13605 – REGRESSION: Browser crashes when switching Kotoeri input modes

Bug 13605 - REGRESSION: Browser crashes when switching Kotoeri input modes

Summary: REGRESSION: Browser crashes when switching Kotoeri input modes

Status:	CLOSED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Text (show other bugs)
Version:	523.x (Safari 3)
Hardware:	Mac (Intel) OS X 10.4

Importance:	P2 Normal
Assignee:	Alexey Proskuryakov

URL:
Keywords:

Depends on:
Blocks:

Reported:	2007-05-06 11:31 PDT by Daniel Acosta
Modified:	2009-06-29 12:39 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
Crash report (23.63 KB, text/plain) 2007-05-08 06:01 PDT, Daniel Acosta	no flags	Details
test case (DRT-only) (640 bytes, text/html) 2007-05-11 11:11 PDT, Alexey Proskuryakov	no flags	Details
add a null check (3.86 KB, patch) 2007-05-26 06:55 PDT, Alexey Proskuryakov	darin: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Daniel Acosta 2007-05-06 11:31:02 PDT

At www.freetranslation.com every time I try to input japanese (i just switch to hiragana and start typing) the browser stops responding and crashes, this doesnt happen in Safari 2.0.4, i guess its a regression.

Comment 1 Alexey Proskuryakov 2007-05-06 22:44:24 PDT

I cannot reproduce this issue.

Does this also happen on other sites (for example, on www.google.com or http://bugs.webkit.org)?

Could you please attach a complete crash report (the text that appears after you click "Report to Apple" button)?

Comment 2 Daniel Acosta 2007-05-07 13:03:39 PDT

(In reply to comment #1)
> I cannot reproduce this issue.
> 
> Does this also happen on other sites (for example, on www.google.com or
> http://bugs.webkit.org)?
> 
> Could you please attach a complete crash report (the text that appears after
> you click "Report to Apple" button)?
> 

It indeed happens at every website, but only at forms... the search box and address bar work perfectly, I'm using the standard Kotoeri input built on Mac OS, here's the crash report (i've sent it in to Apple already a couple of times)... i have the Inquisitor plugin installed but i don't really think the problem is related to it.

Date/Time:      2007-05-07 15:44:01.797 -0400
OS Version:     10.4.9 (Build 8P2137)
Report Version: 4

Command: Safari
Path:    /Applications/Safari.app/Contents/MacOS/Safari
Parent:  WindowServer [62]

Version: ??? (21272)

PID:    894
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x0000000c

Thread 0 Crashed:
0   com.apple.WebCore              	0x0102153d WebCore::Range::startPosition() const + 13
1   com.apple.WebCore              	0x011c0974 WebCore::Selection::Selection[in-charge](WebCore::Range const*, WebCore::EAffinity) + 36
2   com.apple.WebCore              	0x010ce556 -[WebCoreFrameBridge selectNSRange:] + 86
3   com.apple.WebKit               	0x0033cf13 -[WebHTMLView(WebNSTextInputSupport) setMarkedText:selectedRange:] + 563
4   com.apple.AppKit               	0x936428b8 _NSTSMEventHandler + 4733
5   com.apple.HIToolbox            	0x92dd6537 DispatchEventToHandlers(EventTargetRec*, OpaqueEventRef*, HandlerCallRec*) + 1093
6   com.apple.HIToolbox            	0x92dd5bdc SendEventToEventTargetInternal(OpaqueEventRef*, OpaqueEventTargetRef*, HandlerCallRec*) + 304
7   com.apple.HIToolbox            	0x92ddcfbc SendEventToEventTarget + 56
8   com.apple.HIToolbox            	0x92efd13e SendTSMEvent + 251
9   com.apple.HIToolbox            	0x9306bb4f SendTextInputEvent + 2309
10  com.apple.Kotoeri              	0x15e1af57 KotoeriComponentDispatch + 85879
11  com.apple.Kotoeri              	0x15e1a2f9 KotoeriComponentDispatch + 82713
12  com.apple.Kotoeri              	0x15e1a034 KotoeriComponentDispatch + 82004
13  com.apple.Kotoeri              	0x15e33d05 KotoeriComponentDispatch + 187685
14  com.apple.Kotoeri              	0x15e33df6 KotoeriComponentDispatch + 187926
15  com.apple.Kotoeri              	0x15e49ff2 KotoeriComponentDispatch + 278546
16  com.apple.Kotoeri              	0x15e4a248 KotoeriComponentDispatch + 279144
17  com.apple.Kotoeri              	0x15e10a9e KotoeriComponentDispatch + 43710
18  com.apple.Kotoeri              	0x15e0ed5d KotoeriComponentDispatch + 36221
19  com.apple.Kotoeri              	0x15e0d80f KotoeriComponentDispatch + 30767
20  com.apple.Kotoeri              	0x15e0d430 KotoeriComponentDispatch + 29776
21  ...ple.CoreServices.CarbonCore 	0x90cceb13 CallComponentFunctionCommon + 513
22  com.apple.Kotoeri              	0x15e0a874 KotoeriComponentDispatch + 18580
23  com.apple.Kotoeri              	0x15e06295 KotoeriComponentDispatch + 693
24  ...ple.CoreServices.CarbonCore 	0x90cce7f8 CallComponentDispatch + 34
25  com.apple.HIToolbox            	0x9307939f TextServiceEventRef + 46
26  com.apple.HIToolbox            	0x9306b1bc TSMEventToTextService + 97
27  com.apple.HIToolbox            	0x9306b240 TSMEventToInputMethod + 74
28  com.apple.HIToolbox            	0x92efbf95 TSMKeyEvent + 560
29  com.apple.HIToolbox            	0x92eb03b7 TSMProcessRawKeyEvent + 2786
30  com.apple.AppKit               	0x9335bbff -[NSTSMInputContext interpretKeyEvents:] + 699
31  com.apple.AppKit               	0x9335b170 -[NSView interpretKeyEvents:] + 65
32  com.apple.WebKit               	0x00340748 -[WebHTMLView(WebInternal) _interceptEditingKeyEvent:shouldSaveCommand:] + 200
33  com.apple.WebKit               	0x00379a30 WebEditorClient::handleKeypress(WebCore::KeyboardEvent*) + 112
34  com.apple.WebCore              	0x01376a88 WebCore::Editor::handleKeypress(WebCore::KeyboardEvent*) + 184
35  com.apple.WebCore              	0x013c400c WebCore::EventHandler::defaultKeyboardEventHandler(WebCore::KeyboardEvent*) + 108
36  com.apple.WebCore              	0x011f24b1 WebCore::EventTargetNode::defaultEventHandler(WebCore::Event*) + 209
37  com.apple.WebCore              	0x010976e2 WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event*) + 546
38  com.apple.WebCore              	0x011f1d33 WebCore::EventTargetNode::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 739
39  com.apple.WebCore              	0x011f21a0 WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool, WebCore::EventTarget*) + 160
40  com.apple.WebCore              	0x011f226d WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 61
41  com.apple.WebCore              	0x013c4253 WebCore::EventHandler::defaultKeyboardEventHandler(WebCore::KeyboardEvent*) + 691
42  com.apple.WebCore              	0x011f24b1 WebCore::EventTargetNode::defaultEventHandler(WebCore::Event*) + 209
43  com.apple.WebCore              	0x010976e2 WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event*) + 546
44  com.apple.WebCore              	0x011f1d33 WebCore::EventTargetNode::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 739
45  com.apple.WebCore              	0x011f21a0 WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool, WebCore::EventTarget*) + 160
46  com.apple.WebCore              	0x011f226d WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 61
47  com.apple.WebCore              	0x011f25da WebCore::EventTargetNode::dispatchKeyEvent(WebCore::PlatformKeyboardEvent const&) + 122
48  com.apple.WebCore              	0x013c31ca WebCore::EventHandler::keyEvent(WebCore::PlatformKeyboardEvent const&) + 58
49  com.apple.WebCore              	0x013c1ed6 WebCore::EventHandler::keyEvent(NSEvent*) + 150
50  com.apple.WebKit               	0x00333779 -[WebHTMLView keyDown:] + 217
51  com.apple.AppKit               	0x9335abe1 -[NSWindow sendEvent:] + 7377
52  com.apple.Safari               	0x000230c6 0x1000 + 139462
53  com.apple.AppKit               	0x9334c350 -[NSApplication sendEvent:] + 5023
54  com.apple.Safari               	0x00022c56 0x1000 + 138326
55  com.apple.AppKit               	0x93276dfe -[NSApplication run] + 547
56  com.apple.AppKit               	0x9326ad2f NSApplicationMain + 573
57  com.apple.Safari               	0x0005f54a 0x1000 + 386378
58  com.apple.Safari               	0x0005f471 0x1000 + 386161

Thread 1:
0   libSystem.B.dylib              	0x90025027 semaphore_wait_signal_trap + 7
1   com.apple.Foundation           	0x9283b26c -[NSConditionLock lockWhenCondition:] + 39
2   com.apple.AppKit               	0x93354270 -[NSUIHeartBeat _heartBeatThread:] + 377
3   com.apple.Foundation           	0x927e52e0 forkThreadForFunction + 123
4   libSystem.B.dylib              	0x90024987 _pthread_body + 84

Thread 2:
0   libSystem.B.dylib              	0x9000a457 mach_msg_trap + 7
1   com.apple.CoreFoundation       	0x9082c2b3 CFRunLoopRunSpecific + 2014
2   com.apple.CoreFoundation       	0x9082bace CFRunLoopRunInMode + 61
3   com.apple.Foundation           	0x9281aa0f +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 259
4   com.apple.Foundation           	0x927e52e0 forkThreadForFunction + 123
5   libSystem.B.dylib              	0x90024987 _pthread_body + 84

Thread 3:
0   libSystem.B.dylib              	0x9000a457 mach_msg_trap + 7
1   com.apple.CoreFoundation       	0x9082c2b3 CFRunLoopRunSpecific + 2014
2   com.apple.CoreFoundation       	0x9082bace CFRunLoopRunInMode + 61
3   com.apple.Foundation           	0x92841bc2 +[NSURLCache _diskCacheSyncLoop:] + 206
4   com.apple.Foundation           	0x927e52e0 forkThreadForFunction + 123
5   libSystem.B.dylib              	0x90024987 _pthread_body + 84

Thread 4:
0   libSystem.B.dylib              	0x9001a93c select + 12
1   libSystem.B.dylib              	0x90024987 _pthread_body + 84

Thread 5:
0   libSystem.B.dylib              	0x9000a457 mach_msg_trap + 7
1   com.apple.CoreFoundation       	0x9082c2b3 CFRunLoopRunSpecific + 2014
2   com.apple.CoreFoundation       	0x9082bace CFRunLoopRunInMode + 61
3   com.apple.Foundation           	0x9281ad3a -[NSRunLoop runMode:beforeDate:] + 182
4   com.apple.Foundation           	0x9281ac36 -[NSRunLoop run] + 75
5   com.apple.Safari               	0x0003f49c 0x1000 + 255132
6   com.apple.Foundation           	0x927e52e0 forkThreadForFunction + 123
7   libSystem.B.dylib              	0x90024987 _pthread_body + 84

Thread 6:
0   libSystem.B.dylib              	0x90025027 semaphore_wait_signal_trap + 7
1   com.apple.Foundation           	0x9283b26c -[NSConditionLock lockWhenCondition:] + 39
2   com.apple.Syndication          	0x9a734966 -[AsyncDB _run:] + 181
3   com.apple.Foundation           	0x927e52e0 forkThreadForFunction + 123
4   libSystem.B.dylib              	0x90024987 _pthread_body + 84

Thread 0 crashed with X86 Thread State (32-bit):
  eax: 0x00000001  ebx: 0x010ce50b  ecx: 0x017d502c  edx: 0x00000000
  edi: 0x00000000  esi: 0xbfffd53c  ebp: 0xbfffd4d8  esp: 0xbfffd4c0
   ss: 0x0000001f  efl: 0x00010286  eip: 0x0102153d   cs: 0x00000017
   ds: 0x0000001f   es: 0x0000001f   fs: 0x00000000   gs: 0x00000037

Binary Images Description:
    0x1000 -    0xdbfff com.apple.Safari 2.0.4 (419.3)	/Applications/Safari.app/Contents/MacOS/Safari
  0x10b000 -   0x10cfff WebKitNightlyEnabler.dylib 	/Applications/WebKit.app/Contents/Resources/WebKitNightlyEnabler.dylib
  0x305000 -   0x3b2fff com.apple.WebKit 522+	/Applications/WebKit.app/Contents/Resources/WebKit.framework/Versions/A/WebKit
  0x432000 -   0x4d9fff com.apple.JavaScriptCore 522+	/Applications/WebKit.app/Contents/Resources/JavaScriptCore.framework/Versions/A/JavaScriptCore
 0x1008000 -  0x14e0fff com.apple.WebCore 522+	/Applications/WebKit.app/Contents/Resources/WebCore.framework/Versions/A/WebCore
0x13cf0000 - 0x13cf0fff org.xlife.InquisitorLoader 3.0 (40)	/Users/rha/Library/InputManagers/Inquisitor/Inquisitor.bundle/Contents/MacOS/Inquisitor
0x13cf5000 - 0x13d15fff org.xlife.InquisitorCore 3.0 (40)	/Users/rha/Library/InputManagers/Inquisitor/Inquisitor.bundle/Contents/Resources/InquisitorCore.bundle/Contents/MacOS/InquisitorCore
0x15ad7000 - 0x15ad9fff com.apple.textencoding.japanese 2.1	/System/Library/TextEncodings/Japanese Encodings.bundle/Contents/MacOS/Japanese Encodings
0x15c50000 - 0x15cc1fff com.DivXInc.DivXDecoder 6.4.0	/Library/QuickTime/DivX Decoder.component/Contents/MacOS/DivX Decoder
0x15e05000 - 0x15e59fff com.apple.Kotoeri 4.0.4	/System/Library/Components/Kotoeri.component/Contents/MacOS/Kotoeri
0x8fe00000 - 0x8fe4afff dyld 46.12	/usr/lib/dyld
0x90000000 - 0x90170fff libSystem.B.dylib 	/usr/lib/libSystem.B.dylib
0x901c0000 - 0x901c2fff libmathCommon.A.dylib 	/usr/lib/system/libmathCommon.A.dylib
0x901c4000 - 0x90201fff com.apple.CoreText 1.1.2 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText
0x90228000 - 0x902fefff ATS 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS
0x9031e000 - 0x90773fff com.apple.CoreGraphics 1.258.61 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
0x9080a000 - 0x908d2fff com.apple.CoreFoundation 6.4.7 (368.28)	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x90910000 - 0x90910fff com.apple.CoreServices 10.4 (???)	/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
0x90912000 - 0x90a05fff libicucore.A.dylib 	/usr/lib/libicucore.A.dylib
0x90a55000 - 0x90ad4fff libobjc.A.dylib 	/usr/lib/libobjc.A.dylib
0x90afd000 - 0x90b61fff libstdc++.6.dylib 	/usr/lib/libstdc++.6.dylib
0x90bd0000 - 0x90bd7fff libgcc_s.1.dylib 	/usr/lib/libgcc_s.1.dylib
0x90bdc000 - 0x90c4ffff com.apple.framework.IOKit 1.4.6 (???)	/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x90c64000 - 0x90c76fff libauto.dylib 	/usr/lib/libauto.dylib
0x90c7c000 - 0x90f22fff com.apple.CoreServices.CarbonCore 682.21	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore
0x90f65000 - 0x90fcdfff com.apple.CoreServices.OSServices 4.1	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices
0x91005000 - 0x91043fff com.apple.CFNetwork 129.20	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
0x91056000 - 0x91066fff com.apple.WebServices 1.1.3 (1.1.0)	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/WebServicesCore
0x91071000 - 0x910effff com.apple.SearchKit 1.0.5	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit
0x91124000 - 0x91142fff com.apple.Metadata 10.4.4 (121.36)	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata
0x9114e000 - 0x9115cfff libz.1.dylib 	/usr/lib/libz.1.dylib
0x9115f000 - 0x912fefff com.apple.security 4.5.2 (29774)	/System/Library/Frameworks/Security.framework/Versions/A/Security
0x913fc000 - 0x91404fff com.apple.DiskArbitration 2.1.1	/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
0x9140b000 - 0x91412fff libbsm.dylib 	/usr/lib/libbsm.dylib
0x91416000 - 0x9143cfff com.apple.SystemConfiguration 1.8.6	/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
0x9144e000 - 0x914c4fff com.apple.audio.CoreAudio 3.0.4	/System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
0x91515000 - 0x91515fff com.apple.ApplicationServices 10.4 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
0x91517000 - 0x91542fff com.apple.AE 314 (313)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE
0x91555000 - 0x91629fff com.apple.ColorSync 4.4.9	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync
0x91664000 - 0x916d7fff com.apple.print.framework.PrintCore 4.6 (177.13)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore
0x91705000 - 0x917aefff com.apple.QD 3.10.24 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD
0x917d4000 - 0x9181ffff com.apple.HIServices 1.5.2 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices
0x9183e000 - 0x91854fff com.apple.LangAnalysis 1.6.3	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis
0x91860000 - 0x9187afff com.apple.FindByContent 1.5	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/FindByContent
0x91884000 - 0x918c1fff com.apple.LaunchServices 182	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices
0x918d5000 - 0x918e1fff com.apple.speech.synthesis.framework 3.5	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis
0x918e8000 - 0x91927fff com.apple.ImageIO.framework 1.5.4	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO
0x9193a000 - 0x919ecfff libcrypto.0.9.7.dylib 	/usr/lib/libcrypto.0.9.7.dylib
0x91a32000 - 0x91a48fff libcups.2.dylib 	/usr/lib/libcups.2.dylib
0x91a4d000 - 0x91a6bfff libJPEG.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib
0x91a70000 - 0x91acffff libJP2.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib
0x91ae1000 - 0x91ae5fff libGIF.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib
0x91ae7000 - 0x91b6bfff libRaw.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib
0x91b6f000 - 0x91bacfff libTIFF.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib
0x91bb2000 - 0x91bccfff libPng.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
0x91bd1000 - 0x91bd3fff libRadiance.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib
0x91bd5000 - 0x91cb3fff libxml2.2.dylib 	/usr/lib/libxml2.2.dylib
0x91cd0000 - 0x91cd0fff com.apple.Accelerate 1.3.1 (Accelerate 1.3.1)	/System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
0x91cd2000 - 0x91d60fff com.apple.vImage 2.5	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage
0x91d67000 - 0x91d67fff com.apple.Accelerate.vecLib 3.3.1 (vecLib 3.3.1)	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib
0x91d69000 - 0x91dc2fff libvMisc.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib
0x91dcb000 - 0x91deffff libvDSP.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib
0x91df7000 - 0x92200fff libBLAS.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
0x9223a000 - 0x925eefff libLAPACK.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib
0x9261b000 - 0x92708fff libiconv.2.dylib 	/usr/lib/libiconv.2.dylib
0x9270a000 - 0x92787fff com.apple.DesktopServices 1.3.6	/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv
0x927c8000 - 0x929f8fff com.apple.Foundation 6.4.8 (567.29)	/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x92b12000 - 0x92b29fff libGL.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
0x92b34000 - 0x92b8cfff libGLU.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
0x92ba0000 - 0x92ba0fff com.apple.Carbon 10.4 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
0x92ba2000 - 0x92bb2fff com.apple.ImageCapture 3.0.4	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture
0x92bc1000 - 0x92bc9fff com.apple.speech.recognition.framework 3.6	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition
0x92bcf000 - 0x92bd4fff com.apple.securityhi 2.0.1 (24742)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI
0x92bda000 - 0x92c6bfff com.apple.ink.framework 101.2.1 (71)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink
0x92c7f000 - 0x92c82fff com.apple.help 1.0.3 (32.1)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help
0x92c85000 - 0x92ca3fff com.apple.openscripting 1.2.5 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting
0x92cb5000 - 0x92cbbfff com.apple.print.framework.Print 5.2 (192.4)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print
0x92cc1000 - 0x92d24fff com.apple.htmlrendering 66.1 (1.1.3)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering
0x92d48000 - 0x92d89fff com.apple.NavigationServices 3.4.4 (3.4.3)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices
0x92db0000 - 0x92dbdfff com.apple.audio.SoundManager 3.9.1	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound
0x92dc4000 - 0x92dc9fff com.apple.CommonPanels 1.2.3 (73)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels
0x92dce000 - 0x930c3fff com.apple.HIToolbox 1.4.9 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox
0x931c9000 - 0x931d4fff com.apple.opengl 1.4.16	/System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
0x931d9000 - 0x931f4fff com.apple.DirectoryService.Framework 3.2	/System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService
0x93264000 - 0x93264fff com.apple.Cocoa 6.4 (???)	/System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa
0x93266000 - 0x9391cfff com.apple.AppKit 6.4.8 (824.42)	/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
0x93c9d000 - 0x93d18fff com.apple.CoreData 91 (92.1)	/System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
0x93d51000 - 0x93e0bfff com.apple.audio.toolbox.AudioToolbox 1.4.5	/System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
0x93e4e000 - 0x93e4efff com.apple.audio.units.AudioUnit 1.4.2	/System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
0x93e50000 - 0x94011fff com.apple.QuartzCore 1.4.12	/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
0x94057000 - 0x94098fff libsqlite3.0.dylib 	/usr/lib/libsqlite3.0.dylib
0x940a0000 - 0x940dafff libGLImage.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib
0x940df000 - 0x940f5fff com.apple.CoreVideo 1.4	/System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo
0x9418d000 - 0x941cbfff com.apple.vmutils 4.0.2 (93.1)	/System/Library/PrivateFrameworks/vmutils.framework/Versions/A/vmutils
0x9420f000 - 0x94220fff com.apple.securityfoundation 2.2.1 (28150)	/System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation
0x9422e000 - 0x9426cfff com.apple.securityinterface 2.2.1 (27695)	/System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface
0x94288000 - 0x94297fff libCGATS.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib
0x9429e000 - 0x942a9fff libCSync.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib
0x942f5000 - 0x9430ffff libRIP.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib
0x94315000 - 0x94614fff com.apple.QuickTime 7.1.6	/System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime
0x94795000 - 0x948dbfff com.apple.AddressBook.framework 4.0.4 (485.1)	/System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook
0x94967000 - 0x94976fff com.apple.DSObjCWrappers.Framework 1.1	/System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers
0x9497d000 - 0x949a6fff com.apple.LDAPFramework 1.4.2 (69.1.1)	/System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
0x949ac000 - 0x949bbfff libsasl2.2.dylib 	/usr/lib/libsasl2.2.dylib
0x949bf000 - 0x949e4fff libssl.0.9.7.dylib 	/usr/lib/libssl.0.9.7.dylib
0x949f0000 - 0x94a0dfff libresolv.9.dylib 	/usr/lib/libresolv.9.dylib
0x94d0e000 - 0x94d32fff libcurl.3.dylib 	/usr/lib/libcurl.3.dylib
0x95796000 - 0x957b9fff libxslt.1.dylib 	/usr/lib/libxslt.1.dylib
0x96068000 - 0x9607efff libJapaneseConverter.dylib 	/System/Library/CoreServices/Encodings/libJapaneseConverter.dylib
0x96a7b000 - 0x96a7bfff com.apple.vecLib 3.3.1 (vecLib 3.3.1)	/System/Library/Frameworks/vecLib.framework/Versions/A/vecLib
0x970e6000 - 0x970ebfff com.apple.agl 2.5.9 (AGL-2.5.9)	/System/Library/Frameworks/AGL.framework/Versions/A/AGL
0x9792b000 - 0x97936fff com.apple.CommonCandidateWindow 1.0.1	/System/Library/PrivateFrameworks/CommonCandidateWindow.framework/Versions/A/CommonCandidateWindow
0x98b3c000 - 0x99811fff com.apple.QuickTimeComponents.component 7.1.6	/System/Library/QuickTime/QuickTimeComponents.component/Contents/MacOS/QuickTimeComponents
0x9a732000 - 0x9a769fff com.apple.Syndication 1.0.6 (54)	/System/Library/PrivateFrameworks/Syndication.framework/Versions/A/Syndication
0x9a785000 - 0x9a797fff com.apple.SyndicationUI 1.0.6 (54)	/System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI

Model: MacBook1,1, BootROM MB11.0061.B03, 2 processors, Intel Core Duo, 2 GHz, 1 GB
Graphics: Intel GMA 950, GMA 950, Built-In, spdisplays_integrated_vram
Memory Module: BANK 0/DIMM0, 512 MB, DDR2 SDRAM, 667 MHz
Memory Module: BANK 1/DIMM1, 512 MB, DDR2 SDRAM, 667 MHz
AirPort: spairport_wireless_card_type_airport_extreme (0x168C, 0x86), 0.1.31.1
Bluetooth: Version 1.7.14f14, 2 service, 1 devices, 1 incoming serial ports
Network Service: Built-in Ethernet, Ethernet, en0
Network Service: AirPort, AirPort, en1
Network Service: Parallels Host-Guest, Ethernet, en2
Network Service: Parallels NAT, Ethernet, en3
Serial ATA Device: WDC WD1200BEVS-00LAT0, 111.79 GB
Parallel ATA Device: MATSHITADVD-R   UJ-857, 792.89 MB
USB Device: Built-in iSight, Micron, Up to 480 Mb/sec, 500 mA
USB Device: IR Receiver, Apple Computer, Inc., Up to 12 Mb/sec, 500 mA
USB Device: Apple Internal Keyboard / Trackpad, Apple Computer, Up to 12 Mb/sec, 500 mA
USB Device: Bluetooth HCI, Up to 12 Mb/sec, 500 mA

Comment 3 Alexey Proskuryakov 2007-05-07 21:25:48 PDT

> i have the Inquisitor plugin installed but i don't really think the
> problem is related to it.

Indeed, it's not immediately obvious how it could cause this problem - but since it doesn't happen for others, there's still some suspicion. Could you please try disabling Inquisitor, just to be sure?

Comment 4 Daniel Acosta 2007-05-08 06:01:07 PDT

Created attachment 14411 [details]
Crash report

Comment 5 Daniel Acosta 2007-05-08 06:02:51 PDT

Comment on attachment 14411 [details]
Crash report

Comment 6 Alexey Proskuryakov 2007-05-08 10:11:21 PDT

Thank you for the additional information!

A reproducible crash with Kotoeri would be a P1 bug (top priority), too bad we still cannot reproduce it on other machines. Here are some more questions that might help us isolate the problem:

- Is you primary system language English, or some other one (as in System Preferences->International->Language)?
- Does the crash happen after typing the very first character, no matter what it is? For example, does typing a space cause it?
- Do other input methods (such as Hangul or Chinese) work in WebKit?
- Did you make any changes to default Kotoeri settings before?
- Will the crash still happen under a newly created user account?

  Looking at the code, it appears that the code path taken is the one for NSAttributedString with NSTextInputReplacementRangeAttributeName.

Comment 7 Daniel Acosta 2007-05-08 10:35:21 PDT

(In reply to comment #6)

My primary system language is English and the bug occurs after typing the first character...

I tried creating a new test account, the problem didn't occur the first time i had selected Katakana then Hiragana manually from the language menu at the top, the keyboard shortcuts didn't appear to work... but then i quit Webkit and entered again... i noticed the input menu still had the US flag so i switched it to Romaji manually (which keeps same behaviour as US input) and the keyboard shortcuts showed up on the language menu... then while typing inside a form I switched to the scripts using the keyboard shortcuts Ctrl+Shift+K and Ctrl+Shift+J and it crashed again at the next character... it appears to only happen when switching to the scripts using the keyboard shorcut... quite odd... it hadn't happened in any other program...

Comment 8 Daniel Acosta 2007-05-08 10:48:52 PDT

ok i kept testing a bit more... if i switch scripts using the keyboard shorcuts with focus on the address bar or search box and then type in a form i can successfuly input japanese normally... the problem only occurs when switching within a form input box... also if webkit starts already with another script selected it works perfectly too, unless i switch again while typing...

I tried testing Hangul too but nothing seemed to be wrong, however i only switched manually cuz i didn't find any keyboard shortcuts...

Comment 9 Alexey Proskuryakov 2007-05-08 10:56:11 PDT

That's a great detective work, thank you! Now I can reproduce the problem.

Steps to reproduce:
1) Launch a WebKit nightly.
2) Switch to Kotoeri Romaji input mode.
3) Type www.google.com in the address bar, press Enter.
  A Google home page loads, and the focus moves to it.
4) Press Ctrl+Shift+J.

  I'm usually getting a crash at this point, although it's not quite 100%. According to the above comment, some typing may be needed, or maybe re-launching WebKit once more.

Comment 10 Alexey Proskuryakov 2007-05-11 11:11:28 PDT

Created attachment 14492 [details]
test case (DRT-only)

This is a test case for the crash, which happens when Kotoeri gives us an incorrect replacement string.

Now going to investigate why Kotoeri does that - it may well be a WebKit bug, too.

Comment 11 Alexey Proskuryakov 2007-05-11 12:40:34 PDT

Fixing the crash by adding a null check is easy, but the behavior remains wrong (a new character appears when switching from Romaji; this character is actually the very first character from the page in question).

This problem happens because NSTSMDocumentAccessEventHandler hacks around NSTextInput protocol by calling -[client string] or -[client textStorage] if those are available.

In NSTextInput protocol methods, WebKit uses range indices relative to the current root editable element, so it is different from character indices of [WebHTMLView string], which is a WebKit API that converts the whole document to plain text. Doing otherwise would obviously ruin performance.

Thus, any input method that tries to both read unmarked text from the document and to modify it will get unexpected results. We didn't see this in shipping Safari for a variety of reasons, most importantly, because forms were AppKit-based.

Comment 12 Alexey Proskuryakov 2007-05-11 12:51:58 PDT

I think this should be resolved in cooperation with AppKit engineers.

Comment 13 Alexey Proskuryakov 2007-05-24 21:40:46 PDT

The "big" issue with incompatible ranges was fixed by Oliver Hunt in r21728. I believe (but haven't yet verified) that this should fix the crash with Kotoeri, but not with the attached test case. If so, we probably just need to add a null check for extra safety now.

Also, Oliver's fix did not include a test case; the attached one can be extended to check that correct text comes out of NSTextInput accessors.

Comment 14 Oliver Hunt 2007-05-25 02:42:23 PDT

/me materialises

ap: I couldn't work out how to write a test case for that test, and if it isn't possible  currently i certainly don't have time to extend drt -- i currently have a very chunky (and destined to be workaround/hack-fixed) bug in jianyi :(

Anyhoo, having a quick look at this now -- certainly the null check may be necessary in the short term

Comment 15 Oliver Hunt 2007-05-25 03:07:53 PDT

ap: you're right my patch has fixed this bug, but your test case does still cause a crash

Am moving to p2 as i can't see a way to trigger the crash without having using drt, although it does need to be fixed as we should allow an invalid range to cause a crash (the NSTextInput API even states that we should assume we'll be given bad ranges)

Comment 16 Daniel Acosta 2007-05-25 05:22:34 PDT

the browser doesnt crash anymore, however the behaviour on mode switching is not as expected... for example if you write some word in romaji (roman letters) mode and then switch to katakana the text you wrote before will change its script unless you type a space after it... and the same goes for japanese script modes, words you wrote before will change its script unless you type return after each one, which is unnecesary in some cases as there are generally no spaces in japanese

Comment 17 Oliver Hunt 2007-05-25 05:52:31 PDT

Are you sure? i don't see that -- it wouldn't have surprised me if it exists, we had to take a someone exciting approach to fix the kotoeri IM bug ap was referring to.

I don't see what you describe when i do the following:
1. go to http://www.freetranslation.com/
2. switch to romaji input
3. type (on us keyboard, in romaji input mode) "toukyou" which outputs "toukyou"
4. while still focused i switch to katakana -- no change in text -- once again i type "toukyou" now it produces "&#12488;&#12454;&#12461;&#12519;&#12454;”
5. without accepting (so the "&#12488;&#12454;&#12461;&#12519;&#12454;" is still marked) switch to hiragana input, type toukyou again, get &#12392;&#12358;&#12365;&#12423;&#12358;&#12288;
6. enter to confirm am left with ”toukyou&#12488;&#12454;&#12461;&#12519;&#12454;&#12392;&#12358;&#12365;&#12423;&#12358;”

I've tested as much as i can (i know the behaviour "toukyou" from a previous bug) but i can't read any of these scripts, and don't actually use the IMs.

If you can give specific instructions (similar to what i did) that would be great.

Comment 18 Alexey Proskuryakov 2007-05-25 05:58:14 PDT

(In reply to comment #17)
> If you can give specific instructions (similar to what i did) that would be
> great.

I think it would be better to open a new bug for this, as it is probably not directly related to the null check that we are going to add as a result of this bug.

Comment 19 Daniel Acosta 2007-05-25 06:09:27 PDT

i did same as oliver but i switched to katakana using the shortcut.... Ctrl+Shift+K (switching to katakana)... and Ctrl+Shift+; (switching to romaji) i tried it in comment box here before typing anything...

Comment 20 Daniel Acosta 2007-05-25 06:13:29 PDT

if you want to test the correct behaviour you could try it in any other app like TextEdit...

as for opening a new bug i think its still related to the keyboard input mode switching shortcuts so its kind of the same thing...

Comment 21 Alexey Proskuryakov 2007-05-26 06:51:41 PDT

(In reply to comment #14)
> ap: I couldn't work out how to write a test case for that test

Indeed, I was too optimistic, and it doesn't seem possible with existing DRT functionality.

Comment 22 Alexey Proskuryakov 2007-05-26 06:55:56 PDT

Created attachment 14735 [details]
add a null check

(In reply to comment #20)
> as for opening a new bug i think its still related to the keyboard input mode
> switching shortcuts so its kind of the same thing...

We normally do not try to track several problems in one bug, as this causes unnecessary confusion. Usually, it is not possible to guess whether the fixes will be related just by the fact that symptoms are - and in this particular case, fixes will likely be very different.

Comment 23 Darin Adler 2007-05-26 07:32:49 PDT

Comment on attachment 14735 [details]
add a null check

Is it better to not change the selection or clear the selection in this case?

Comment 24 Alexey Proskuryakov 2007-05-26 07:45:46 PDT

Keeping an existing selection means that an invalid NSTextInputReplacementRangeAttributeName is treated the same a missing one, which seemed more logical to me. But I do not have any real reason to prefer one way to another.

Comment 25 Darin Adler 2007-05-26 08:39:39 PDT

Comment on attachment 14735 [details]
add a null check

r=me

Comment 26 Alexey Proskuryakov 2007-05-26 09:00:41 PDT

Committed revision 21803.

Daniel: Normally, I'd open a new bug for any remaining issues mentioned in the one being closed, but since the additional issues mentioned here could not be reproduced yet, I have to ask you to do that. Sorry for the inconvenience!

Comment 27 Daniel Acosta 2007-05-29 17:21:32 PDT

(In reply to comment #26)
> Committed revision 21803.
> 
> Daniel: Normally, I'd open a new bug for any remaining issues mentioned in the
> one being closed, but since the additional issues mentioned here could not be
> reproduced yet, I have to ask you to do that. Sorry for the inconvenience!
> 

thank you i have just posted it as a new bug with a quick way to reproduce it here http://bugs.webkit.org/show_bug.cgi?id=13914

Comment 28 Oliver Hunt 2007-05-29 19:06:49 PDT

Daniel, can you verify this bug is fixed (if it no longer occurs choose the "Mark bug as VERIFIED" option above the message commit button.

Comment 29 David Kilzer (:ddkilzer) 2009-06-29 12:39:37 PDT

Comment on attachment 14411 [details]
Crash report

(In reply to comment #4)
> Created an attachment (id=14411) [review]
> another problem report

Renaming the description of this attachment to "Crash Report" since it violates the maximum length of descriptions in future Bugzilla versions.  Here's the previous description:

i have uninstalled the plugin but the issue remains, i have no idea what could be wrong... my safari isn't custumized any further... it keeps being the same kernel protection failure bad access exception... i'm attatching another problem report (the one after i removed inquisitor)