[Webkit-unassigned] [Bug 16392] New: Crash on undo after editing text and closing tab

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Dec 10 20:41:23 PST 2007


           Summary: Crash on undo after editing text and closing tab
           Product: WebKit
           Version: 525+ (Nightly build)
          Platform: Macintosh
        OS/Version: Mac OS X 10.4
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: opendarwin at lapcatsoftware.com

Overview Description:
If you type in a text field in a WebView, the Edit/Undo menu item becomes
enabled.  However, if the WebView is the subview of a tab view item, and the
tab view item is removed, deallocating the WebView, the Undo menu item still
remains enabled.  If you then try to undo, the app will crash.

Steps to Reproduce:
(1) Build and run the attached UndoCrash sample Xcode project.
(2) In the text field below the WebView, enter the URL of a page containing a
text field, e.g., <http://trac.webkit.org/projects/webkit/changeset/22065>, and
press return to load the page.
(3) When the page has finished loading, enter some text in the Search text
(4) Notice that the Edit/Undo menu item is enabled.
(5) Press the "Remove Tab" button to remove the tab.
(6) Notice that the Edit/Undo menu item is still enabled.
(7) Type command-z to undo.

Actual Results:
The application crashed.  The backtrace is below.

Expected Results:
The Edit/Undo menu item should not be enabled after the tab is removed, and the
application should not crash.

Build Date & Platform:
MacBook Pro Intel Core 2 Duo, Mac OS X 10.4.11.

Additional Builds and Platforms:
MacBook Pro Intel Core 2 Duo, WebKit revision 28605 (TOT).
iBook G4, Mac OS X 10.4.11.

Attached sample Xcode project as UndoCrash.zip.
Backtrace of crash:

#0  0x90a594c7 in objc_msgSend ()
#1  0x928aa2e8 in -[_NSUndoLightInvocation invoke] ()
#2  0x928aa0d3 in -[_NSUndoStack popAndInvoke] ()
#3  0x928a9f65 in -[NSUndoManager undoNestedGroup] ()
#4  0x93362dbc in -[NSApplication sendAction:to:from:] ()
#5  0x93410d0f in -[NSMenu performActionForItemAtIndex:] ()
#6  0x93410a51 in -[NSCarbonMenuImpl
performActionWithHighlightingForItemAtIndex:] ()
#7  0x934106a8 in -[NSMenu performKeyEquivalent:] ()
#8  0x93410149 in -[NSApplication _handleKeyEquivalent:] ()
#9  0x93343dbb in -[NSApplication sendEvent:] ()
#10 0x9326ee1e in -[NSApplication run] ()
#11 0x93262d4f in NSApplicationMain ()
#12 0x00001ed8 in main (argc=1, argv=0xbffff99c) at

Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list