Bug 41013 - Crash when the renderer for the button in <input type="number"> goes away during event handling
Summary: Crash when the renderer for the button in <input type="number"> goes away dur...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Forms (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC OS X 10.5
: P2 Normal
Assignee: Adele Peterson
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2010-06-22 15:12 PDT by Adele Peterson
Modified: 2010-06-22 18:49 PDT (History)
3 users (show)

See Also:

Attachments
patch (4.97 KB, patch)
2010-06-22 15:30 PDT, Adele Peterson 		no flags Details | Formatted Diff | Diff
patch (4.97 KB, patch)
2010-06-22 16:57 PDT, Adele Peterson 		darin: review+
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Adele Peterson 2010-06-22 15:12:31 PDT 
0   com.apple.WebCore             	0x903ab9f6 WebCore::RenderObject::absoluteToLocal(WebCore::FloatPoint, bool, bool) const + 86
1   com.apple.WebCore             	0x90953910 WebCore::SpinButtonElement::defaultEventHandler(WebCore::Event*) + 240
2   com.apple.WebCore             	0x904828a2 WebCore::RenderTextControlSingleLine::forwardEvent(WebCore::Event*) + 706
3   com.apple.WebCore             	0x90481343 WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event*) + 995
4   com.apple.WebCore             	0x903230dd WebCore::Node::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>) + 957
5   com.apple.WebCore             	0x90322c14 WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 212
6   com.apple.WebCore             	0x903aac85 WebCore::Node::dispatchMouseEvent(WebCore::AtomicString const&, int, int, int, int, int, int, bool, bool, bool, bool, bool, WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) + 741
7   com.apple.WebCore             	0x903aa963 WebCore::Node::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WebCore::AtomicString const&, int, WebCore::Node*) + 163
8   com.apple.WebCore             	0x903aa40a WebCore::EventHandler::updateMouseEventTargetNode(WebCore::Node*, WebCore::PlatformMouseEvent const&, bool) + 634
9   com.apple.WebCore             	0x903a9d9e WebCore::EventHandler::dispatchMouseEvent(WebCore::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 78
10  com.apple.WebCore             	0x903a697c WebCore::EventHandler::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&, WebCore::HitTestResult*) + 1404
11  com.apple.WebCore             	0x903a6325 WebCore::EventHandler::mouseMoved(WebCore::PlatformMouseEvent const&) + 69
12  com.apple.WebCore             	0x903a5cd7 WebCore::EventHandler::mouseMoved(NSEvent*) + 231
13  com.apple.WebKit              	0x92d30bd8 -[WebHTMLView(WebPrivate) _updateMouseoverWithEvent:] + 872

I have a fix for this.
Comment 1 Adele Peterson 2010-06-22 15:24:46 PDT 
<rdar://problem/8119839>
Comment 2 Adele Peterson 2010-06-22 15:30:19 PDT 
Created attachment 59422 [details]
patch

This is a nil check fix.

I suspect that the test will not trigger the crash on all platforms due to different metrics for the spinner button.  Since it definitely does trigger the crash on Mac and won't cause harm on the other platforms, it seems fine for now.
Comment 3 WebKit Review Bot 2010-06-22 15:33:22 PDT 
Attachment 59422 [details] did not pass style-queue:

Failed to run "['WebKitTools/Scripts/check-webkit-style', '--no-squash']" exit_code: 1
WebCore/rendering/TextControlInnerElements.cpp:274:  This { should be at the end of the previous line  [whitespace/braces] [4]
Total errors found: 1 in 5 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 4 Adele Peterson 2010-06-22 16:57:53 PDT 
Created attachment 59445 [details]
patch
Comment 5 Adele Peterson 2010-06-22 18:27:16 PDT 
Committed revision 61645.
Comment 6 WebKit Review Bot 2010-06-22 18:49:47 PDT 
http://trac.webkit.org/changeset/61645 might have broken Qt Linux Release