NEW 29101
Simulating image drag in a layout test crashes DRT 
https://bugs.webkit.org/show_bug.cgi?id=29101
Summary Simulating image drag in a layout test crashes DRT
Jens Alfke
Reported 2009-09-09 11:56:57 PDT
Using the eventSender API to simulate dragging an image element crashes DRT if the test actions occur while the file is loading. To work around this, I had to wait until the onload event is sent, and run the test code then. All of the drag-related tests I've seen (in LayoutTests/fast/events) seem to work the same way. Attached is a modified version of a new layout test, which reproduces the crash. (I'm submitting the test with another patch, in the form that works successfully.) The following is written to stderr: ASSERTION FAILED: !image->filenameExtension().isEmpty() (/Chromium/src/third_party/WebKit/WebCore/page/DragController.cpp:664 bool WebCore::DragController::startDrag(WebCore::Frame*, WebCore::Clipboard*, WebCore::DragOperation, const WebCore::PlatformMouseEvent&, const WebCore::IntPoint&, bool)) Here's the relevant prt of crash log: Process: DumpRenderTree [51277] Path: /Chromium/src/third_party/WebKit/WebKitBuild/Debug/DumpRenderTree Identifier: DumpRenderTree Version: ??? (???) Code Type: X86 (Native) Parent Process: perl [51199] Date/Time: 2009-09-09 11:23:46.449 -0700 OS Version: Mac OS X 10.5.8 (9L31a) Report Version: 6 Anonymous UUID: 59108E33-207B-442A-AD70-0A0F9E6AC86E Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.WebCore 0x03d547ca WebCore::DragController::startDrag(WebCore::Frame*, WebCore::Clipboard*, WebCore::DragOperation, WebCore::PlatformMouseEvent const&, WebCore::IntPoint const&, bool) + 1074 (DragController.cpp:661) 1 com.apple.WebCore 0x03d7a7ed WebCore::EventHandler::handleDrag(WebCore::MouseEventWithHitTestResults const&) + 2203 (EventHandler.cpp:2285) 2 com.apple.WebCore 0x03d7b922 WebCore::EventHandler::handleMouseDraggedEvent(WebCore::MouseEventWithHitTestResults const&) + 32 (EventHandler.cpp:412) 3 com.apple.WebCore 0x03d7c226 WebCore::EventHandler::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&, WebCore::HitTestResult*) + 1720 (EventHandler.cpp:1384) 4 com.apple.WebCore 0x03d819dc WebCore::EventHandler::mouseDragged(NSEvent*) + 324 (EventHandlerMac.mm:569) 5 com.apple.WebKit 0x009e7c3d -[WebHTMLView mouseDragged:] + 307 (WebHTMLView.mm:3411) 6 DumpRenderTree 0x0001006d -[EventSendingController mouseMoveToX:Y:] + 957 (EventSendingController.mm:415) 7 com.apple.CoreFoundation 0x9214791d __invoking___ + 29 8 com.apple.CoreFoundation 0x92147308 -[NSInvocation invoke] + 136 9 DumpRenderTree 0x000104b0 +[EventSendingController replaySavedEvents] + 140 (EventSendingController.mm:462) 10 DumpRenderTree 0x0000f8c7 -[EventSendingController mouseUp:] + 255 (EventSendingController.mm:343) 11 com.apple.CoreFoundation 0x9214791d __invoking___ + 29 12 com.apple.CoreFoundation 0x92147308 -[NSInvocation invoke] + 136 13 com.apple.WebCore 0x041b4b30 JSC::Bindings::ObjcInstance::invokeMethod(JSC::ExecState*, WTF::Vector<JSC::Bindings::Method*, 0ul> const&, JSC::ArgList const&) + 1726 (objc_instance.mm:221) 14 com.apple.WebCore 0x0430f83c __ZN3JSCL17callRuntimeMethodEPNS_9ExecStateEPNS_8JSObjectENS_7JSValueERKNS_7ArgListE + 446 (runtime_method.cpp:114) 15 com.apple.JavaScriptCore 0x005c7817 cti_op_call_NotJSFunction + 597 (JITStubs.cpp:1601) 16 com.apple.JavaScriptCore 0x005bfb50 jscGeneratedNativeCode + 0 (JITStubs.cpp:798) 17 com.apple.JavaScriptCore 0x0059f5a9 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*, JSC::JSValue*) + 67 (JITCode.h:79) 18 com.apple.JavaScriptCore 0x0058b964 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*, JSC::JSValue*) + 796 (Interpreter.cpp:655) 19 com.apple.JavaScriptCore 0x004dfd03 JSC::evaluate(JSC::ExecState*, JSC::ScopeChain&, JSC::SourceCode const&, JSC::JSValue) + 297 (Completion.cpp:60) 20 com.apple.WebCore 0x0431beb7 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) + 541 (ScriptController.cpp:115) 21 com.apple.WebCore 0x03dcd280 WebCore::FrameLoader::executeScript(WebCore::ScriptSourceCode const&) + 176 (FrameLoader.cpp:776) 22 com.apple.WebCore 0x03e9af36 WebCore::HTMLTokenizer::scriptExecution(WebCore::ScriptSourceCode const&, WebCore::HTMLTokenizer::State) + 202 (HTMLTokenizer.cpp:561) 23 com.apple.WebCore 0x03e9bbdb WebCore::HTMLTokenizer::scriptHandler(WebCore::HTMLTokenizer::State) + 1699 (HTMLTokenizer.cpp:503) 24 com.apple.WebCore 0x03e9c287 WebCore::HTMLTokenizer::parseNonHTMLText(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) + 1067 (HTMLTokenizer.cpp:350) 25 com.apple.WebCore 0x03e9e788 WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) + 7904 (HTMLTokenizer.cpp:1520) 26 com.apple.WebCore 0x03e9f218 WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) + 1710 (HTMLTokenizer.cpp:1748) 27 com.apple.WebCore 0x03e9b4b9 WebCore::HTMLTokenizer::notifyFinished(WebCore::CachedResource*) + 887 (HTMLTokenizer.cpp:2053) 28 com.apple.WebCore 0x03b3e2e0 WebCore::CachedScript::checkNotify() + 86 (CachedScript.cpp:104) 29 com.apple.WebCore 0x03b3e3a6 WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) + 142 (CachedScript.cpp:96) 30 com.apple.WebCore 0x04158274 WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader*) + 464 (loader.cpp:367) 31 com.apple.WebCore 0x0437f096 WebCore::SubresourceLoader::didFinishLoading() + 176 (SubresourceLoader.cpp:185) 32 com.apple.WebCore 0x04302c48 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) + 24 (ResourceLoader.cpp:404) 33 com.apple.WebCore 0x042ffec7 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 215 (ResourceHandleMac.mm:724) 34 com.apple.Foundation 0x94b75497 -[NSURLConnection(NSURLConnectionReallyInternal) sendDidFinishLoading] + 87 35 com.apple.Foundation 0x94b75403 _NSURLConnectionDidFinishLoading + 147 36 com.apple.CFNetwork 0x92642ba4 URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue*) + 212 37 com.apple.CFNetwork 0x926438fa URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 310 38 com.apple.CFNetwork 0x92643baa URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 998 39 com.apple.CFNetwork 0x92642370 URLConnectionClient::processEvents() + 104 40 com.apple.CFNetwork 0x925efd03 MultiplexerSource::perform() + 189 41 com.apple.CoreFoundation 0x920c83c5 CFRunLoopRunSpecific + 3141 42 com.apple.CoreFoundation 0x920c8aa8 CFRunLoopRunInMode + 88 43 com.apple.Foundation 0x94b443d5 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 213 44 DumpRenderTree 0x0000bfdf runTest(std::basic_string<char, std::char_traits<char>, std::allocator<char> > const&) + 1583 45 DumpRenderTree 0x0000c429 runTestingServerLoop() + 117 46 DumpRenderTree 0x0000c5b5 dumpRenderTree(int, char const**) + 241 47 DumpRenderTree 0x0000c7d0 main + 94 (DumpRenderTree.mm:631) 48 DumpRenderTree 0x00002e76 start + 54
Attachments
modified layout-test that causes the crash when run in DRT (6.19 KB, text/html)
2009-09-09 11:58 PDT, Jens Alfke 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Jens Alfke
Comment 1 2009-09-09 11:58:23 PDT
Created attachment 39288 [details] modified layout-test that causes the crash when run in DRT
Note You need to log in before you can comment on or make changes to this bug.