Bug 97395
| Summary: | Crash in SearchFieldCancelButtonElement::defaultEventHandler() | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Simon Fraser (smfr) <simon.fraser> |
| Component: | Forms | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | enrica, jonlee, xiaobwang |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| URL: | http://build.webkit.org/results/Apple%20Lion%20Release%20WK1%20(Tests)/r129308%20(3893)/fast/forms/search-delete-while-cancel-button-clicked-crash-log.txt | ||
Simon Fraser (smfr)
fast/forms/search-delete-while-cancel-button-clicked.html sometimes crashes:
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
VM Regions Near 0:
-->
__TEXT 000000010c6e6000-000000010c745000 [ 380K] r-x/rwx SM=COW /Volumes/VOLUME/*
Application Specific Information:
objc[89372]: garbage collection is OFF
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x000000010dc402ea WebCore::SearchFieldCancelButtonElement::defaultEventHandler(WebCore::Event*) + 42 (TextControlInnerElements.cpp:200)
1 com.apple.WebCore 0x000000010d319291 WebCore::EventDispatcher::dispatchEventPostProcess(WTF::PassRefPtr<WebCore::Event>, void*) + 241 (PassRefPtr.h:77)
2 com.apple.WebCore 0x000000010d31901e WebCore::EventDispatcher::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 1118 (EventDispatcher.cpp:263)
3 com.apple.WebCore 0x000000010d8d65f0 WebCore::MouseEventDispatchMediator::dispatchEvent(WebCore::EventDispatcher*) const + 176 (MouseEvent.cpp:238)
4 com.apple.WebCore 0x000000010d317861 WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::EventDispatchMediator>) + 129 (EventDispatcher.cpp:129)
5 com.apple.WebCore 0x000000010d8e9b8c WebCore::Node::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WTF::AtomicString const&, int, WebCore::Node*) + 124 (Node.cpp:2608)
6 com.apple.WebCore 0x000000010d320d4f WebCore::EventHandler::updateMouseEventTargetNode(WebCore::Node*, WebCore::PlatformMouseEvent const&, bool) + 1535 (RefPtr.h:70)
7 com.apple.WebCore 0x000000010d31f8c8 WebCore::EventHandler::dispatchMouseEvent(WTF::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 72 (RefPtr.h:70)
8 com.apple.WebCore 0x000000010d31f511 WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 1409 (EventHandler.cpp:1574)
9 com.apple.WebCore 0x000000010d3268d9 WebCore::EventHandler::mouseDown(NSEvent*) + 89 (EventHandlerMac.mm:474)
10 com.apple.WebKit 0x000000010cd673a9 -[WebHTMLView mouseDown:] + 393 (WebHTMLView.mm:3596)
11 DumpRenderTree 0x000000010c6f7c22 -[EventSendingController mouseDown:withModifiers:] + 423 (EventSendingController.mm:340)
12 com.apple.CoreFoundation 0x00007fff8b64defc __invoking___ + 140
13 com.apple.CoreFoundation 0x00007fff8b64dd94 -[NSInvocation invoke] + 132
14 com.apple.WebCore 0x000000010d8f55fa JSC::Bindings::ObjcInstance::invokeObjcMethod(JSC::ExecState*, JSC::Bindings::ObjcMethod*) + 1050 (objc_instance.mm:326)
15 com.apple.WebCore 0x000000010d8f51bd JSC::Bindings::ObjcInstance::invokeMethod(JSC::ExecState*, JSC::RuntimeMethod*) + 237 (objc_instance.mm:235)
16 com.apple.WebCore 0x000000010daa7790 _ZN3JSCL17callRuntimeMethodEPNS_9ExecStateE + 224 (runtime_method.cpp:128)
17 com.apple.JavaScriptCore 0x000000010ca85e28 JSC::LLInt::setUpCall(JSC::ExecState*, JSC::Instruction*, JSC::CodeSpecializationKind, JSC::JSValue, JSC::LLIntCallLinkInfo*) + 168 (LLIntSlowPaths.cpp:1313)
18 com.apple.JavaScriptCore 0x000000010ca84664 llint_slow_path_call + 116 (LLIntSlowPaths.cpp:1420)
19 com.apple.JavaScriptCore 0x000000010ca89cd0 llint_op_call + 169
20 com.apple.JavaScriptCore 0x000000010c934a20 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 992 (JITCode.h:134)
21 com.apple.JavaScriptCore 0x000000010c8831a2 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 66 (CallData.cpp:40)
22 com.apple.WebCore 0x000000010daab08e WebCore::ScheduledAction::executeFunctionInContext(JSC::JSGlobalObject*, JSC::JSValue, WebCore::ScriptExecutionContext*) + 510 (JSMainThreadExecState.h:56)
23 com.apple.WebCore 0x000000010daaacac WebCore::ScheduledAction::execute(WebCore::Document*) + 156 (ScheduledAction.cpp:137)
24 com.apple.WebCore 0x000000010d2cdc16 WebCore::DOMTimer::fired() + 342 (InspectorInstrumentation.h:264)
25 com.apple.WebCore 0x000000010dc5c224 WebCore::ThreadTimers::sharedTimerFiredInternal() + 148 (ThreadTimers.cpp:118)
26 com.apple.WebCore 0x000000010daedc83 _ZN7WebCoreL10timerFiredEP16__CFRunLoopTimerPv + 51 (SharedTimerMac.mm:167)
27 com.apple.CoreFoundation 0x00007fff8b610934 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
28 com.apple.CoreFoundation 0x00007fff8b610486 __CFRunLoopDoTimer + 534
29 com.apple.CoreFoundation 0x00007fff8b5f0e11 __CFRunLoopRun + 1617
30 com.apple.CoreFoundation 0x00007fff8b5f0486 CFRunLoopRunSpecific + 230
31 com.apple.Foundation 0x00007fff884baf7b -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 267
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Proskuryakov
Bug 103592 has a fix.
Xiaobo Wang
Bug 103592 has been fixed, please check if it fix your crash too.