Bug 12061 - Crash in WebCore::Shared<WebCore::StringImpl>::deref
Summary: Crash in WebCore::Shared<WebCore::StringImpl>::deref
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 420+
Hardware: Mac OS X 10.4
: P2 Major
Assignee: Nobody
URL:
Keywords: HasReduction
Depends on:
Blocks:
 
Reported: 2007-01-01 16:25 PST by Mark Rowe (bdash)
Modified: 2007-01-01 17:59 PST (History)
0 users

See Also:

Attachments
Patch (2.78 KB, patch)
2007-01-01 17:38 PST, Mark Rowe (bdash) 		eric: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mark Rowe (bdash) 2007-01-01 16:25:00 PST 
<html>
<head>
    <title>Test HTML Page</title>
    <style type="text/css">
    dfn { content: "text"; content: initial; }
    </style>
</head>
<body>
    <dfn>dfn</dfn>
</body>
</html>



Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x00000004
0x01485ef7 in WebCore::Shared<WebCore::StringImpl>::deref (this=0x0) at Shared.h:47
47              ASSERT(!m_inDestructor);
(gdb) bt
#0  0x01485ef7 in WebCore::Shared<WebCore::StringImpl>::deref (this=0x0) at Shared.h:47
#1  0x01192e27 in WebCore::ContentData::clearContent (this=0x1700f410) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderStyle.cpp:1183
#2  0x01192e75 in WebCore::ContentData::~ContentData (this=0x1700f410) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderStyle.cpp:1169
#3  0x011953b5 in WebCore::RenderStyle::arenaDelete (this=0x170aeffc, arena=0x170ada50) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderStyle.cpp:589
#4  0x014ad21f in WebCore::RenderStyle::deref (this=0x170aeffc, arena=0x170ada50) at RenderStyle.h:980
#5  0x012422c2 in WebCore::Element::recalcStyle (this=0x170cbc30, change=WebCore::Node::Force) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Element.cpp:609
#6  0x01242367 in WebCore::Element::recalcStyle (this=0x170a2850, change=WebCore::Node::Force) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Element.cpp:621
#7  0x01242367 in WebCore::Element::recalcStyle (this=0x170b1490, change=WebCore::Node::Force) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Element.cpp:621
#8  0x010f35f4 in WebCore::Document::recalcStyle (this=0x20e1800, change=WebCore::Node::Force) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Document.cpp:978
#9  0x010f9226 in WebCore::Document::updateStyleSelector (this=0x20e1800) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Document.cpp:1854
#10 0x010f9712 in WebCore::Document::setUserStyleSheet (this=0x20e1800, sheet=@0x1703ce10) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Document.cpp:1495
#11 0x010de3e6 in WebCore::Frame::setUserStyleSheet (this=0x29651f0, styleSheet=@0x1703ce10) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Frame.cpp:303
#12 0x014dc59f in WebCore::UserStyleSheetLoader::setCSSStyleSheet (this=0x1700f410, sheet=@0x1703ce10) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Frame.cpp:140
#13 0x011092a2 in WebCore::CachedCSSStyleSheet::checkNotify (this=0x1703cd20) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/CachedCSSStyleSheet.cpp:90
#14 0x01109403 in WebCore::CachedCSSStyleSheet::data (this=0x1703cd20, data=@0x1703eb90, allDataReceived=true) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/CachedCSSStyleSheet.cpp:80
#15 0x0110cd58 in WebCore::Loader::receivedAllData (this=0x1640bb8, loader=0x170dcf30, allData=0x170a7a50) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/loader.cpp:108
#16 0x0137c65c in WebCore::SubresourceLoader::didFinishLoading (this=0x170dcf30) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/SubresourceLoaderMac.mm:195
#17 0x0137859c in WebCore::ResourceLoader::didFinishLoading (this=0x170dcf30) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/ResourceLoaderMac.mm:446
#18 0x013878e3 in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] (self=0x170b4720, _cmd=0x90a9d160, con=0x2926a50) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/platform/network/mac/ResourceHandleMac.mm:295
#19 0x9265be00 in -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] ()
#20 0x92659ea5 in -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] ()
#21 0x92659b41 in _sendCallbacks ()
#22 0x90829379 in CFRunLoopRunSpecific ()
#23 0x90828eb5 in CFRunLoopRunInMode ()
#24 0x92dcdb90 in RunCurrentEventLoopInMode ()
#25 0x92dcd297 in ReceiveNextEventCommon ()
#26 0x92dcd0ee in BlockUntilNextEventMatchingListInMode ()
#27 0x9326f465 in _DPSNextEvent ()
#28 0x9326f056 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#29 0x00006f96 in ?? ()
#30 0x93268ddb in -[NSApplication run] ()
#31 0x9325cd2f in NSApplicationMain ()
#32 0x0005f7de in ?? ()
#33 0x0005f6f9 in ?? ()
(gdb)
Comment 1 Mark Rowe (bdash) 2007-01-01 17:38:51 PST 
Created attachment 12151 [details]
Patch
Comment 2 Eric Seidel (no email) 2007-01-01 17:41:57 PST 
Comment on attachment 12151 [details]
Patch

personally I prefer test cases to start with PASS: for easy reading.  But the change and test look great.

r=me
Comment 3 Mark Rowe (bdash) 2007-01-01 17:59:04 PST 
Landed in r18510.