RESOLVED FIXED 32433
REGRESSION (r51567): Right click on a link element crashes WebKit nightly 
https://bugs.webkit.org/show_bug.cgi?id=32433
Summary REGRESSION (r51567): Right click on a link element crashes WebKit nightly
Mihnea Ovidenie
Reported 2009-12-11 08:01:49 PST
Created attachment 44690 [details] User dmp on WinXP Steps to reproduce: 1. I am using WebKit 51951 on WindowsXP SP3/Windows Vista. 2. I run WebKit.exe from the nightly. 3. Load any url - webkit.org for instance 4. right-click on any link in the page 5. WebKit crashes Regards, Mihnea
Attachments
User dmp on WinXP (55.03 KB, application/octet-stream)
2009-12-11 08:01 PST, Mihnea Ovidenie 		no flags
Details
DR watson log on WinXP (144.12 KB, application/octet-stream)
2009-12-11 08:02 PST, Mihnea Ovidenie 		no flags
Details
Change IWebFramePrivate's vtable to be compatible with Safari 4.0.4 (1.94 KB, patch)
2009-12-14 09:44 PST, Adam Roben (:aroben) 		sfalken: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Mihnea Ovidenie
Comment 1 2009-12-11 08:02:26 PST
Created attachment 44691 [details] DR watson log on WinXP
Adam Roben (:aroben)
Comment 2 2009-12-11 19:23:01 PST
I can't reproduce using Safari 4.0.4 and WebKit r51951.
Adam Roben (:aroben)
Comment 3 2009-12-11 19:26:45 PST
(In reply to comment #2) > I can't reproduce using Safari 4.0.4 and WebKit r51951. Oh, wait, yes I can! Here's a better backtrace: 00000000() Safari.dll!SafariView::contextMenuForElement() + 0x24 bytes C++ Safari.dll!BrowserDelegate::contextMenuItemsForElement() C++ > WebKit.dll!WebContextMenuClient::getCustomMenuFromDefaultItems(WebCore::ContextMenu * menu=0x7ed4daa0) Line 107 + 0x1a bytes C++ WebKit.dll!WebCore::ContextMenuController::showContextMenu(WebCore::Event * event=0x7eb0fd80) Line 136 C++ WebKit.dll!WebCore::ContextMenuController::handleContextMenuEvent(WebCore::Event * event=) Line 96 C++ WebKit.dll!WebCore::Node::defaultEventHandler(WebCore::Event * event=0x7eb0fd80) Line 2831 C++ WebKit.dll!WebCore::HTMLAnchorElement::defaultEventHandler(WebCore::Event * evt=0x7eb0fd80) Line 236 C++ WebKit.dll!WebCore::Node::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event> prpEvent={...}) Line 2560 C++ WebKit.dll!WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event> prpEvent={...}) Line 2445 + 0xb bytes C++ WebKit.dll!WebCore::Node::dispatchMouseEvent(const WebCore::AtomicString & eventType={...}, int button=2, int detail=0, int pageX=376, int pageY=308, int screenX=568, int screenY=419, bool ctrlKey=false, bool altKey=false, bool shiftKey=false, bool metaKey=false, bool isSimulated=false, WebCore::Node * relatedTargetArg=0x00000000, WTF::PassRefPtr<WebCore::Event> underlyingEvent={...}) Line 2735 C++ WebKit.dll!WebCore::Node::dispatchMouseEvent(const WebCore::PlatformMouseEvent & event={...}, const WebCore::AtomicString & eventType={...}, int detail=0, WebCore::Node * relatedTarget=0x00000000) Line 2644 C++ WebKit.dll!WebCore::EventHandler::dispatchMouseEvent(const WebCore::AtomicString & eventType={...}, WebCore::Node * targetNode=0x7ec0dc00, bool __formal=true, int clickCount=0, const WebCore::PlatformMouseEvent & mouseEvent={...}, bool setUnder=true) Line 1746 C++ WebKit.dll!WebCore::EventHandler::sendContextMenuEvent(const WebCore::PlatformMouseEvent & event={...}) Line 1920 C++ WebKit.dll!WebView::handleContextMenuEvent(unsigned int wParam=198736, long lParam=0) Line 1164 C++ WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd=, unsigned int message=, unsigned int wParam=, long lParam=) Line 2049 C++ user32.dll!_InternalCallWinProc@20() + 0x23 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_CallWindowProcAorW@24() + 0x5e bytes user32.dll!_CallWindowProcW@20() + 0x1b bytes comctl32.dll!_CallOriginalWndProc@24() + 0x1a bytes comctl32.dll!_CallNextSubclassProc@20() + 0x3d bytes comctl32.dll!_DefSubclassProc@16() + 0x46 bytes comctl32.dll!TTSubclassProc() + 0x3c bytes comctl32.dll!_CallNextSubclassProc@20() + 0x3d bytes comctl32.dll!_MasterSubclassProc@16() + 0x44 bytes user32.dll!_InternalCallWinProc@20() + 0x23 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_RealDefWindowProcWorker@24() + 0x167b bytes user32.dll!_RealDefWindowProcW@16() + 0x2a bytes user32.dll!_DefWindowProcW@16() + 0x54 bytes WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd=0x00030850, unsigned int message=517, unsigned int wParam=0, long lParam=20185464) Line 2145 + 0x10 bytes C++ user32.dll!_InternalCallWinProc@20() + 0x23 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_CallWindowProcAorW@24() + 0x5e bytes user32.dll!_CallWindowProcW@20() + 0x1b bytes comctl32.dll!_CallOriginalWndProc@24() + 0x1a bytes comctl32.dll!_CallNextSubclassProc@20() + 0x3d bytes comctl32.dll!_DefSubclassProc@16() + 0x46 bytes comctl32.dll!TTSubclassProc() + 0x3c bytes comctl32.dll!_CallNextSubclassProc@20() + 0x3d bytes comctl32.dll!_MasterSubclassProc@16() + 0x44 bytes user32.dll!_InternalCallWinProc@20() + 0x23 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_DispatchMessageWorker@8() + 0xed bytes user32.dll!_DispatchMessageW@4() + 0xf bytes Safari.dll!RunMessagePump() + 0x7 bytes C++ Safari.dll!run() C++ Safari.dll!safariMain() 0xa bytes C++ Safari.dll!safariDLLMain() + 0x10 bytes C++ Safari.exe!wWinMain() C++ Safari.exe!__tmainCRTStartup() Line 589 + 0x1c bytes C kernel32.dll!@BaseThreadInitThunk@12() + 0x12 bytes ntdll.dll!___RtlUserThreadStart@8() + 0x27 bytes ntdll.dll!__RtlUserThreadStart@8() + 0x1b bytes
Adam Roben (:aroben)
Comment 4 2009-12-14 09:09:32 PST
Looks like we're crashing while calling IWebDataSource::subresourceForURL.
Adam Roben (:aroben)
Comment 5 2009-12-14 09:10:31 PST
Strange thing is, IWebDataSource hasn't changed since Safari 4.0.4.
Adam Roben (:aroben)
Comment 6 2009-12-14 09:31:01 PST
Looks like when Safari tries to call IWebFramePrivate::allowsFollowingLink, it ends up in WebFrame::isDisplayingStandaloneImage instead. IWebFramePrivate was changed in an incompatible way in r51567 <http://trac.webkit.org/changeset/51567/trunk/WebKit/win/Interfaces/IWebFramePrivate.idl>. I will undo that change and see if that fixes the crash.
Adam Roben (:aroben)
Comment 7 2009-12-14 09:42:52 PST
(In reply to comment #6) > Looks like when Safari tries to call IWebFramePrivate::allowsFollowingLink, it > ends up in WebFrame::isDisplayingStandaloneImage instead. IWebFramePrivate was > changed in an incompatible way in r51567 > <http://trac.webkit.org/changeset/51567/trunk/WebKit/win/Interfaces/IWebFramePrivate.idl>. > I will undo that change and see if that fixes the crash. It does. Patch coming...
Adam Roben (:aroben)
Comment 8 2009-12-14 09:44:02 PST
I guess I had the regression range wrong previously.
Adam Roben (:aroben)
Comment 9 2009-12-14 09:44:55 PST
Created attachment 44804 [details] Change IWebFramePrivate's vtable to be compatible with Safari 4.0.4
Adam Roben (:aroben)
Comment 10 2009-12-14 09:47:04 PST
Committed r52098: <http://trac.webkit.org/changeset/52098>
Note You need to log in before you can comment on or make changes to this bug.