Whenever I press Command-Control-d over some text to bring up the floating dictionary window, Webkit gets the spinning wheel and crashes. Process: Safari [705] Path: /Applications/WebKit.app/Contents/MacOS/WebKit Identifier: org.webkit.nightly.WebKit Version: r65052 (65052) Code Type: PPC (Native) Parent Process: launchd [110] Date/Time: 2010-08-10 13:24:58.447 -0400 OS Version: Mac OS X 10.5.8 (9L30) Report Version: 6 Anonymous UUID: F41C1802-6457-4B49-A738-107FEBA3B7F7 Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000000 Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.WebCore 0x01497e18 WebCore::AccessibilityRenderObject::visiblePositionForPoint(WebCore::IntPoint const&) const + 408 1 com.apple.WebCore 0x0148c164 -[AccessibilityObjectWrapper accessibilityAttributeValue:forParameter:] + 2532 2 ....DictionaryServiceComponent 0x1d370ff4 DSAXGetTextOrigin + 1028 3 ....DictionaryServiceComponent 0x1d370908 DSAXGetTextUnderMouse + 432 4 ....DictionaryServiceComponent 0x1d36fb70 DSGetTextUnderMouse + 1024 5 ....DictionaryServiceComponent 0x1d3702cc DSInitializeMessageReceiving + 616 6 com.apple.CoreFoundation 0x920e9258 __CFMessagePortPerform + 324 7 com.apple.CoreFoundation 0x92109630 CFRunLoopRunSpecific + 2480 8 com.apple.HIToolbox 0x90c09b14 RunCurrentEventLoopInMode + 264 9 com.apple.HIToolbox 0x90c09938 ReceiveNextEventCommon + 412 10 com.apple.HIToolbox 0x90c09778 BlockUntilNextEventMatchingListInMode + 84 11 com.apple.AppKit 0x93151244 _DPSNextEvent + 596 12 com.apple.AppKit 0x93150bfc -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 112 13 com.apple.Safari 0x000191c4 0x1000 + 98756 14 com.apple.AppKit 0x9314a89c -[NSApplication run] + 744 15 com.apple.AppKit 0x9311b298 NSApplicationMain + 440 16 com.apple.Safari 0x0000b7c8 0x1000 + 42952
interesting. i think this is a dupe of other bugs (in radar, not yet in webkit) it looks like dictionary services is using accessibility to get text, which is new to me. Kevin, can you attach the whole crash report. we might be able to get line numbers out of it
Created attachment 64130 [details] Full Crash Log
looks like DictionaryServices changed and no longer uses that method, so this crash report only exists in leopard. i suspect that the problem still exists in webkit however. there's a lot of potential places we'd be accessing a null pointer in that method.
Any update on this crash bug? Still around with the latest webkit and Safari 5.0.2.
(In reply to comment #4) > Any update on this crash bug? Still around with the latest webkit and Safari 5.0.2. I'm testing right now on 10.6.4 and 5.0.2 and i'm not running into a crash. do you have a website that this always happens on? can you give any other info
You previously mentioned that the crash only exists in Leopard, so I would expect 10.6.4 to be fine based on that. The crash is with the dictionary function and happens anywhere regardless of which web site it's on.
(In reply to comment #6) > You previously mentioned that the crash only exists in Leopard, so I would expect 10.6.4 to be fine based on that. > > The crash is with the dictionary function and happens anywhere regardless of which web site it's on. sorry meant to say latest 10.5
Are you making sure you're running Webkit. Straight Safari 5.0.2 under 10.5.8 works fine. It's the latest Webkit in that combination that crashes on me.
regression from https://bugs.webkit.org/show_bug.cgi?id=43632
<rdar://problem/8421449>
Created attachment 67369 [details] patch
Comment on attachment 67369 [details] patch Wouldn't it be easier just to change the later line to use render() instead of renderBoxModelObject()?
http://trac.webkit.org/changeset/67390