Bug 78587 - REGRESSION(r99369?): Crash on http://www.sendspace.com/
Summary: REGRESSION(r99369?): Crash on http://www.sendspace.com/
Status: RESOLVED DUPLICATE of bug 80648
Alias: None
Product: WebKit
Classification: Unclassified
Component: Forms (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P1 Major
Assignee: Nobody
URL:
Keywords: InRadar, Regression
Depends on: 13897
Blocks:
  Show dependency treegraph
 
Reported: 2012-02-14 01:16 PST by Kent Tamura
Modified: 2012-03-08 17:11 PST (History)
3 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kent Tamura 2012-02-14 01:16:10 PST 
http://code.google.com/p/chromium/issues/detail?id=113630

Dragging files on an <input type=file> in www.sendspace.com causes a crash.


Stack trace on Google Chrome 17:

Thread 0 *CRASHED* ( EXC_BAD_ACCESS / KERN_PROTECTION_FAILURE @ 0x00000000 )

0x6823cca1	 [Google Chrome Framework	 - HTMLInputElement.cpp:1425]	WebCore::HTMLInputElement::setCanReceiveDroppedFiles
0x68626abf	 [Google Chrome Framework	 - DragController.cpp:337]	WebCore::DragController::tryDocumentDrag
0x68625136	 [Google Chrome Framework	 - DragController.cpp:253]	WebCore::DragController::dragEnteredOrUpdated
0x6862548e	 [Google Chrome Framework	 - DragController.cpp:192]	WebCore::DragController::dragUpdated
0x6805c63a	 [Google Chrome Framework	 - WebViewImpl.cpp:2295]	WebKit::WebViewImpl::dragTargetDragEnterOrOver
0x6805c6ef	 [Google Chrome Framework	 - WebViewImpl.cpp:2229]	WebKit::WebViewImpl::dragTargetDragOver
0x68f86d1e	 [Google Chrome Framework	 - render_view_impl.cc:3796]	RenderViewImpl::OnMessageReceived
Comment 1 Alexey Proskuryakov 2012-02-14 10:48:26 PST 
Crashing on this line:

    renderer()->updateFromElement();
Comment 2 Alexey Proskuryakov 2012-02-14 10:48:41 PST 
<rdar://problem/10861627>
Comment 3 Berend-Jan Wever 2012-02-17 03:48:03 PST 
From a dup it looks like the underlying problem is that a dragging something over an HTMLInputElement while modifying that element causes this NULL ptr.
Comment 4 Kent Tamura 2012-03-08 17:11:22 PST 

*** This bug has been marked as a duplicate of bug 80648 ***