Bug 78577

Summary:

REGRESSION (r107568-r107627): Crash when copying in WebCore::SharedBuffer::hasPlatformData()

Product:

WebKit

Reporter:

Kevin M. Dean <kevin>

Component:

WebCore Misc.

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Critical

CC:

ap, dimitris.apostolou, enrica, simon.fraser

Priority:

Keywords:

Regression

Version:

528+ (Nightly build)

Hardware:

Mac (Intel)

OS:

OS X 10.7

URL:

http://nightly.webkit.org/

Attachments:

Description	Flags
Patch	mitz: review+

Description Kevin M. Dean 2012-02-13 23:07:41 PST

Seems selecting text on any web page and then copying via Command-C or the contextual menu causes the Web Process to crash. So for example on the nightly page, I double click February... Command-C... crash.

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x0000000108884cf4 WebCore::SharedBuffer::hasPlatformData() const + 4
1   com.apple.WebCore             	0x00000001088844c1 WebCore::SharedBuffer::size() const + 17
2   com.apple.WebCore             	0x0000000108884ec4 -[WebCoreSharedBufferData length] + 20
3   com.apple.CoreFoundation      	0x00007fff971fb7f6 CFDataGetLength + 118
4   com.apple.CoreFoundation      	0x00007fff972ba619 __CFPasteboardSetData + 57
5   com.apple.CoreFoundation      	0x00007fff972ba578 CFPasteboardSetData + 456
6   com.apple.AppKit              	0x00007fff93f8cc54 -[NSPasteboard _setData:forType:index:usesPboardTypes:] + 369
7   com.apple.AppKit              	0x00007fff93f89b33 -[NSPasteboard setData:forType:] + 86
8   com.apple.WebKit2             	0x0000000107956227 WebKit::WebPlatformStrategies::setBufferForType(WTF::PassRefPtr<WebCore::SharedBuffer>, WTF::String const&, WTF::String const&) + 63
9   com.apple.WebCore             	0x00000001086e9b5c WebCore::Pasteboard::writeSelectionForTypes(WTF::Vector<WTF::String, 0ul> const&, WebCore::Range*, bool, WebCore::Frame*) + 5308
10  com.apple.WebCore             	0x00000001086ea06f WebCore::Pasteboard::writeSelection(WebCore::Range*, bool, WebCore::Frame*) + 63
11  com.apple.WebCore             	0x0000000108159f6c WebCore::Editor::copy() + 540
12  com.apple.WebCore             	0x0000000107f65508 WebCore::ContextMenuController::contextMenuItemSelected(WebCore::ContextMenuItem*) + 856
13  com.apple.WebKit2             	0x00000001078f9adc WebKit::WebContextMenu::itemSelected(WebKit::WebContextMenuItemData const&) + 58
14  com.apple.WebKit2             	0x000000010792b05c WebKit::WebPage::didSelectItemFromActiveContextMenu(WebKit::WebContextMenuItemData const&) + 26
15  com.apple.WebKit2             	0x00000001079366f2 void CoreIPC::handleMessage<Messages::WebPage::DidSelectItemFromActiveContextMenu, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebContextMenuItemData const&)>(CoreIPC::ArgumentDecoder*, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebContextMenuItemData const&)) + 83
16  com.apple.WebKit2             	0x00000001078f0389 WebKit::WebConnectionToUIProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) + 179
17  com.apple.WebKit2             	0x0000000107894da9 CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) + 175
18  com.apple.WebKit2             	0x00000001078962b5 CoreIPC::Connection::dispatchMessages() + 147
19  com.apple.WebCore             	0x0000000108846849 WebCore::RunLoop::performWork() + 89
20  com.apple.WebCore             	0x0000000108845fe7 WebCore::RunLoop::performWork(void*) + 71
21  com.apple.CoreFoundation      	0x00007fff971f76e1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
22  com.apple.CoreFoundation      	0x00007fff971f6f4d __CFRunLoopDoSources0 + 253
23  com.apple.CoreFoundation      	0x00007fff9721dd39 __CFRunLoopRun + 905
24  com.apple.CoreFoundation      	0x00007fff9721d676 CFRunLoopRunSpecific + 230
25  com.apple.HIToolbox           	0x00007fff8c29931f RunCurrentEventLoopInMode + 277
26  com.apple.HIToolbox           	0x00007fff8c2a05c9 ReceiveNextEventCommon + 355
27  com.apple.HIToolbox           	0x00007fff8c2a0456 BlockUntilNextEventMatchingListInMode + 62
28  com.apple.AppKit              	0x00007fff93a93f5d _DPSNextEvent + 659
29  com.apple.AppKit              	0x00007fff93a93861 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135
30  com.apple.AppKit              	0x00007fff93a9019d -[NSApplication run] + 470
31  com.apple.WebCore             	0x000000010884628f WebCore::RunLoop::run() + 63
32  com.apple.WebKit2             	0x0000000107968376 WebKit::WebProcessMain(WebKit::CommandLine const&) + 2538
33  com.apple.WebKit2             	0x000000010791e64f WebKitMain + 285
34  com.apple.WebProcess          	0x000000010784fe5f main + 219
35  com.apple.WebProcess          	0x000000010784fd7c start + 52

Comment 1 Alexey Proskuryakov 2012-02-14 11:14:38 PST

*** Bug 78618 has been marked as a duplicate of this bug. ***

Comment 2 Alexey Proskuryakov 2012-02-14 11:15:36 PST

<rdar://problem/10859018>

Comment 3 Enrica Casucci 2012-02-14 11:41:43 PST

I'm looking into it now.

Comment 4 Enrica Casucci 2012-02-14 12:18:48 PST

I have a fix.

Comment 5 Enrica Casucci 2012-02-14 16:25:41 PST

Created attachment 127073 [details]
Patch

Comment 6 Enrica Casucci 2012-02-14 16:36:40 PST

http://trac.webkit.org/changeset/107753

Comment 7 Mark Rowe (bdash) 2012-02-15 00:53:01 PST

*** Bug 78670 has been marked as a duplicate of this bug. ***