I have an example where "-webkit-user-select: none;" interacts with a shift-click and crashes the browser (Webkit or Safari or Chrome). This happens if a focussed input field is deleted, and a subsequent shift-click is performed (normally a shift-click would select all text up to the cursor) Steps to reproduce: 1. Open the attached html file in Webkit/Safari/Chrome, or use the html below 2. Click in the input field to give it focus 3. Press any key (this event will remove the input element) 4. SHIFT + click anywhere in the window VERSIONS: Webkit 6.0.4 (8536.29.13, 537+), Chrome 28.0.1481.0 canary, Chrome 26.0.1410.65 PLATFORM: Mac OS: OS X 10.8.3 <!DOCTYPE html> <html > <head> <style type="text/css"> body { -webkit-user-select: none; } </style> </head> <body> 1. Click here to focus -> <input id="a"/><br/> 2. Press any key (the input will be deleted)<br/> 3. SHIFT + click anywhere<br/> <script type="text/javascript"> var a = document.getElementById('a'); a.addEventListener('keyup', function(event) { document.body.removeChild(a); }, false); </script> </body>
Created attachment 198545 [details] HTML file that produces crash
I discovered that if I do a.blur(); before document.body.removeChild(a); then the crash is avoided.
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010a7d25e4 WebCore::textDistance(WebCore::Position const&, WebCore::Position const&) + 20 (Node.h:474) 1 com.apple.WebCore 0x000000010a7d2514 WebCore::EventHandler::handleMousePressEventSingleClick(WebCore::MouseEventWithHitTestResults const&) + 2132 (EventHandler.cpp:615) 2 com.apple.WebCore 0x000000010a7d2a0c WebCore::EventHandler::handleMousePressEvent(WebCore::MouseEventWithHitTestResults const&) + 604 (EventHandler.cpp:717) 3 com.apple.WebCore 0x000000010a7d61a4 WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 2388 (EventHandler.cpp:1642) 4 com.apple.WebKit2 0x0000000109a34bae WebKit::handleMouseEvent(WebKit::WebMouseEvent const&, WebKit::WebPage*, bool) + 214 (WebPage.cpp:1552) 5 com.apple.WebKit2 0x0000000109a34aa6 WebKit::WebPage::mouseEvent(WebKit::WebMouseEvent const&) + 164 (WebPage.cpp:1498) 6 com.apple.WebKit2 0x0000000109a48516 void CoreIPC::handleMessage<Messages::WebPage::MouseEvent, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)>(CoreIPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)) + 83 (HandleMessage.h:347) 7 com.apple.WebKit2 0x0000000109a45f96 WebKit::WebPage::didReceiveWebPageMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 1298 (WebPageMessageReceiver.cpp:130) 8 com.apple.WebKit2 0x00000001099829aa CoreIPC::MessageReceiverMap::dispatchMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 132 (MessageReceiverMap.cpp:86) 9 com.apple.WebKit2 0x0000000109a832a4 WebKit::WebProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageDecoder&) + 28 (WebProcess.cpp:606) 10 com.apple.WebKit2 0x0000000109958149 CoreIPC::Connection::dispatchMessage(WTF::PassOwnPtr<CoreIPC::MessageDecoder>) + 101 (ArgumentDecoder.h:47) 11 com.apple.WebKit2 0x0000000109959d74 CoreIPC::Connection::dispatchOneMessage() + 106 (PassOwnPtr.h:56) 12 com.apple.WebCore 0x000000010b0191bf WebCore::RunLoop::performWork() + 159 (RunLoop.cpp:93) 13 com.apple.WebCore 0x000000010b01984f WebCore::RunLoop::performWork(void*) + 63 (RunLoopCF.cpp:67) 14 com.apple.CoreFoundation 0x00007fff81ee7b31 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 15 com.apple.CoreFoundation 0x00007fff81ee7455 __CFRunLoopDoSources0 + 245 16 com.apple.CoreFoundation 0x00007fff81f0a7f5 __CFRunLoopRun + 789 17 com.apple.CoreFoundation 0x00007fff81f0a0e2 CFRunLoopRunSpecific + 290 18 com.apple.HIToolbox 0x00007fff87571eb4 RunCurrentEventLoopInMode + 209 19 com.apple.HIToolbox 0x00007fff87571c52 ReceiveNextEventCommon + 356 20 com.apple.HIToolbox 0x00007fff87571ae3 BlockUntilNextEventMatchingListInMode + 62 21 com.apple.AppKit 0x00007fff8c720563 _DPSNextEvent + 685 22 com.apple.AppKit 0x00007fff8c71fe22 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 23 com.apple.AppKit 0x00007fff8c7171d3 -[NSApplication run] + 517 24 com.apple.WebCore 0x000000010b019e2c WebCore::RunLoop::run() + 76 (RunLoopMac.mm:43) 25 com.apple.WebKit2 0x00000001099f1bec int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebContentProcessMainDelegate>(int, char**) + 702 (ChildProcessEntryPoint.h:100) 26 com.apple.WebProcess 0x000000010990edf7 main + 228 (ChildProcessMain.mm:73) 27 libdyld.dylib 0x00007fff823177e1 start + 1
<rdar://problem/12279599>
All crashes are P1.
This isn’t fixed in bug 104058, is it? For Apple employees, see also: <rdar://problem/8533388>, <rdar://problem/12279599>.
(In reply to comment #6) > This isn’t fixed in bug 104058, is it? > > For Apple employees, see also: <rdar://problem/8533388>, > <rdar://problem/12279599>. I cam across this while looking into something else, but it does look like this isn't an issue anymore. Any reason it shouldn't be closed?
(In reply to comment #6) > This isn’t fixed in bug 104058, is it? > > For Apple employees, see also: <rdar://problem/8533388>, > <rdar://problem/12279599>. Yes. *** This bug has been marked as a duplicate of bug 104058 ***