RESOLVED FIXED 30150
REGRESSION: Crash when accessing clipboardData.types 
https://bugs.webkit.org/show_bug.cgi?id=30150
Summary REGRESSION: Crash when accessing clipboardData.types
Taiyo Fujii
Reported 2009-10-06 21:51:35 PDT
Accessing to clipboardData.types make WebKit.app (6531.9, r49209) to crash. -Reproduce 1. Assign following any website contains elements which is capable to be pasted. document.body.addEventListener("paste" , function(e){window.console.log(e.clipboardData.types)}, true) 2. Do "Paste" onto element 3. WebKit.app crashes. -Additional information This problem does not occur on Safari 4.0.3 (6531.9)
Attachments
test case (crash) (247 bytes, text/html)
2009-10-07 09:33 PDT, Alexey Proskuryakov 		no flags
Details
proposed fix (5.00 KB, patch)
2009-10-13 14:54 PDT, Alexey Proskuryakov 		mitz: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2009-10-07 09:33:05 PDT
Created attachment 40794 [details] test case (crash) #0 0x02205069 in WebCore::StringImpl::hash at StringImpl.h:112 #1 0x0220790d in WebCore::StringHash::hash at StringHash.h:70 #2 0x0220a69d in WTF::IdentityHashTranslator<WebCore::String, WebCore::String, WebCore::StringHash>::hash at HashTable.h:277 #3 0x020f10a5 in WTF::HashTable<WebCore::String, WebCore::String, WTF::IdentityExtractor<WebCore::String>, WebCore::StringHash, WTF::HashTraits<WebCore::String>, WTF::HashTraits<WebCore::String> >::add<WebCore::String, WebCore::String, WTF::IdentityHashTranslator<WebCore::String, WebCore::String, WebCore::StringHash> > at HashTable.h:634 #4 0x020f138a in WTF::HashTable<WebCore::String, WebCore::String, WTF::IdentityExtractor<WebCore::String>, WebCore::StringHash, WTF::HashTraits<WebCore::String>, WTF::HashTraits<WebCore::String> >::add at HashTable.h:315 #5 0x0222087e in WTF::HashSet<WebCore::String, WebCore::StringHash, WTF::HashTraits<WebCore::String> >::add at HashSet.h:210 #6 0x02140125 in WebCore::addHTMLClipboardTypesForCocoaType at ClipboardMac.mm:126 #7 0x021402e3 in WebCore::ClipboardMac::types at ClipboardMac.mm:285 #8 0x0253e92b in WebCore::JSClipboard::types at JSClipboardCustom.cpp:55 #9 0x0253d066 in WebCore::jsClipboardTypes at JSClipboard.cpp:182 #10 0x0098eaa7 in JSC::PropertySlot::getValue at PropertySlot.h:62 #11 0x009d6375 in JSC::JSValue::get at JSObject.h:610 #12 0x00a30f14 in cti_op_get_by_id at JITStubs.cpp:1203 #13 0x00a26fba in WTF::doubleHash at HashTable.h:437 #14 0x00a0696f in JSC::JITCode::execute at JITCode.h:79 #15 0x009f2975 in JSC::Interpreter::execute at Interpreter.cpp:724 #16 0x009584ed in JSC::JSFunction::call at JSFunction.cpp:120 #17 0x009585c9 in JSC::call at CallData.cpp:39 #18 0x025bb71c in WebCore::JSEventListener::handleEvent at JSEventListener.cpp:112 <...>
Alexey Proskuryakov
Comment 2 2009-10-07 09:35:07 PDT
<rdar://problem/7283540>
Alexey Proskuryakov
Comment 3 2009-10-13 14:54:42 PDT
Created attachment 41130 [details] proposed fix This was also causing crashes on drag&drop for me.
Alexey Proskuryakov
Comment 4 2009-10-13 15:03:13 PDT
Fixed in <http://trac.webkit.org/changeset/49513>.
Note You need to log in before you can comment on or make changes to this bug.