Bug 16603 - Crash when resizing text field
Summary: Crash when resizing text field
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.5
: P1 Normal
Assignee: mitz
URL: http://nontroppo.org/
Keywords: HasReduction, InRadar
Depends on:
Blocks:
 
Reported: 2007-12-25 07:18 PST by Nicholas Shanks
Modified: 2007-12-27 19:23 PST (History)
1 user (show)

See Also:

Attachments
first pass reduction (484 bytes, text/html)
2007-12-27 16:59 PST, Eric Seidel (no email) 		no flags Details
Reset EventHandler's m_resizeLayer when a resizing layer is being destroyed (5.28 KB, patch)
2007-12-27 19:11 PST, mitz 		oliver: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Nicholas Shanks 2007-12-25 07:18:43 PST 
Go to the site above and hover the mouse over the "Email Me" text. A form will appear that disappears again if the mouse moves. Resist the urge to call the web designer a complete twat and instead try and enlarge the text field. I am going to see if I can reduce it. Will update the bug if I can.

Process:         Safari [893]
Path:            /Applications/WebKit.app/Contents/MacOS/WebKit
Identifier:      org.webkit.nightly.WebKit
Version:         r28949 (28949)
Code Type:       X86 (Native)
Parent Process:  launchd [83]

Date/Time:       2007-12-25 14:44:38.382 +0000
OS Version:      Mac OS X 10.5.1 (9B18)
Report Version:  6

Exception Type:  EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000004
Crashed Thread:  0

Thread 0 Crashed:
0   com.apple.WebCore             	0x00db6dda WebCore::RenderLayer::resize(WebCore::PlatformMouseEvent const&, WebCore::IntSize const&) + 90
1   com.apple.WebCore             	0x00b5a3c8 WebCore::EventHandler::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&, WebCore::HitTestResult*) + 1400
2   com.apple.WebCore             	0x00b5d090 WebCore::EventHandler::mouseDragged(NSEvent*) + 384
3   com.apple.WebKit              	0x001b7d85 -[WebHTMLView mouseDragged:] + 229
4   com.apple.AppKit              	0x9309f8e2 -[NSWindow sendEvent:] + 8249
5   com.apple.Safari              	0x000329d3 0x1000 + 203219
6   com.apple.AppKit              	0x9306ba2c -[NSApplication sendEvent:] + 2766
7   com.apple.Safari              	0x000324a8 0x1000 + 201896
8   com.apple.AppKit              	0x92fc9705 -[NSApplication run] + 847
9   com.apple.AppKit              	0x92f969ba NSApplicationMain + 574
10  com.apple.Safari              	0x00002876 0x1000 + 6262
Comment 1 Eric Seidel (no email) 2007-12-27 16:59:48 PST 
Created attachment 18134 [details]
first pass reduction

Well, I was trying to build a reduction, and my first pass worked!  So I'm posting it.  We can definitely refine this further for DRT.

Just mouse over the blue area, and try and resize the text field (if you can actually grab ahold of it). :)
Comment 2 David Kilzer (:ddkilzer) 2007-12-27 18:16:37 PST 
<rdar://problem/5664199>
Comment 3 mitz 2007-12-27 19:11:59 PST 
Created attachment 18136 [details]
Reset EventHandler's m_resizeLayer when a resizing layer is being destroyed

Includes change log and layout test that crashes the unpatched release build.
Comment 4 mitz 2007-12-27 19:23:09 PST 
Fixed in <http://trac.webkit.org/projects/webkit/changeset/29010>.