Bug 78577

Summary: REGRESSION (r107568-r107627): Crash when copying in WebCore::SharedBuffer::hasPlatformData()
Product: WebKit Reporter: Kevin M. Dean <kevin>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Critical CC: ap, dimitris.apostolou, enrica, simon.fraser
Priority: P1 Keywords: Regression
Version: 528+ (Nightly build)   
Hardware: Mac (Intel)   
OS: OS X 10.7   
URL: http://nightly.webkit.org/
Attachments:
Description Flags
Patch mitz: review+

Kevin M. Dean
Reported 2012-02-13 23:07:41 PST
Seems selecting text on any web page and then copying via Command-C or the contextual menu causes the Web Process to crash. So for example on the nightly page, I double click February... Command-C... crash. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x0000000108884cf4 WebCore::SharedBuffer::hasPlatformData() const + 4 1 com.apple.WebCore 0x00000001088844c1 WebCore::SharedBuffer::size() const + 17 2 com.apple.WebCore 0x0000000108884ec4 -[WebCoreSharedBufferData length] + 20 3 com.apple.CoreFoundation 0x00007fff971fb7f6 CFDataGetLength + 118 4 com.apple.CoreFoundation 0x00007fff972ba619 __CFPasteboardSetData + 57 5 com.apple.CoreFoundation 0x00007fff972ba578 CFPasteboardSetData + 456 6 com.apple.AppKit 0x00007fff93f8cc54 -[NSPasteboard _setData:forType:index:usesPboardTypes:] + 369 7 com.apple.AppKit 0x00007fff93f89b33 -[NSPasteboard setData:forType:] + 86 8 com.apple.WebKit2 0x0000000107956227 WebKit::WebPlatformStrategies::setBufferForType(WTF::PassRefPtr<WebCore::SharedBuffer>, WTF::String const&, WTF::String const&) + 63 9 com.apple.WebCore 0x00000001086e9b5c WebCore::Pasteboard::writeSelectionForTypes(WTF::Vector<WTF::String, 0ul> const&, WebCore::Range*, bool, WebCore::Frame*) + 5308 10 com.apple.WebCore 0x00000001086ea06f WebCore::Pasteboard::writeSelection(WebCore::Range*, bool, WebCore::Frame*) + 63 11 com.apple.WebCore 0x0000000108159f6c WebCore::Editor::copy() + 540 12 com.apple.WebCore 0x0000000107f65508 WebCore::ContextMenuController::contextMenuItemSelected(WebCore::ContextMenuItem*) + 856 13 com.apple.WebKit2 0x00000001078f9adc WebKit::WebContextMenu::itemSelected(WebKit::WebContextMenuItemData const&) + 58 14 com.apple.WebKit2 0x000000010792b05c WebKit::WebPage::didSelectItemFromActiveContextMenu(WebKit::WebContextMenuItemData const&) + 26 15 com.apple.WebKit2 0x00000001079366f2 void CoreIPC::handleMessage<Messages::WebPage::DidSelectItemFromActiveContextMenu, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebContextMenuItemData const&)>(CoreIPC::ArgumentDecoder*, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebContextMenuItemData const&)) + 83 16 com.apple.WebKit2 0x00000001078f0389 WebKit::WebConnectionToUIProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) + 179 17 com.apple.WebKit2 0x0000000107894da9 CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) + 175 18 com.apple.WebKit2 0x00000001078962b5 CoreIPC::Connection::dispatchMessages() + 147 19 com.apple.WebCore 0x0000000108846849 WebCore::RunLoop::performWork() + 89 20 com.apple.WebCore 0x0000000108845fe7 WebCore::RunLoop::performWork(void*) + 71 21 com.apple.CoreFoundation 0x00007fff971f76e1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 22 com.apple.CoreFoundation 0x00007fff971f6f4d __CFRunLoopDoSources0 + 253 23 com.apple.CoreFoundation 0x00007fff9721dd39 __CFRunLoopRun + 905 24 com.apple.CoreFoundation 0x00007fff9721d676 CFRunLoopRunSpecific + 230 25 com.apple.HIToolbox 0x00007fff8c29931f RunCurrentEventLoopInMode + 277 26 com.apple.HIToolbox 0x00007fff8c2a05c9 ReceiveNextEventCommon + 355 27 com.apple.HIToolbox 0x00007fff8c2a0456 BlockUntilNextEventMatchingListInMode + 62 28 com.apple.AppKit 0x00007fff93a93f5d _DPSNextEvent + 659 29 com.apple.AppKit 0x00007fff93a93861 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135 30 com.apple.AppKit 0x00007fff93a9019d -[NSApplication run] + 470 31 com.apple.WebCore 0x000000010884628f WebCore::RunLoop::run() + 63 32 com.apple.WebKit2 0x0000000107968376 WebKit::WebProcessMain(WebKit::CommandLine const&) + 2538 33 com.apple.WebKit2 0x000000010791e64f WebKitMain + 285 34 com.apple.WebProcess 0x000000010784fe5f main + 219 35 com.apple.WebProcess 0x000000010784fd7c start + 52
Attachments
Patch (1.48 KB, patch)
2012-02-14 16:25 PST, Enrica Casucci 		mitz: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2012-02-14 11:14:38 PST
*** Bug 78618 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 2 2012-02-14 11:15:36 PST
<rdar://problem/10859018>
Enrica Casucci
Comment 3 2012-02-14 11:41:43 PST
I'm looking into it now.
Enrica Casucci
Comment 4 2012-02-14 12:18:48 PST
I have a fix.
Enrica Casucci
Comment 5 2012-02-14 16:25:41 PST
Created attachment 127073 [details] Patch
Enrica Casucci
Comment 6 2012-02-14 16:36:40 PST
http://trac.webkit.org/changeset/107753
Mark Rowe (bdash)
Comment 7 2012-02-15 00:53:01 PST
*** Bug 78670 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.