Bug 8677
| Summary: | REGRESSION: wkSetUpFontCache() may be called before the SPIs are connected. | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Rosyna <webkit-bugs> |
| Component: | Platform | Assignee: | Darin Adler <darin> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | darin |
| Priority: | P1 | Keywords: | EasyFix, Regression |
| Version: | 420+ | ||
| Hardware: | Mac | ||
| OS: | OS X 10.4 | ||
Rosyna
If a menu (such as the bookmarks menu) is opened before a WebViewFrame is created, then wkSetUpFontCache will be a NULL pointer. As the menu rendering calls +[WebStringTruncator centerTruncateString:toWidth:] which then calls +[WebTextRendererFactory sharedFactory] the wkSetUpFontCache pointer won't have a chance to be "connected" and thus will cause a crash.
Thread 0 Crashed:
0 <<00000000>> 0x00000000 0 + 0
1 com.apple.WebCore 0x01b19068 +[WebTextRendererFactory sharedFactory] + 124 (WebTextRendererFactory.mm:236)
2 com.apple.WebCore 0x01b0f404 truncateString(NSString*, float, NSFont*, unsigned (*)(NSString*, unsigned, unsigned, unsigned short*)) + 520 (WebCoreStringTruncator.mm:119)
3 com.apple.WebCore 0x01b0fa34 +[WebCoreStringTruncator centerTruncateString:toWidth:] + 72 (WebCoreStringTruncator.mm:207)
4 com.apple.WebKit 0x00319448 +[WebStringTruncator centerTruncateString:toWidth:] + 92 (WebStringTruncator.m:37)
5 com.apple.Safari 0x00012948 0x1000 + 72008
6 com.apple.Safari 0x00049344 0x1000 + 295748
7 com.apple.Safari 0x00049fd0 0x1000 + 298960
8 com.apple.Safari 0x00049448 0x1000 + 296008
9 com.apple.Safari 0x00049fd0 0x1000 + 298960
10 com.apple.Safari 0x00049f18 0x1000 + 298776
11 com.apple.Safari 0x00049d5c 0x1000 + 298332
12 com.apple.Safari 0x00049c44 0x1000 + 298052
13 com.apple.AppKit 0x93818dac -[NSMenu _populate:] + 120
14 com.apple.AppKit 0x93818990 AppKitMenuEventHandler + 512
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Darin Adler
Hyatt has a fix for this on his machine. We just need to set up the connection in the "WebStringTruncator" APIs.
Darin Adler
I'm not sure this bug can be reproduced without some kind of hack installed in Safari. As far as I know, normally there's no way to bring up the Bookmarks menu before the first WebFrameView is created.
Rosyna
In certain circumstances it is possible to reproduce this with accessibility.
Although I wonder if that matters since this is both a regression and "easy fix". Especially since hyatt has the fix already.
But I ultimately wonder why the menus are using WebStringTruncator at all.