RESOLVED FIXED 104058
Crash on OS X when shift clicking outside of input 
https://bugs.webkit.org/show_bug.cgi?id=104058
Summary Crash on OS X when shift clicking outside of input
Mark Kristensson
Reported 2012-12-04 16:20:21 PST
Open the URL above in either Chrome or Safari on OS X and double click on one of the populated cells (to enter edit mode - think spreadsheet). Then, shift-click into another cell and the browser crashes. Our web application (Smartsheet) leaves the DOM in a perfectly valid state and this works just as expected on FF (any OS) as well as Chrome and IE on Windows. The browser crashes even before a mousedown JS event is triggered, so there is no way for our web application to work around this bug. We have tried to recreate a simplified scenario with minimal HTML, but (so far) have been unable to do so.
Attachments
proposal fix (4.31 KB, patch)
2013-04-18 23:27 PDT, Yi Shen 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2012-12-05 11:57:53 PST
Crashes both Safari 6.0.2 and ToT. <rdar://problem/12279599>
Kent Tamura
Comment 2 2012-12-05 20:36:22 PST
Stack in Google Chrome 23: Thread 0 *CRASHED* ( EXC_BAD_ACCESS / KERN_PROTECTION_FAILURE @ 0x00000014 ) 0x01e9231a [Google Chrome Framework] - ../dom/Node.h:752] WebCore::textDistance 0x01e921b8 [Google Chrome Framework] - EventHandler.cpp:547] WebCore::EventHandler::handleMousePressEventSingleClick 0x01e925fb [Google Chrome Framework] - EventHandler.cpp:642] WebCore::EventHandler::handleMousePressEvent 0x01e9552f [Google Chrome Framework] - EventHandler.cpp:1615] WebCore::EventHandler::handleMousePressEvent 0x013a14e8 [Google Chrome Framework] - PageWidgetDelegate.cpp:207] WebKit::PageWidgetEventHandler::handleMouseDown 0x013e4561 [Google Chrome Framework] - WebViewImpl.cpp:558] WebKit::WebViewImpl::handleMouseDown
Brian Harper
Comment 3 2013-02-26 09:33:21 PST
Why was this downgraded from Critical to Normal? It's a crashing bug, and has a severe impact for our customers using Macs. They will lose any unsaved data from our app when the crash occurs. I understand that the circumstances aren't all that common in terms of the entire browser audience, but they're not uncommon for our tens of thousands of paying customers, as we've had several reports to our support personnel regarding this.
Alexey Proskuryakov
Comment 4 2013-02-26 10:09:17 PST
The bug was upgraded from P2 to P1, being a reproducible crasher. I don't know of any WebKit engineers who prioritize bugs based on them being marked Critical.
Yi Shen
Comment 5 2013-04-18 14:48:47 PDT
I will try to fix it.
Yi Shen
Comment 6 2013-04-18 23:27:46 PDT
Created attachment 198809 [details] proposal fix
Chang Shu
Comment 7 2013-04-22 10:19:29 PDT
Comment on attachment 198809 [details] proposal fix LGTM. Maybe it's better to mention the original test case was fixed by this patch, too, in the ChangeLog.
WebKit Commit Bot
Comment 8 2013-04-22 10:53:49 PDT
The commit-queue encountered the following flaky tests while processing attachment 198809 [details]: svg/as-image/img-relative-height.html bug 114140 (author: zimmermann@kde.org) The commit-queue is continuing to process your patch.
WebKit Commit Bot
Comment 9 2013-04-22 10:55:15 PDT
Comment on attachment 198809 [details] proposal fix Clearing flags on attachment: 198809 Committed r148894: <http://trac.webkit.org/changeset/148894>
WebKit Commit Bot
Comment 10 2013-04-22 10:55:17 PDT
All reviewed patches have been landed. Closing bug.
Antonio Gomes
Comment 11 2016-03-07 12:03:26 PST
*** Bug 114745 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.