Possible null dereference under EventHandler::dispatchMouseEvent(): Thread[0] EXC_BAD_ACCESS (SIGSEGV) (KERN_INVALID_ADDRESS at 0x0000000000000008) [ 0] 0x00007fff9312d6e4 WebCore`WebCore::Range::compareNode(WebCore::Node&, int&) const + 36 at Range.cpp:298:9 294 // Firefox doesn't throw an exception for this case; it returns 0. 295 return NODE_BEFORE; 296 } 297 -> 298 if (&refNode.document() != &ownerDocument()) { 299 // Firefox doesn't throw an exception for this case; it returns 0. 300 return NODE_BEFORE; 301 } 302 0x00007fff9312d6d6: testb $0x1, 0x15(%rsi) 0x00007fff9312d6da: je 0xce874e ; <+142> at Range.cpp:323 0x00007fff9312d6dc: movq 0x20(%rsi), %rax 0x00007fff9312d6e0: movq 0x8(%rax), %rax -> 0x00007fff9312d6e4: cmpq 0x8(%r15), %rax 0x00007fff9312d6e8: jne 0xce874e ; <+142> at Range.cpp:323 0x00007fff9312d6ea: movq 0x18(%rsi), %r12 0x00007fff9312d6ee: movq %rsi, %rdi 0x00007fff9312d6f1: callq 0x14c240 ; WebCore::Node::computeNodeIndex at Node.cpp:781 [ 1] 0x00007fff925b46b4 WebCore`WebCore::EventHandler::dispatchMouseEvent(WTF::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 324 at EventHandler.cpp:2515:24 2511 // node on mouse down if it's selected and inside a focused node. It will be 2512 // focused if the user does a mouseup over it, however, because the mouseup 2513 // will set a selection inside it, which will call setFocuseNodeIfNeeded. 2514 if (m_frame.selection().isRange() -> 2515 && m_frame.selection().toNormalizedRange()->compareNode(*element, IGNORE_EXCEPTION) == Range::NODE_INSIDE 2516 && element->isDescendantOf(m_frame.document()->focusedElement())) 2517 return true; 2518 2519 break; [ 2] 0x00007fff925b83f7 WebCore`WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 1799 at EventHandler.cpp:1708:26 1704 } 1705 1706 m_frame.selection().setCaretBlinkingSuspended(true); 1707 -> 1708 bool swallowEvent = !dispatchMouseEvent(eventNames().mousedownEvent, mouseEvent.targetNode(), true, m_clickCount, platformMouseEvent, true); 1709 m_capturesDragging = !swallowEvent || mouseEvent.scrollbar(); 1710 1711 // If the hit testing originally determined the event was in a scrollbar, refetch the MouseEventWithHitTestResults 1712 // in case the scrollbar widget was destroyed when the mouse event was handled. [ 3] 0x00007fff926dc4bc WebCore`WebCore::EventHandler::passMousePressEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*) + 76 at EventHandlerMac.mm:692:5 688 if (frameHasPlatformWidget(m_frame)) 689 return passSubframeEventToSubframe(mev, subframe); 690 691 // WebKit2 code path. -> 692 subframe->eventHandler().handleMousePressEvent(mev.event()); 693 return true; 694 } 695 696 bool EventHandler::passMouseMoveEventToSubframe(MouseEventWithHitTestResults& mev, Frame* subframe, HitTestResult* hoveredNode) [ 4] 0x00007fff925b8015 WebCore`WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 805 at EventHandler.cpp:1661:21