Bug 9879 - REGRESSION: Repro crash when clicking to the side of an anonymous table
Summary: REGRESSION: Repro crash when clicking to the side of an anonymous table
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 420+
Hardware: Mac OS X 10.4
: P1 Normal
Assignee: Nobody
URL:
Keywords: HasReduction, InRadar, Regression
Depends on:
Blocks:
 
Reported: 2006-07-12 11:34 PDT by mitz
Modified: 2006-07-14 05:28 PDT (History)
3 users (show)

See Also:

Attachments
Test case (will crash) (76 bytes, text/html)
2006-07-12 11:38 PDT, mitz 		no flags Details
One-liner patch with layout test and change log entry (52.35 KB, patch)
2006-07-12 12:47 PDT, mitz 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description mitz 2006-07-12 11:34:35 PDT 
Clicking to the right of the text in the test case causes TOT to crash with the following backtrace:

#0  0x01aa9cac in WebCore::maxDeepOffset (node=0x0) at WebCore/editing/htmlediting.cpp:321
#1  0x01a18618 in WebCore::RenderContainer::positionForCoordinates (this=0x196d682c, x=89, y=73) at WebCore/rendering/RenderContainer.cpp:511
#2  0x019f9cfc in WebCore::RenderBlock::positionForCoordinates (this=0x196d682c, x=89, y=73) at WebCore/rendering/RenderBlock.cpp:2607
#3  0x019fa7d8 in WebCore::RenderBlock::positionForCoordinates (this=0x196d65cc, x=89, y=73) at WebCore/rendering/RenderBlock.cpp:2700
#4  0x01ce78f4 in WebCore::RenderObject::positionForPoint (this=0x196d65cc, point=@0xbfffe2dc) at WebCore/page/ResourceRequest.h:531
#5  0x01922d34 in WebCore::Frame::handleMousePressEventSingleClick (this=0x14a5b990, event=@0xbfffe7f0) at WebCore/page/Frame.cpp:1823
#6  0x01923700 in WebCore::Frame::handleMousePressEvent (this=0x14a5b990, event=@0xbfffe7f0) at WebCore/page/Frame.cpp:1874
#7  0x01935ed0 in WebCore::FrameMac::handleMousePressEvent (this=0x14a5b990, event=@0xbfffe7f0) at WebCore/bridge/mac/FrameMac.mm:1423
#8  0x0194946c in WebCore::FrameView::handleMousePressEvent (this=0x1960f440, mouseEvent=@0xbfffebc0) at WebCore/page/FrameView.cpp:584
#9  0x01935b74 in WebCore::FrameMac::mouseDown (this=0x14a5b990, event=0x19614090) at WebCore/bridge/mac/FrameMac.mm:1983
#10 0x01967e88 in -[WebCoreFrameBridge mouseDown:] (self=0x14a61c70, _cmd=0x90aa0330, event=0x19614090) at WebCore/bridge/mac/WebCoreFrameBridge.mm:1030
#11 0x00372e8c in -[WebHTMLView mouseDown:] (self=0x179feab0, _cmd=0x90aa0330, event=0x19614090) at WebKit/WebView/WebHTMLView.m:2858
#12 0x9374a890 in -[NSWindow sendEvent:] ()
#13 0x00021734 in ?? ()
#14 0x936f38d4 in -[NSApplication sendEvent:] ()
#15 0x00021238 in ?? ()
#16 0x936ead10 in -[NSApplication run] ()
#17 0x937db87c in NSApplicationMain ()
#18 0x0005c77c in ?? ()
#19 0x0005c624 in ?? ()
Comment 1 mitz 2006-07-12 11:38:35 PDT 
Created attachment 9408 [details]
Test case (will crash)
Comment 2 mitz 2006-07-12 12:47:36 PDT 
Created attachment 9412 [details]
One-liner patch with layout test and change log entry
Comment 3 Darin Adler 2006-07-12 14:25:57 PDT 
Comment on attachment 9412 [details]
One-liner patch with layout test and change log entry

r=me
Comment 4 David Kilzer (:ddkilzer) 2006-07-12 21:48:39 PDT 
This one is waiting for a Radar bug to be created before it can be committed.
Comment 5 Darin Adler 2006-07-13 10:14:47 PDT 
<rdar://problem/4628129> REGRESSION: Repro crash when clicking to the side of an anonymous table
Comment 6 David Kilzer (:ddkilzer) 2006-07-13 22:20:22 PDT 
This patch (attachment 9412 [details]) has bit-rotted after Justin committed r15401:

<rdar://problem/4509393> selected DOM range starts with <object>, 0 offset but selection should include the <object>

This changed the infamous one-line to this:

-    if (isTable()) {
+    if (isTable() && element()) {

I reran the included test, and it passed.  I suggest landing just the layout tests for this one.  Thoughts?
Comment 7 David Kilzer (:ddkilzer) 2006-07-13 22:24:40 PDT 
Comment on attachment 9412 [details]
One-liner patch with layout test and change log entry

Clearing review flag due to bit rottedness.  See Comment #6.
Comment 8 mitz 2006-07-14 01:17:44 PDT 
(In reply to comment #6)
> I suggest landing just the layout
> tests for this one.  Thoughts?

Seems reasonable.
Comment 9 David Kilzer (:ddkilzer) 2006-07-14 05:28:18 PDT 
Committed revision 15425.

Note that only the layout test part of this patch (attachment 9412 [details]) was committed.  (I probably shouldn't have cleared Darin's r=me.)  See Comment # 6 for details.