Bug 215732 - Crash when interacting with certain elements in WebCore::EventHandler::dispatchMouseEvent
Summary: Crash when interacting with certain elements in WebCore::EventHandler::dispat...
Status: RESOLVED DUPLICATE of bug 215622
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: Safari Technology Preview
Hardware: All All
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-08-21 08:59 PDT by zac west
Modified: 2020-08-22 16:10 PDT (History)
2 users (show)

See Also:

Attachments
An example crash log (123.25 KB, text/plain)
2020-08-21 08:59 PDT, zac west 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description zac west 2020-08-21 08:59:33 PDT 
Created attachment 407012 [details]
An example crash log

STR:

1. Visit https://demo.home-assistant.io or https://mwc-demos.glitch.me
2. Click on a button/toggle element on the page.
3. Note the crash.

This reproduces (and began) on the version of WebKit/Safari in iOS 14 beta 5 and Safari Technology Preview Release 112 (Safari 14.0, WebKit 15610.1.25.5.1).

The crash will look something like the one attached, ending in:

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x0000000662c4cde5 WebCore::EventHandler::dispatchMouseEvent(WTF::AtomString const&, WebCore::Node*, int, WebCore::PlatformMouseEvent const&, WebCore::EventHandler::FireMouseOverOut) + 2773
1   com.apple.WebCore             	0x00000006612c7d49 WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 3529
2   com.apple.WebKit              	0x0000000660023c7d WebKit::WebPage::mouseEvent(WebKit::WebMouseEvent const&) + 475
3   com.apple.WebKit              	0x00000006605fbd71 WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection&, IPC::Decoder&) + 13359
4   com.apple.WebKit              	0x00000006600a0895 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection&, IPC::Decoder&) + 125
5   com.apple.WebKit              	0x00000006604e45ac WebKit::WebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 28
6   com.apple.WebKit              	0x0000000660082cfb IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 701
7   com.apple.WebKit              	0x000000066008550a WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_7, void>::call() + 214
Comment 1 Elizabeth Mitchell 2020-08-21 13:13:44 PDT 
This error is related to delegatesFocus. When set to true, the tab will crash when the user creates focus by clicking on the ShadowRoot's content.

If the element is programmatically focused via element.focus(), the tab does not crash and element.shadowRoot.activeElement is properly set to the delegated focus target.

If delegatesFocus is set to false, the tab does not crash when the user clicks on the ShadowRoot's content.

Crash: https://jsbin.com/hudimuseya/edit?html,output
No crash: https://jsbin.com/hegogibike/edit?html,output

Safari TP 112 (Safari 14.0, WebKit 15610.1.25.5.1)
Comment 2 Alexey Proskuryakov 2020-08-22 16:10:04 PDT 
Thank you for the report! I believe that this was just fixed a couple days ago as bug 215622.

*** This bug has been marked as a duplicate of bug 215622 ***