19370 2008-06-03 06:14:04 -0700 [Gtk] Assertion failure at ScrollWindow.update for r34340 2008-10-03 22:11:02 -0700 1 1 1 Unclassified WebKit WebKitGTK 528+ (Nightly build) PC Linux RESOLVED WONTFIX http://webkit.org/blog Gtk P2 Critical --- 1 jmalonzo webkit-unassigned alp camaradetux jakub.rusinek marco.barisione mh+webkit pierre-luc.beaudoin xclaesse zecke oldest_to_newest 82193 0 jmalonzo 2008-06-03 06:14:04 -0700 Here's a backtrace: [New process 6778] #0 0x00007fa9169c27c3 in WebCore::ScrollView::update (this=<value optimized out>) at WebCore/platform/gtk/ScrollViewGtk.cpp:321 321 ASSERT(containingWindow()); (gdb) bt #0 0x00007fa9169c27c3 in WebCore::ScrollView::update (this=<value optimized out>) at WebCore/platform/gtk/ScrollViewGtk.cpp:321 #1 0x00007fa9161d1e76 in WebCore::Document::implicitClose (this=0x23e48e0) at WebCore/dom/Document.cpp:1590 #2 0x00007fa91647d7b8 in WebCore::FrameLoader::checkCompleted (this=0x23d5598) at WebCore/loader/FrameLoader.cpp:1291 #3 0x00007fa91647f842 in WebCore::FrameLoader::finishedParsing (this=0x23d5598) at WebCore/loader/FrameLoader.cpp:1241 #4 0x00007fa9161c1bdd in WebCore::Document::finishedParsing (this=0x23e48e0) at WebCore/dom/Document.cpp:3730 #5 0x00007fa91647b0cc in WebCore::FrameLoader::endIfNotLoadingMainResource (this=0x23d5598) at WebCore/loader/FrameLoader.cpp:1070 #6 0x00007fa91696a0f7 in WebCore::SVGImage::dataChanged (this=0x237cae0, allDataReceived=<value optimized out>) at WebCore/svg/graphics/SVGImage.cpp:222 #7 0x00007fa916594182 in WebCore::Image::setData (this=0x237cae0, data=<value optimized out>, allDataReceived=false) at WebCore/platform/graphics/Image.cpp:72 #8 0x00007fa91644678d in WebCore::CachedImage::data (this=0x21833c0, data=<value optimized out>, allDataReceived=192) at WebCore/loader/CachedImage.cpp:233 #9 0x00007fa91649c7f5 in WebCore::Loader::Host::didFinishLoading (this=0x2054970, loader=0x237fa50) at WebCore/loader/loader.cpp:268 #10 0x00007fa9164b1b66 in WebCore::SubresourceLoader::didFinishLoading (this=0x237fa50) at WebCore/loader/SubresourceLoader.cpp:193 #11 0x00007fa91671f32b in WebCore::ResourceHandleManager::downloadTimerCallback (this=0x1de33a0, timer=<value optimized out>) at WebCore/platform/network/curl/ResourceHandleManager.cpp:298 #12 0x00007fa9165d1000 in WebCore::TimerBase::fireTimers (fireTime=1212497292.2715991, firingTimers=@0x7fff1f89a6a0) at WebCore/platform/Timer.cpp:347 #13 0x00007fa9165d1110 in WebCore::TimerBase::sharedTimerFired () at WebCore/platform/Timer.cpp:368 #14 0x00007fa9169c72b2 in timeout_cb () at WebCore/platform/gtk/SharedTimerGtk.cpp:48 #15 0x00007fa914bde81b in ?? () from /usr/lib/libglib-2.0.so.0 #16 0x00007fa914bde0f2 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #17 0x00007fa914be1396 in ?? () from /usr/lib/libglib-2.0.so.0 #18 0x00007fa914be1657 in g_main_loop_run () from /usr/lib/libglib-2.0.so.0 #19 0x00007fa9151ecc43 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #20 0x0000000000401ecb in main (argc=1, argv=0x7fff1f89a9f8) at WebKitTools/GtkLauncher/main.c:200 Current language: auto; currently c++ 82378 1 alp 2008-06-05 19:36:10 -0700 Thanks for the trace. It'd be best to figure out why this is null, but it might be worth adding a nullcheck to avoid crashes for users in the meantime if debugging doesn't get us anywhere. 86218 2 22339 marco.barisione 2008-07-17 08:28:27 -0700 Created attachment 22339 Temporary workaround Usually I don't like this kind of workarounds but I wasn't able to find the real reason for this problem and this bug is very annoying. 86229 3 zecke 2008-07-17 10:02:11 -0700 Okay. Is that the FrameView of the main frame? Looks like we have detached the containing window from the WebCore::FrameView but then do something with the FrameView... So the above URL is enough to make that happen? Does this happen with page cache turned off? 86231 4 xclaesse 2008-07-17 10:08:03 -0700 I can reproduce this bug with empathy, using webkit to render adium themes. It happens when a contact don't have an avatar so it get replaced by a SVG icon. To reproduce: 1) Take the adium empathy branch: http://git.collabora.co.uk/?p=user/xclaesse/empathy.git;a=shortlog;h=refs/heads/adium 2) Put the "Contents" dir of an adium theme in you home 3) In the preference dialog select 'adium' 4) start a chat with someone that have no avatar 86232 5 marco.barisione 2008-07-17 10:10:59 -0700 (In reply to comment #3) > Okay. Is that the FrameView of the main frame? Frame view. > Looks like we have detached the > containing window from the WebCore::FrameView but then do something with the > FrameView... Yes, but I cannot find where the problem is and why it happens. > So the above URL is enough to make that happen? Does this happen > with page cache turned off? Yes, that's enough. I can reproduce the bug also in other ways, for instace using the experimental code for adium thems in the empathy IM client. 87654 6 22339 eric 2008-08-01 17:05:21 -0700 Comment on attachment 22339 Temporary workaround Better to fix the bug, or explain why it is OK for a ScrollView to ever not have a window. Printing perhaps? During teardown? 87718 7 22622 zuh 2008-08-03 05:23:28 -0700 Created attachment 22622 Reduced test case Here's a reduced test case. Seems that the problem is with showing any SVG in an img tag. 87757 8 marco.barisione 2008-08-04 08:02:19 -0700 It seems that the bug is only visible when you have a SVG inside an <img> tag. This is supported only by WebKit and this is why we were seeing the crash only on pages thought to be viewed in WebKit. The reason for the crash is that SVGImage contains a FrameView and FrameView derives from ScrollView. The FrameView doesn't have an associated widget -> crash. Why are svg images in <img> treated in a different way? If that's normal is it normal that they don't have an associated widget? (I think so but I don't know that code) 87981 9 marco.barisione 2008-08-06 12:15:22 -0700 *** Bug 18444 has been marked as a duplicate of this bug. *** 88173 10 jmalonzo 2008-08-10 02:02:12 -0700 #8 0x00007f3c1f01f610 in WebCore::Loader::Host::didFinishLoading (this=0xa8ff40, loader=0xceb0d0) at ../../WebCore/loader/loader.cpp:275 #9 0x00007f3c1f033331 in WebCore::SubresourceLoader::didFinishLoading (this=0xceb0d0) at ../../WebCore/loader/SubresourceLoader.cpp:196 I started looking at those parts of the stack in Host::didFinishLoading, [CachedResource*] resource->size() is 0 here. Whereas for non-svg images this is the size of the image. There's probably something wrong with the way we're loading SVG images. 88216 11 pierre-luc.beaudoin 2008-08-11 07:51:28 -0700 *** Bug 20344 has been marked as a duplicate of this bug. *** 92458 12 jmalonzo 2008-09-23 20:36:12 -0700 Both the reduced test case and webkit.org/blog seems to be OK now. Must've been (accidentally) fixed lately. Closing as WONTFIX. 92517 13 marco.barisione 2008-09-24 07:55:29 -0700 (In reply to comment #12) > Both the reduced test case and webkit.org/blog seems to be OK now. Must've been > (accidentally) fixed lately. Closing as WONTFIX. Are you sure? I can still reproduce it with an updated copy of webkit. 92520 14 jmalonzo 2008-09-24 08:02:35 -0700 Well, it works on my curl backend build. Are you using curl or soup? 94038 15 jmalonzo 2008-10-03 22:11:02 -0700 Closing as this is obsolete (due to dhyatt's refactoring of scrollviews) and test cases work fine now. 22339 2008-07-17 08:28:27 -0700 2008-08-01 17:05:21 -0700 Temporary workaround update-assertion-failure.patch text/plain 1324 marco.barisione ZGlmZiAtLWdpdCBhL1dlYkNvcmUvQ2hhbmdlTG9nIGIvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXgg YWI4OTgzNy4uYmUxMmZmZSAxMDA2NDQKLS0tIGEvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvV2Vi Q29yZS9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxNCBAQAorMjAwOC0wNy0xNyAgTWFyY28gQmFyaXNp b25lICA8bWFyY28uYmFyaXNpb25lQGNvbGxhYm9yYS5jby51az4KKworICAgICAgICBSZXZpZXdl ZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBbR3RrXSBBc3NlcnRpb24gZmFpbHVyZSBh dCBTY3JvbGxXaW5kb3cudXBkYXRlIGZvciByMzQzNDAKKyAgICAgICAgaHR0cDovL2J1Z3Mud2Vi a2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTkzNzAKKworICAgICAgICAqIHBsYXRmb3JtL2d0ay9T Y3JvbGxWaWV3R3RrLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OlNjcm9sbFZpZXc6OnVwZGF0ZSk6 IFJldHVybiBpZiB0aGUgY29udGFpbmluZyB3aW5kb3cgaXMgbnVsbAorICAgICAgICBhcyBhIHRl bXBvcmFyeSB3b3JrYXJvdW5kIGZvciB0aGUgY3Jhc2guCisKIDIwMDgtMDctMTYgIEpvbiBIb25l eWN1dHQgIDxqaG9uZXljdXR0QGFwcGxlLmNvbT4KIAogICAgICAgICBSRUdSRVNTSU9OOiBDYW4n dCBjcmVhdGUgd2luZG93bGVzcyBwbHVnLWluIHdpdGggRmxhc2ggOQpkaWZmIC0tZ2l0IGEvV2Vi Q29yZS9wbGF0Zm9ybS9ndGsvU2Nyb2xsVmlld0d0ay5jcHAgYi9XZWJDb3JlL3BsYXRmb3JtL2d0 ay9TY3JvbGxWaWV3R3RrLmNwcAppbmRleCBlNzM4OTgyLi5jNGVhN2JlIDEwMDY0NAotLS0gYS9X ZWJDb3JlL3BsYXRmb3JtL2d0ay9TY3JvbGxWaWV3R3RrLmNwcAorKysgYi9XZWJDb3JlL3BsYXRm b3JtL2d0ay9TY3JvbGxWaWV3R3RrLmNwcApAQCAtMzIzLDcgKzMyMywxMCBAQCB2b2lkIFNjcm9s bFZpZXc6OnVwZGF0ZUNvbnRlbnRzKGNvbnN0IEludFJlY3QmIHVwZGF0ZVJlY3QsIGJvb2wgbm93 KQogCiB2b2lkIFNjcm9sbFZpZXc6OnVwZGF0ZSgpCiB7Ci0gICAgQVNTRVJUKGNvbnRhaW5pbmdX aW5kb3coKSk7CisgICAgLyogRklYTUU6IHRoaXMgaXMganVzdCBhIHRlbXBvcmFyeSB3b3JrYXJv dW5kIHRvIGF2b2lkIGNyYXNoZXMuICovCisgICAgLyogQVNTRVJUKGNvbnRhaW5pbmdXaW5kb3co KSk7ICovCisgICAgaWYgKCFjb250YWluaW5nV2luZG93KCkpCisgICAgICAgIHJldHVybjsKIAog ICAgIEdka1JlY3RhbmdsZSByZWN0ID0gZnJhbWVHZW9tZXRyeSgpOwogICAgIGdka193aW5kb3df aW52YWxpZGF0ZV9yZWN0KEdUS19XSURHRVQoY29udGFpbmluZ1dpbmRvdygpKS0+d2luZG93LCAm cmVjdCwgdHJ1ZSk7Cg== 22622 2008-08-03 05:23:28 -0700 2008-08-03 05:23:28 -0700 Reduced test case crash-with-svg.html text/html 128 zuh PGh0bWw+CjxoZWFkPjx0aXRsZT5DcmFzaCBib29tIGJhbmc8L3RpdGxlPjwvaGVhZD4KPGJvZHk+ CjxpbWcgc3JjPSJodHRwOi8vd2Via2l0Lm9yZy9ibG9nLWZpbGVzL2NpcmNsZS5zdmciLz4KPC9i b2R5Pgo8L2h0bWw+Cgo=