RESOLVED FIXED Bug 41013
Crash when the renderer for the button in <input type="number"> goes away during event handling 
https://bugs.webkit.org/show_bug.cgi?id=41013
Summary Crash when the renderer for the button in <input type="number"> goes away dur...
Adele Peterson
Reported 2010-06-22 15:12:31 PDT
0 com.apple.WebCore 0x903ab9f6 WebCore::RenderObject::absoluteToLocal(WebCore::FloatPoint, bool, bool) const + 86 1 com.apple.WebCore 0x90953910 WebCore::SpinButtonElement::defaultEventHandler(WebCore::Event*) + 240 2 com.apple.WebCore 0x904828a2 WebCore::RenderTextControlSingleLine::forwardEvent(WebCore::Event*) + 706 3 com.apple.WebCore 0x90481343 WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event*) + 995 4 com.apple.WebCore 0x903230dd WebCore::Node::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>) + 957 5 com.apple.WebCore 0x90322c14 WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 212 6 com.apple.WebCore 0x903aac85 WebCore::Node::dispatchMouseEvent(WebCore::AtomicString const&, int, int, int, int, int, int, bool, bool, bool, bool, bool, WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) + 741 7 com.apple.WebCore 0x903aa963 WebCore::Node::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WebCore::AtomicString const&, int, WebCore::Node*) + 163 8 com.apple.WebCore 0x903aa40a WebCore::EventHandler::updateMouseEventTargetNode(WebCore::Node*, WebCore::PlatformMouseEvent const&, bool) + 634 9 com.apple.WebCore 0x903a9d9e WebCore::EventHandler::dispatchMouseEvent(WebCore::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 78 10 com.apple.WebCore 0x903a697c WebCore::EventHandler::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&, WebCore::HitTestResult*) + 1404 11 com.apple.WebCore 0x903a6325 WebCore::EventHandler::mouseMoved(WebCore::PlatformMouseEvent const&) + 69 12 com.apple.WebCore 0x903a5cd7 WebCore::EventHandler::mouseMoved(NSEvent*) + 231 13 com.apple.WebKit 0x92d30bd8 -[WebHTMLView(WebPrivate) _updateMouseoverWithEvent:] + 872 I have a fix for this.
Attachments
patch (4.97 KB, patch)
2010-06-22 15:30 PDT, Adele Peterson 		no flags
DetailsFormatted DiffDiff
patch (4.97 KB, patch)
2010-06-22 16:57 PDT, Adele Peterson 		darin: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Adele Peterson
Comment 1 2010-06-22 15:24:46 PDT
<rdar://problem/8119839>
Adele Peterson
Comment 2 2010-06-22 15:30:19 PDT
Created attachment 59422 [details] patch This is a nil check fix. I suspect that the test will not trigger the crash on all platforms due to different metrics for the spinner button. Since it definitely does trigger the crash on Mac and won't cause harm on the other platforms, it seems fine for now.
WebKit Review Bot
Comment 3 2010-06-22 15:33:22 PDT
Attachment 59422 [details] did not pass style-queue: Failed to run "['WebKitTools/Scripts/check-webkit-style', '--no-squash']" exit_code: 1 WebCore/rendering/TextControlInnerElements.cpp:274: This { should be at the end of the previous line [whitespace/braces] [4] Total errors found: 1 in 5 files If any of these errors are false positives, please file a bug against check-webkit-style.
Adele Peterson
Comment 4 2010-06-22 16:57:53 PDT
Created attachment 59445 [details] patch
Adele Peterson
Comment 5 2010-06-22 18:27:16 PDT
Committed revision 61645.
WebKit Review Bot
Comment 6 2010-06-22 18:49:47 PDT
http://trac.webkit.org/changeset/61645 might have broken Qt Linux Release
Note You need to log in before you can comment on or make changes to this bug.