WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
152847
Absolute positioning -webkit-search-cancel-button crashes Safari
https://bugs.webkit.org/show_bug.cgi?id=152847
Summary
Absolute positioning -webkit-search-cancel-button crashes Safari
m.renty
Reported
2016-01-07 12:33:55 PST
When trying to absolute position of the -webkit-search-cancel-button of an input[type=search] Safari quits unexpectedly. I recreated it in JSBin
http://jsbin.com/bimiqipojo
, you can trigger it by focussing the input. Tested this both in OSX 10.10 and 10.11.
Attachments
Patch
(17.21 KB, patch)
2016-01-08 20:13 PST
,
alan baradlay
no flags
Details
Formatted Diff
Diff
Patch
(27.66 KB, patch)
2016-01-08 20:54 PST
,
alan baradlay
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
alan baradlay
Comment 1
2016-01-07 19:42:44 PST
I can't reproduce it with trunk
r194751
.
m.renty
Comment 2
2016-01-08 00:18:58 PST
What do you mean with trunk
r194751
? I have enclosed a link to JSBin where I recreated the bug, when you focus the input Safari quits every time. (In reply to
comment #1
)
> I can't reproduce it with trunk
r194751
.
alan baradlay
Comment 3
2016-01-08 13:07:45 PST
(In reply to
comment #2
)
> What do you mean with trunk
r194751
? > I have enclosed a link to JSBin where I recreated the bug, when you focus > the input Safari quits every time. > > (In reply to
comment #1
) > > I can't reproduce it with trunk
r194751
.
Could you include the version of Safari that you use to reproduce this crash? (something like Version 9.0.X (XXXXX.X.X))
Simon Fraser (smfr)
Comment 4
2016-01-08 13:18:34 PST
I can reproduce with
r194567
. Click in the input, then type: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010cb003b7 WebCore::RenderBox::offsetFromContainer(WebCore::RenderElement&, WebCore::LayoutPoint const&, bool*) const + 135 1 com.apple.WebCore 0x000000010cbeade3 WebCore::RenderThemeMac::convertToPaintingRect(WebCore::RenderObject const&, WebCore::RenderObject const&, WebCore::FloatRect const&, WebCore::IntRect const&) const + 131 2 com.apple.WebCore 0x000000010cbef558 WebCore::RenderThemeMac::paintSearchFieldCancelButton(WebCore::RenderObject const&, WebCore::PaintInfo const&, WebCore::IntRect const&) + 1096 3 com.apple.WebCore 0x000000010cbe740c WebCore::RenderTheme::paint(WebCore::RenderBox const&, WebCore::ControlStates&, WebCore::PaintInfo const&, WebCore::LayoutRect const&) + 1516 4 com.apple.WebCore 0x000000010bed579d WebCore::RenderBox::paintBoxDecorations(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 541 5 com.apple.WebCore 0x000000010bed2db5 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 277 6 com.apple.WebCore 0x000000010bed5126 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 326 7 com.apple.WebCore 0x000000010cb57871 WebCore::RenderLayer::paintBackgroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*) + 385 8 com.apple.WebCore 0x000000010cb546ea WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 2650 9 com.apple.WebCore 0x000000010cb54988 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 3320 10 com.apple.WebCore 0x000000010cb54988 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 3320 11 com.apple.WebCore 0x000000010cb52677 WebCore::RenderLayer::paint(WebCore::GraphicsContext&, WebCore::LayoutRect const&, WebCore::LayoutSize const&, unsigned int, WebCore::RenderObject*, unsigned int) + 263 12 com.apple.WebCore 0x000000010c43cd12 WebCore::FrameView::paintContents(WebCore::GraphicsContext&, WebCore::IntRect const&) + 514 13 com.apple.WebCore 0x000000010cc58630 WebCore::ScrollView::paint(WebCore::GraphicsContext&, WebCore::IntRect const&) + 416 14 com.apple.WebCore 0x000000010bfa174d WebCore::RenderWidget::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 909 15 com.apple.WebCore 0x000000010bfa10e3 WebCore::RenderWidget::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 787 16 com.apple.WebCore 0x000000010cb5abba WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*) + 394 17 com.apple.WebCore 0x000000010cb57b40 WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*, bool) + 496 18 com.apple.WebCore 0x000000010cb54840 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 2992 19 com.apple.WebCore 0x000000010cb54988 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 3320 20 com.apple.WebCore 0x000000010cb54988 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 3320 21 com.apple.WebCore 0x000000010cb52677 WebCore::RenderLayer::paint(WebCore::GraphicsContext&, WebCore::LayoutRect const&, WebCore::LayoutSize const&, unsigned int, WebCore::RenderObject*, unsigned int) + 263 22 com.apple.WebCore 0x000000010c43cd12 WebCore::FrameView::paintContents(WebCore::GraphicsContext&, WebCore::IntRect const&) + 514 23 com.apple.WebCore 0x000000010cc58630 WebCore::ScrollView::paint(WebCore::GraphicsContext&, WebCore::IntRect const&) + 416 24 com.apple.WebCore 0x000000010bfa174d WebCore::RenderWidget::paintContents(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 909 25 com.apple.WebCore 0x000000010bfa10e3 WebCore::RenderWidget::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 787 26 com.apple.WebCore 0x000000010cb5abba WebCore::RenderLayer::paintForegroundForFragmentsWithPhase(WebCore::PaintPhase, WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*) + 394 27 com.apple.WebCore 0x000000010cb57b40 WebCore::RenderLayer::paintForegroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*, bool) + 496 28 com.apple.WebCore 0x000000010cb54840 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 2992 29 com.apple.WebCore 0x000000010cb54988 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 3320 30 com.apple.WebCore 0x000000010cb54988 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 3320 31 com.apple.WebCore 0x000000010cb54988 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 3320 32 com.apple.WebCore 0x000000010cb54988 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) + 3320 33 com.apple.WebCore 0x000000010cb65bcc WebCore::RenderLayerBacking::paintIntoLayer(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::IntRect const&, unsigned int, unsigned int) + 524 34 com.apple.WebCore 0x000000010cb65e70 WebCore::RenderLayerBacking::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, unsigned int, WebCore::FloatRect const&) + 528 35 com.apple.WebCore 0x000000010c469977 WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&) + 135 36 com.apple.WebCore 0x000000010caa18c9 WebCore::PlatformCALayer::drawLayerContents(CGContext*, WebCore::PlatformCALayer*, WTF::Vector<WebCore::FloatRect, 5ul, WTF::CrashOnOverflow, 16ul>&) + 345 37 com.apple.WebCore 0x000000010ce1e533 WebCore::TileGrid::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&) + 163 38 com.apple.WebCore 0x000000010cec34ac -[WebSimpleLayer drawInContext:] + 172
Radar WebKit Bug Importer
Comment 5
2016-01-08 13:18:45 PST
<
rdar://problem/24112087
>
m.renty
Comment 6
2016-01-08 13:20:53 PST
It occurs in Safari Version 9.0.2 (10601.3.9) both on OSX 10.10.5 and 10.11.2. When you focus the input[type=search] everything is fine, but when you type the first character Safari quits. (In reply to
comment #3
)
> (In reply to
comment #2
) > > What do you mean with trunk
r194751
? > > I have enclosed a link to JSBin where I recreated the bug, when you focus > > the input Safari quits every time. > > > > (In reply to
comment #1
) > > > I can't reproduce it with trunk
r194751
. > > Could you include the version of Safari that you use to reproduce this crash? > (something like Version 9.0.X (XXXXX.X.X))
alan baradlay
Comment 7
2016-01-08 13:30:35 PST
containingRenderer -> null ASSERTION FAILED: containingRenderer RenderThemeMac.mm(685) : WebCore::FloatRect WebCore::RenderThemeMac::convertToPaintingRect(const WebCore::RenderObject &, const WebCore::RenderObject &, const WebCore::FloatRect &, const WebCore::IntRect &) const 1 0x10f02cb80 WTFCrash 2 0x112bad992 WebCore::RenderThemeMac::convertToPaintingRect(WebCore::RenderObject const&, WebCore::RenderObject const&, WebCore::FloatRect const&, WebCore::IntRect const&) const 3 0x112bb6b21 WebCore::RenderThemeMac::paintSearchFieldCancelButton(WebCore::RenderObject const&, WebCore::PaintInfo const&, WebCore::IntRect const&) 4 0x112ba566c WebCore::RenderTheme::paint(WebCore::RenderBox const&, WebCore::ControlStates&, WebCore::PaintInfo const&, WebCore::LayoutRect const&) 5 0x112902d79 WebCore::RenderBox::paintBoxDecorations(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 6 0x112892dd4 WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 7 0x1128920e5 WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) 8 0x1129eb250 WebCore::RenderLayer::paintBackgroundForFragments(WTF::Vector<WebCore::LayerFragment, 1ul, WTF::CrashOnOverflow, 16ul> const&, WebCore::GraphicsContext&, WebCore::GraphicsContext&, WebCore::LayoutRect const&, bool, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int, WebCore::RenderObject*) 9 0x1129e75f6 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) 10 0x1129e6c5a WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) 11 0x1129e59d6 WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) 12 0x1129eb374 WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul, WTF::CrashOnOverflow, 16ul>*, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) 13 0x1129e7848 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) 14 0x1129e6c5a WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) 15 0x1129e59d6 WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) 16 0x1129eb374 WebCore::RenderLayer::paintList(WTF::Vector<WebCore::RenderLayer*, 0ul, WTF::CrashOnOverflow, 16ul>*, WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) 17 0x1129e7848 WebCore::RenderLayer::paintLayerContents(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) 18 0x1129e6c5a WebCore::RenderLayer::paintLayerContentsAndReflection(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) 19 0x1129e59d6 WebCore::RenderLayer::paintLayer(WebCore::GraphicsContext&, WebCore::RenderLayer::LayerPaintingInfo const&, unsigned int) 20 0x1129e5321 WebCore::RenderLayer::paint(WebCore::GraphicsContext&, WebCore::LayoutRect const&, WebCore::LayoutSize const&, unsigned int, WebCore::RenderObject*, unsigned int) 21 0x11185b3ce WebCore::FrameView::paintContents(WebCore::GraphicsContext&, WebCore::IntRect const&)
alan baradlay
Comment 8
2016-01-08 20:13:16 PST
Created
attachment 268605
[details]
Patch
alan baradlay
Comment 9
2016-01-08 20:54:17 PST
Created
attachment 268610
[details]
Patch
Simon Fraser (smfr)
Comment 10
2016-01-08 21:22:49 PST
Comment on
attachment 268610
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=268610&action=review
> Source/WebCore/rendering/RenderThemeMac.mm:679 > + IntPoint offsetFromInputRenderer = roundedIntPoint(customButtonRenderer.localToContainerPoint(customButtonRenderer.contentBoxRect().location(), &inputRenderer));
Should this be FloatPoint or LayoutPoint?
WebKit Commit Bot
Comment 11
2016-01-08 22:27:59 PST
Comment on
attachment 268610
[details]
Patch Clearing flags on attachment: 268610 Committed
r194817
: <
http://trac.webkit.org/changeset/194817
>
WebKit Commit Bot
Comment 12
2016-01-08 22:28:04 PST
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug