div contentEditable="true"> Click to place the editing cursor anywhere on this line ... then click the down arrow.<br /> <a style="background-color:red; padding-left:200px;"></a><br /> Or click here, then click the up arrow. </div>

Ryosuke Niwa

Comment 19 2012-05-01 20:30:39 PDT

This crash no longer reproduces for me.

Daniel Jalkut

Comment 20 2012-05-01 20:35:32 PDT

I also am not able to reproduce the crash using Safari Beta Preview or WebKit nightly. Thanks!

Note You need to log in before you can comment on or make changes to this bug.