Bug 191817 - Dragging image with a border-image larger than the image element crashes
Summary: Dragging image with a border-image larger than the image element crashes
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Platform (show other bugs)
Version: Safari Technology Preview
Hardware: Mac macOS 10.14
: P2 Normal
Assignee: Wenson Hsieh
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-11-17 16:14 PST by Ralph T
Modified: 2018-11-19 08:31 PST (History)
9 users (show)

See Also:

Attachments
Page that crashes when image is dragged. (477 bytes, text/html)
2018-11-17 16:15 PST, Ralph T 		no flags Details
Patch (9.41 KB, patch)
2018-11-18 21:27 PST, Wenson Hsieh 		no flags Details | Formatted Diff | Diff
Archive of layout-test-results from ews126 for ios-simulator-wk2 (2.58 MB, application/zip)
2018-11-19 00:22 PST, EWS Watchlist 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ralph T 2018-11-17 16:14:24 PST 
Dragging the image in the attached sample causes the renderer to crash.
Comment 1 Ralph T 2018-11-17 16:15:23 PST 
Created attachment 355214 [details]
Page that crashes when image is dragged.
Comment 2 Simon Fraser (smfr) 2018-11-17 17:22:42 PST 
Thanks for the report.
Comment 3 Simon Fraser (smfr) 2018-11-17 17:26:16 PST 
    frame #0: 0x00007fff59b456f0 libobjc.A.dylib`objc_exception_throw
  * frame #1: 0x00007fff2dc2926f CoreFoundation`+[NSException raise:format:] + 201
    frame #2: 0x00007fff2b1ec6d1 AppKit`-[NSImage _lockFocusOnRepresentation:rect:context:hints:flipped:] + 316
    frame #3: 0x00007fff2b1ec58c AppKit`__51-[NSImage lockFocusWithRect:context:hints:flipped:]_block_invoke + 68
    frame #4: 0x00007fff2b17c538 AppKit`-[NSImage _usingBestRepresentationForRect:context:hints:body:] + 156
    frame #5: 0x00007fff2b1ec53e AppKit`-[NSImage lockFocusWithRect:context:hints:flipped:] + 141
    frame #6: 0x00007fff2b2f134b AppKit`-[NSImage lockFocusFlipped:] + 111
    frame #7: 0x00000005f899f931 WebCore`WebCore::dissolveDragImageToFraction(image=(m_ptr = 0x00007fee8173fe30), delta=0.75) at DragImageMac.mm:88
    frame #8: 0x00000005fab4b292 WebCore`WebCore::DragController::doImageDrag(this=0x000000060fcd85a0, element=0x0000000613600138, dragOrigin={ x = 127, y = 37 }, layoutRect={ x = 33, y = 58, width = 150, height = 0 }, frame={ origin = https://bug-191817-attachments.webkit.org, url = https://bug-191817-attachments.webkit.org/attachment.cgi?id=355214, isMainFrame = 1, pageCacheState = NotInPageCache }, dragImageOffset={ x = 0, y = 0 }, state=0x00000005fd33ac50, attachmentInfo=0x00007ffee10d4078) at DragController.cpp:1212
    frame #9: 0x00000005fab4835e WebCore`WebCore::DragController::startDrag(this=0x000000060fcd85a0, src={ origin = https://bug-191817-attachments.webkit.org, url = https://bug-191817-attachments.webkit.org/attachment.cgi?id=355214, isMainFrame = 1, pageCacheState = NotInPageCache }, state=0x00000005fd33ac50, srcOp=DragOperationEvery, dragEvent=0x00007ffee10d4f50, dragOrigin={ x = 127, y = 37 }, hasData=No) at DragController.cpp:1052
Comment 4 Simon Fraser (smfr) 2018-11-17 17:27:27 PST 
Image size is 0x0
Comment 5 Radar WebKit Bug Importer 2018-11-18 17:25:47 PST 
<rdar://problem/46159222>
Comment 6 Wenson Hsieh 2018-11-18 21:27:06 PST 
Created attachment 355253 [details]
Patch
Comment 7 EWS Watchlist 2018-11-19 00:22:55 PST 
Comment on attachment 355253 [details]
Patch

Attachment 355253 [details] did not pass ios-sim-ews (ios-simulator-wk2):
Output: https://webkit-queues.webkit.org/results/10074900

New failing tests:
media/no-fullscreen-when-hidden.html
Comment 8 EWS Watchlist 2018-11-19 00:22:57 PST 
Created attachment 355257 [details]
Archive of layout-test-results from ews126 for ios-simulator-wk2

The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews126  Port: ios-simulator-wk2  Platform: Mac OS X 10.13.6
Comment 9 WebKit Commit Bot 2018-11-19 08:31:30 PST 
Comment on attachment 355253 [details]
Patch

Clearing flags on attachment: 355253

Committed r238375: <https://trac.webkit.org/changeset/238375>
Comment 10 WebKit Commit Bot 2018-11-19 08:31:32 PST 
All reviewed patches have been landed.  Closing bug.