RESOLVED FIXED 99967
Possible assertion hit in WebCore::HTMLSelectElement::updateListBoxSelection() 
https://bugs.webkit.org/show_bug.cgi?id=99967
Summary Possible assertion hit in WebCore::HTMLSelectElement::updateListBoxSelection()
Chris Dumez
Reported 2012-10-22 01:44:07 PDT
We get the following assertion hit in WebCore::HTMLSelectElement::updateListBoxSelection(): Program received signal SIGSEGV, Segmentation fault. 0x00007ffff470b550 in WebCore::HTMLSelectElement::updateListBoxSelection (this=0x4db070, deselectOtherOptions=false) at /home/chris/Devel/WebKit/Source/WebCore/html/HTMLSelectElement.cpp:614 warning: Source file is more recent than executable. 614 ASSERT(!listItems().size() || m_activeSelectionAnchorIndex >= 0); (gdb) bt 25 #0 0x00007ffff470b550 in WebCore::HTMLSelectElement::updateListBoxSelection (this=0x4db070, deselectOtherOptions=false) at /home/chris/Devel/WebKit/Source/WebCore/html/HTMLSelectElement.cpp:614 #1 0x00007ffff470dd7a in WebCore::HTMLSelectElement::listBoxDefaultEventHandler (this=0x4db070, event=0x65c750) at /home/chris/Devel/WebKit/Source/WebCore/html/HTMLSelectElement.cpp:1318 #2 0x00007ffff470e6a7 in WebCore::HTMLSelectElement::defaultEventHandler (this=0x4db070, event=0x65c750) at /home/chris/Devel/WebKit/Source/WebCore/html/HTMLSelectElement.cpp:1442 #3 0x00007ffff451b8e9 in WebCore::EventDispatcher::dispatchEventPostProcess (this=0x7fffffffcc30, event=..., preDispatchEventHandlerResult=0x0) at /home/chris/Devel/WebKit/Source/WebCore/dom/EventDispatcher.cpp:353 #4 0x00007ffff451a986 in WebCore::EventDispatcher::dispatchEvent (this=0x7fffffffcc30, prpEvent=...) at /home/chris/Devel/WebKit/Source/WebCore/dom/EventDispatcher.cpp:259 #5 0x00007ffff4533c96 in WebCore::MouseEventDispatchMediator::dispatchEvent (this=0x41cbc0, dispatcher=0x7fffffffcc30) at /home/chris/Devel/WebKit/Source/WebCore/dom/MouseEvent.cpp:238 #6 0x00007ffff4519a1c in WebCore::EventDispatcher::dispatchEvent (node=0x5ebbf0, mediator=...) at /home/chris/Devel/WebKit/Source/WebCore/dom/EventDispatcher.cpp:127 #7 0x00007ffff4550bc0 in WebCore::Node::dispatchMouseEvent (this=0x5ebbf0, event=..., eventType=..., detail=0, relatedTarget=0x0) at /home/chris/Devel/WebKit/Source/WebCore/dom/Node.cpp:2631 #8 0x00007ffff49c6d29 in WebCore::EventHandler::dispatchMouseEvent (this=0x4a33e0, eventType=..., targetNode=0x5ebbf0, clickCount=0, mouseEvent=..., setUnder=true) at /home/chris/Devel/WebKit/Source/WebCore/page/EventHandler.cpp:2289 #9 0x00007ffff49c4d08 in WebCore::EventHandler::handleMouseMoveEvent (this=0x4a33e0, mouseEvent=..., hoveredNode=0x7fffffffcf80, onlyUpdateScrollbars=false) at /home/chris/Devel/WebKit/Source/WebCore/page/EventHandler.cpp:1835 #10 0x00007ffff49c443b in WebCore::EventHandler::mouseMoved (this=0x4a33e0, event=...) at /home/chris/Devel/WebKit/Source/WebCore/page/EventHandler.cpp:1707 #11 0x00007ffff7f51b4b in ewk_frame_feed_mouse_move (ewkFrame=0x48d2a0, moveEvent=0x7fffffffd2e0) at /home/chris/Devel/WebKit/Source/WebKit/efl/ewk/ewk_frame.cpp:979 #12 0x00007ffff7f72c8d in _ewk_view_smart_mouse_move (smartData=0x4912f0, moveEvent=0x7fffffffd2e0) at /home/chris/Devel/WebKit/Source/WebKit/efl/ewk/ewk_view.cpp:600 #13 0x00007ffff7f7360b in _ewk_view_on_mouse_move (data=0x4912f0, eventInfo=0x7fffffffd2e0) at /home/chris/Devel/WebKit/Source/WebKit/efl/ewk/ewk_view.cpp:710 #14 0x00007ffff7bb8142 in evas_object_event_callback_call (obj=0x48cb20, type=EVAS_CALLBACK_MOUSE_MOVE, event_info=0x7fffffffd2e0, event_id=1237) at evas_callbacks.c:232 #15 0x00007ffff7bb827a in evas_object_event_callback_call (obj=0x48d0c0, type=EVAS_CALLBACK_MOUSE_MOVE, event_info=0x7fffffffd2e0, event_id=1237) at evas_callbacks.c:261 #16 0x00007ffff7bbcbda in evas_event_feed_mouse_move (e=0x480f10, x=308, y=80, timestamp=6908314, data=0x0) at evas_events.c:699 #17 0x00007ffff05d5ed6 in ecore_event_evas_mouse_move (data=<optimized out>, type=<optimized out>, event=0x572a20) at ecore_input_evas.c:238 #18 0x00007ffff7e29100 in _ecore_call_handler_cb (event=<optimized out>, type=<optimized out>, data=<optimized out>, func=<optimized out>) at ecore_private.h:319 #19 _ecore_event_call () at ecore_events.c:559 #20 0x00007ffff7e2d8cc in _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1900 #21 0x00007ffff7e2dd97 in ecore_main_loop_begin () at ecore_main.c:934 #22 0x0000000000406ba3 in main (argc=2, argv=0x7fffffffe608) at /home/chris/Devel/WebKit/Tools/EWebLauncher/main.c:1017 This happens when pressing left mouse button outside a multiselect and then moving the mouse over the multiselect (while keeping the mouse button pressed).
Attachments
Patch (4.50 KB, patch)
2012-10-22 03:54 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (4.43 KB, patch)
2012-10-22 22:49 PDT, Chris Dumez 		tony: review+
tony: commit-queue-
DetailsFormatted DiffDiff
Patch for landing (4.47 KB, patch)
2012-10-23 10:42 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2012-10-22 03:54:15 PDT
Created attachment 169872 [details] Patch
yosin
Comment 2 2012-10-22 18:28:41 PDT
Comment on attachment 169872 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=169872&action=review > Source/WebCore/html/HTMLSelectElement.cpp:1313 > + if (m_activeSelectionAnchorIndex < 0) Should we check m_activeSelectionAnchorIndex only for m_multiple case? Or put this check before L1317 to minimize effect of this change. 1316 if (m_multiple) { 1317 setActiveSelectionEndIndex(listIndex); 1318 updateListBoxSelection(false);
Chris Dumez
Comment 3 2012-10-22 22:47:19 PDT
Comment on attachment 169872 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=169872&action=review >> Source/WebCore/html/HTMLSelectElement.cpp:1313 >> + if (m_activeSelectionAnchorIndex < 0) > > Should we check m_activeSelectionAnchorIndex only for m_multiple case? > Or put this check before L1317 to minimize effect of this change. > > 1316 if (m_multiple) { > 1317 setActiveSelectionEndIndex(listIndex); > 1318 updateListBoxSelection(false); Yes, I'll move it inside the if (m_multiple) case. Thanks.
Chris Dumez
Comment 4 2012-10-22 22:49:42 PDT
Created attachment 170066 [details] Patch Take Yosin's feedback into consideration.
yosin
Comment 5 2012-10-23 00:14:22 PDT
LGTM. Please wait for reviewer's approval. Thanks for fixing nasty bug and quick response!
Tony Chang
Comment 6 2012-10-23 10:35:25 PDT
Comment on attachment 170066 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=170066&action=review > LayoutTests/ChangeLog:10 > + WebCore::HTMLSelectElement::updateListBoxSelection() when doing a pressing > + left button outside a multiselect and then moving the mouse over the "when doing a pressing" is awkward English. I would probably say: "when pressing the left button outside a ..."
Chris Dumez
Comment 7 2012-10-23 10:42:22 PDT
Created attachment 170189 [details] Patch for landing Take Tony's feedback into consideration. Could someone please cq+ ?
WebKit Review Bot
Comment 8 2012-10-23 11:22:29 PDT
Comment on attachment 170189 [details] Patch for landing Clearing flags on attachment: 170189 Committed r132246: <http://trac.webkit.org/changeset/132246>
WebKit Review Bot
Comment 9 2012-10-23 11:22:33 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.