I believe this is a bug in how simulated events are constructed. The PassRefPtr with the underlying event is included as an argument for the mouse down, up, and click events. But the PassRefPtr loses its underlying pointer after the first simulated mouse down event because it gets assigned to that event's private m_underlyingEvent variable. We therefore send NULL to the other events.
<rdar://problem/12716331>
Created attachment 174630 [details] Patch
Please follow the advice of <http://www.webkit.org/coding/RefPtr.html> and rename the function parameter prpUnderlyingEvent, and transfer to a RefPtr with the old name at the beginning of the function.
(In reply to comment #3) > Please follow the advice of <http://www.webkit.org/coding/RefPtr.html> and rename the function parameter prpUnderlyingEvent, and transfer to a RefPtr with the old name at the beginning of the function. Yay! Idioms!!!
Comment on attachment 174630 [details] Patch Yay idioms! (do the prp thing)
A better solution (and one you should use) would be to change the argument type form PassRefPtr to a plain pointer.
(In reply to comment #6) > A better solution (and one you should use) would be to change the argument type form PassRefPtr to a plain pointer. Great point - ownership (a reference) is not actually being passed in this case, and the arguments to the 3 callees are all plain ptrs.
Created attachment 174711 [details] Patch
Comment on attachment 174711 [details] Patch Please do use plain pointers.
Created attachment 174736 [details] Patch
Committed 134995: http://trac.webkit.org/changeset/134995
Comment on attachment 174736 [details] Patch Attachment 174736 [details] did not pass chromium-ews (chromium-xvfb): Output: http://queues.webkit.org/results/14878003
Chromium fix in r135000.