Bug 30150 - REGRESSION: Crash when accessing clipboardData.types
Summary: REGRESSION: Crash when accessing clipboardData.types
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.6
: P1 Critical
Assignee: Alexey Proskuryakov
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2009-10-06 21:51 PDT by Taiyo Fujii
Modified: 2009-10-13 15:03 PDT (History)
0 users

See Also:

Attachments
test case (crash) (247 bytes, text/html)
2009-10-07 09:33 PDT, Alexey Proskuryakov 		no flags Details
proposed fix (5.00 KB, patch)
2009-10-13 14:54 PDT, Alexey Proskuryakov 		mitz: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Taiyo Fujii 2009-10-06 21:51:35 PDT 
Accessing to clipboardData.types make WebKit.app (6531.9, r49209) to crash.

-Reproduce
1. Assign following any website contains elements which is capable to be pasted.
 document.body.addEventListener("paste" , function(e){window.console.log(e.clipboardData.types)}, true)

2. Do "Paste" onto element
3. WebKit.app crashes.


-Additional information
This problem does not occur on Safari 4.0.3 (6531.9)
Comment 1 Alexey Proskuryakov 2009-10-07 09:33:05 PDT 
Created attachment 40794 [details]
test case (crash)

#0	0x02205069 in WebCore::StringImpl::hash at StringImpl.h:112
#1	0x0220790d in WebCore::StringHash::hash at StringHash.h:70
#2	0x0220a69d in WTF::IdentityHashTranslator<WebCore::String, WebCore::String, WebCore::StringHash>::hash at HashTable.h:277
#3	0x020f10a5 in WTF::HashTable<WebCore::String, WebCore::String, WTF::IdentityExtractor<WebCore::String>, WebCore::StringHash, WTF::HashTraits<WebCore::String>, WTF::HashTraits<WebCore::String> >::add<WebCore::String, WebCore::String, WTF::IdentityHashTranslator<WebCore::String, WebCore::String, WebCore::StringHash> > at HashTable.h:634
#4	0x020f138a in WTF::HashTable<WebCore::String, WebCore::String, WTF::IdentityExtractor<WebCore::String>, WebCore::StringHash, WTF::HashTraits<WebCore::String>, WTF::HashTraits<WebCore::String> >::add at HashTable.h:315
#5	0x0222087e in WTF::HashSet<WebCore::String, WebCore::StringHash, WTF::HashTraits<WebCore::String> >::add at HashSet.h:210
#6	0x02140125 in WebCore::addHTMLClipboardTypesForCocoaType at ClipboardMac.mm:126
#7	0x021402e3 in WebCore::ClipboardMac::types at ClipboardMac.mm:285
#8	0x0253e92b in WebCore::JSClipboard::types at JSClipboardCustom.cpp:55
#9	0x0253d066 in WebCore::jsClipboardTypes at JSClipboard.cpp:182
#10	0x0098eaa7 in JSC::PropertySlot::getValue at PropertySlot.h:62
#11	0x009d6375 in JSC::JSValue::get at JSObject.h:610
#12	0x00a30f14 in cti_op_get_by_id at JITStubs.cpp:1203
#13	0x00a26fba in WTF::doubleHash at HashTable.h:437
#14	0x00a0696f in JSC::JITCode::execute at JITCode.h:79
#15	0x009f2975 in JSC::Interpreter::execute at Interpreter.cpp:724
#16	0x009584ed in JSC::JSFunction::call at JSFunction.cpp:120
#17	0x009585c9 in JSC::call at CallData.cpp:39
#18	0x025bb71c in WebCore::JSEventListener::handleEvent at JSEventListener.cpp:112
<...>
Comment 2 Alexey Proskuryakov 2009-10-07 09:35:07 PDT 
<rdar://problem/7283540>
Comment 3 Alexey Proskuryakov 2009-10-13 14:54:42 PDT 
Created attachment 41130 [details]
proposed fix

This was also causing crashes on drag&drop for me.
Comment 4 Alexey Proskuryakov 2009-10-13 15:03:13 PDT 
Fixed in <http://trac.webkit.org/changeset/49513>.