RESOLVED FIXED 9879
REGRESSION: Repro crash when clicking to the side of an anonymous table 
https://bugs.webkit.org/show_bug.cgi?id=9879
Summary REGRESSION: Repro crash when clicking to the side of an anonymous table
mitz
Reported 2006-07-12 11:34:35 PDT
Clicking to the right of the text in the test case causes TOT to crash with the following backtrace: #0  0x01aa9cac in WebCore::maxDeepOffset (node=0x0) at WebCore/editing/htmlediting.cpp:321 #1  0x01a18618 in WebCore::RenderContainer::positionForCoordinates (this=0x196d682c, x=89, y=73) at WebCore/rendering/RenderContainer.cpp:511 #2  0x019f9cfc in WebCore::RenderBlock::positionForCoordinates (this=0x196d682c, x=89, y=73) at WebCore/rendering/RenderBlock.cpp:2607 #3  0x019fa7d8 in WebCore::RenderBlock::positionForCoordinates (this=0x196d65cc, x=89, y=73) at WebCore/rendering/RenderBlock.cpp:2700 #4  0x01ce78f4 in WebCore::RenderObject::positionForPoint (this=0x196d65cc, point=@0xbfffe2dc) at WebCore/page/ResourceRequest.h:531 #5  0x01922d34 in WebCore::Frame::handleMousePressEventSingleClick (this=0x14a5b990, event=@0xbfffe7f0) at WebCore/page/Frame.cpp:1823 #6  0x01923700 in WebCore::Frame::handleMousePressEvent (this=0x14a5b990, event=@0xbfffe7f0) at WebCore/page/Frame.cpp:1874 #7  0x01935ed0 in WebCore::FrameMac::handleMousePressEvent (this=0x14a5b990, event=@0xbfffe7f0) at WebCore/bridge/mac/FrameMac.mm:1423 #8  0x0194946c in WebCore::FrameView::handleMousePressEvent (this=0x1960f440, mouseEvent=@0xbfffebc0) at WebCore/page/FrameView.cpp:584 #9  0x01935b74 in WebCore::FrameMac::mouseDown (this=0x14a5b990, event=0x19614090) at WebCore/bridge/mac/FrameMac.mm:1983 #10 0x01967e88 in -[WebCoreFrameBridge mouseDown:] (self=0x14a61c70, _cmd=0x90aa0330, event=0x19614090) at WebCore/bridge/mac/WebCoreFrameBridge.mm:1030 #11 0x00372e8c in -[WebHTMLView mouseDown:] (self=0x179feab0, _cmd=0x90aa0330, event=0x19614090) at WebKit/WebView/WebHTMLView.m:2858 #12 0x9374a890 in -[NSWindow sendEvent:] () #13 0x00021734 in ?? () #14 0x936f38d4 in -[NSApplication sendEvent:] () #15 0x00021238 in ?? () #16 0x936ead10 in -[NSApplication run] () #17 0x937db87c in NSApplicationMain () #18 0x0005c77c in ?? () #19 0x0005c624 in ?? ()
Attachments
Test case (will crash) (76 bytes, text/html)
2006-07-12 11:38 PDT, mitz 		no flags
Details
One-liner patch with layout test and change log entry (52.35 KB, patch)
2006-07-12 12:47 PDT, mitz 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
mitz
Comment 1 2006-07-12 11:38:35 PDT
Created attachment 9408 [details] Test case (will crash)
mitz
Comment 2 2006-07-12 12:47:36 PDT
Created attachment 9412 [details] One-liner patch with layout test and change log entry
Darin Adler
Comment 3 2006-07-12 14:25:57 PDT
Comment on attachment 9412 [details] One-liner patch with layout test and change log entry r=me
David Kilzer (:ddkilzer)
Comment 4 2006-07-12 21:48:39 PDT
This one is waiting for a Radar bug to be created before it can be committed.
Darin Adler
Comment 5 2006-07-13 10:14:47 PDT
<rdar://problem/4628129> REGRESSION: Repro crash when clicking to the side of an anonymous table
David Kilzer (:ddkilzer)
Comment 6 2006-07-13 22:20:22 PDT
This patch (attachment 9412 [details]) has bit-rotted after Justin committed r15401: <rdar://problem/4509393> selected DOM range starts with <object>, 0 offset but selection should include the <object> This changed the infamous one-line to this: -    if (isTable()) { +    if (isTable() && element()) { I reran the included test, and it passed.  I suggest landing just the layout tests for this one.  Thoughts?
David Kilzer (:ddkilzer)
Comment 7 2006-07-13 22:24:40 PDT
Comment on attachment 9412 [details] One-liner patch with layout test and change log entry Clearing review flag due to bit rottedness.  See Comment #6.
mitz
Comment 8 2006-07-14 01:17:44 PDT
(In reply to comment #6) > I suggest landing just the layout > tests for this one.  Thoughts? Seems reasonable.
David Kilzer (:ddkilzer)
Comment 9 2006-07-14 05:28:18 PDT
Committed revision 15425. Note that only the layout test part of this patch (attachment 9412 [details]) was committed.  (I probably shouldn't have cleared Darin's r=me.)  See Comment # 6 for details.
Note You need to log in before you can comment on or make changes to this bug.