24992 2009-04-01 12:13:15 -0700 crash at http://browserspy.dk/browser.php 2009-05-08 00:58:54 -0700 1 1 1 Unclassified WebKit Page Loading 528+ (Nightly build) PC Linux RESOLVED FIXED P2 Major --- 1 robert webkit-unassigned ap kenneth oldest_to_newest 116198 0 robert 2009-04-01 12:13:15 -0700 webkit svn crashes when loading the above url. patch fixes it. 116199 1 29171 robert 2009-04-01 12:14:59 -0700 Created attachment 29171 patch ensures document object is non-null 116209 2 29175 robert 2009-04-01 12:53:49 -0700 Created attachment 29175 and another one 116258 3 ap 2009-04-02 01:13:44 -0700 This doesn't look like the right approach to me - frames always have documents in them, except for a very short time during construction. So, the real question to answer is: why is there no document in this frame? Opening this page doesn't cause a crash on Mac - what port are you seeing it with? 116786 4 robert 2009-04-07 13:04:40 -0700 it crashes when running arora against webkit svn on linux. i haven't tried webkit svn against any other browser. 117272 5 robert 2009-04-12 15:54:06 -0700 (gdb) bt bt #0 0xb64fede8 in WebCore::Node::hasChangedChild (this=0x0) at ../../../WebCore/dom/Node.h:270 #1 0xb67f2b6e in WebCore::FrameView::needsLayout (this=0x8c964c0) at ../../../WebCore/page/FrameView.cpp:966 #2 0xb67f4c3e in WebCore::FrameView::layoutIfNeededRecursive (this=0x8c964c0) at ../../../WebCore/page/FrameView.cpp:1390 #3 0xb67f4cc1 in WebCore::FrameView::layoutIfNeededRecursive (this=0x8428a50) at ../../../WebCore/page/FrameView.cpp:1397 #4 0xb6a4dd15 in QWebFramePrivate::renderPrivate (this=0x83f9268, painter=0xbffe8708, clip=@0xbffe8bb8, contents=false) at ../../../WebKit/qt/Api/qwebframe.cpp:216 #5 0xb6a4e054 in QWebFrame::render (this=0x83f9300, painter=0xbffe8708, clip=@0xbffe8bb8) at ../../../WebKit/qt/Api/qwebframe.cpp:864 #6 0xb6a5c90a in QWebView::paintEvent (this=0x83f92b8, ev=0xbffe8b9c) at ../../../WebKit/qt/Api/qwebview.cpp:684 #7 0xb4b1461a in QWidget::event (this=0x83f92b8, event=0xbffe8b9c) at /var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qwidget.cpp:7654 #8 0xb6a5cc2c in QWebView::event (this=0x83f92b8, e=0xbffe8b9c) at ../../../WebKit/qt/Api/qwebview.cpp:589 #9 0xb4ab8a7f in QApplicationPrivate::notify_helper (this=0x81425e8, receiver=0x83f92b8, e=0xbffe8b9c) at /var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qapplication.cpp:4084 #10 0xb4abc7be in QApplication::notify (this=0xbffef17c, receiver=0x83f92b8, e=0xbffe8b9c) at /var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qapplication.cpp:4049 #11 0xb455681b in QCoreApplication::notifyInternal (this=0xbffef17c, receiver=0x83f92b8, event=0xbffe8b9c) at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.cpp:602 #12 0xb4b0bd82 in QWidgetPrivate::drawWidget (this=0x8412510, pdev=0x82ad16c, rgn=@0xbffe8de8, offset=@0xbffe8dd0, flags=68, sharedPainter=0x0, backingStore=0x82aceb0) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:216 #13 0xb4cdffd8 in QWidgetBackingStore::sync (this=0x82aceb0) at /var/tmp/qt-x11-src-4.5.0/src/gui/painting/qbackingstore.cpp:1258 #14 0xb4b042b5 in QWidgetPrivate::syncBackingStore (this=0x81a4598) at /var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qwidget.cpp:1603 #15 0xb4b1440d in QWidget::event (this=0x81a4470, event=0xbffe93c4) at /var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qwidget.cpp:7794 #16 0xb4f2b43f in QMainWindow::event (this=0x81a4470, event=0xbffe93c4) at /var/tmp/qt-x11-src-4.5.0/src/gui/widgets/qmainwindow.cpp:1396 #17 0xb4ab8a7f in QApplicationPrivate::notify_helper (this=0x81425e8, receiver=0x81a4470, e=0xbffe93c4) at /var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qapplication.cpp:4084 #18 0xb4abc7be in QApplication::notify (this=0xbffef17c, receiver=0x81a4470, e=0xbffe93c4) at /var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qapplication.cpp:4049 #19 0xb455681b in QCoreApplication::notifyInternal (this=0xbffef17c, receiver=0x81a4470, event=0xbffe93c4) at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.cpp:602 #20 0xb4ce0fd8 in QWidgetBackingStore::markDirty (this=0x82aceb0, rect=@0xbffe945c, widget=0x819f6b8, updateImmediately=true, invalidateBuffer=false) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:213 #21 0xb4b05dd9 in QWidget::repaint (this=0x819f6b8, rect=@0xbffe945c) at /var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qwidget.cpp:9413 #22 0xb4f7e5db in QStatusBar::hideOrShow (this=0x819f6b8) at /var/tmp/qt-x11-src-4.5.0/src/gui/widgets/qstatusbar.cpp:695 #23 0xb4f7e746 in QStatusBar::showMessage (this=0x819f6b8, message=@0xbffe980c, timeout=0) at /var/tmp/qt-x11-src-4.5.0/src/gui/widgets/qstatusbar.cpp:614 #24 0xb518c839 in QStatusBar::qt_metacall (this=0x819f6b8, _c=QMetaObject::InvokeMetaMethod, _id=2, _a=0xbffe9590) at /var/tmp/qt-x11-src-4.5.0/src/gui/.moc/release-shared/moc_qstatusbar.cpp:83 #25 0xb456c63b in QMetaObject::activate (sender=0x81a1898, from_signal_index=<value optimized out>, to_signal_index=42, argv=0xbffe9590) at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qobject.cpp:3060 #26 0xb456cd12 in QMetaObject::activate (sender=0x81a1898, m=0x8103a60, local_signal_index=3, argv=0xbffe9590) at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qobject.cpp:3134 #27 0x080f3155 in TabWidget::showStatusBarMessage (this=0x81a1898, _t1=@0xbffe980c) at .moc/moc_tabwidget.cpp:227 #28 0x080f3342 in TabWidget::qt_metacall (this=0x81a1898, _c=QMetaObject::InvokeMetaMethod, _id=3, _a=0xbffe968c) at .moc/moc_tabwidget.cpp:152 #29 0xb456c63b in QMetaObject::activate (sender=0x83f92b8, from_signal_index=<value optimized out>, to_signal_index=31, argv=0xbffe968c) at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qobject.cpp:3060 #30 0xb456cd12 in QMetaObject::activate (sender=0x83f92b8, m=0x8140f70, local_signal_index=4, argv=0xbffe968c) at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qobject.cpp:3134 #31 0xb6f4390c in QWebView::statusBarMessage (this=0x83f92b8, _t1=@0xbffe980c) at moc_qwebview.cpp:186 #32 0xb6f43b35 in QWebView::qt_metacall (this=0x83f92b8, _c=QMetaObject::InvokeMetaMethod, _id=4, _a=0xbffe97cc) at moc_qwebview.cpp:103 #33 0x080f3bcf in WebView::qt_metacall (this=0x83f92b8, _c=QMetaObject::InvokeMetaMethod, _id=31, _a=0xbffe97cc) at .moc/moc_webview.cpp:152 #34 0xb456c63b in QMetaObject::activate (sender=0x84126c8, from_signal_index=<value optimized out>, to_signal_index=8, argv=0xbffe97cc) at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qobject.cpp:3060 #35 0xb456cd12 in QMetaObject::activate (sender=0x84126c8, m=0x8140cb8, local_signal_index=4, argv=0xbffe97cc) at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qobject.cpp:3134 #36 0xb6a51472 in QWebPage::statusBarMessage (this=0x84126c8, _t1=@0xbffe980c) at ./moc_qwebpage.cpp:361 #37 0xb6a3a2bf in WebCore::ChromeClientQt::setStatusbarText (this=0x84128d8, msg=@0xbffe984c) at ../../../WebKit/qt/WebCoreSupport/ChromeClientQt.cpp:286 #38 0xb67beade in WebCore::Chrome::setStatusbarText (this=0x84129e8, frame=0x8c72cf8, status=@0x8c72fd0) at ../../../WebCore/page/Chrome.cpp:295 #39 0xb67e7fe9 in WebCore::Frame::setJSStatusBarText (this=0x8c72cf8, text=@0xbffe98cc) at ../../../WebCore/page/Frame.cpp:765 #40 0xb674c01c in WebCore::FrameLoader::didOpenURL (this=0x8c72d24, url=@0xbffe99b0) at ../../../WebCore/loader/FrameLoader.cpp:722 #41 0xb674c8ed in WebCore::FrameLoader::commitProvisionalLoad (this=0x8c72d24, prpCachedPage=@0xbffe9a4c) at ../../../WebCore/loader/FrameLoader.cpp:2803 #42 0xb6725179 in WebCore::DocumentLoader::commitIfReady (this=0x8c73658) at ../../../WebCore/loader/DocumentLoader.cpp:339 #43 0xb67270f5 in WebCore::DocumentLoader::finishedLoading (this=0x8c73658) at ../../../WebCore/loader/DocumentLoader.cpp:346 #44 0xb67467a1 in WebCore::FrameLoader::init (this=0x8c72d24) at ../../../WebCore/loader/FrameLoader.cpp:321 #45 0xb67ea52e in WebCore::Frame::init (this=0x8c72cf8) at ../../../WebCore/page/Frame.cpp:212 #46 0xb6a4e263 in QWebFramePrivate::init (this=0x8c92160, qframe=0x89e46a0, webcorePage=0x8412958, frameData=0xbffe9db4) at ../../../WebKit/qt/Api/qwebframe.cpp:189 #47 0xb6a4e326 in QWebFrame (this=0x89e46a0, parent=0x83f9300, frameData=0xbffe9db4) at ../../../WebKit/qt/Api/qwebframe.cpp:294 #48 0xb6a42631 in WebCore::FrameLoaderClientQt::createFrame (this=0x8412310, url=@0xbffe9f3c, name=@0x8c9447c, ownerElement=0x8c94438, referrer=@0xbffe9e78, allowsScrolling=false, marginWidth=0, marginHeight=0) at ../../../WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:976 #49 0xb674ce20 in WebCore::FrameLoader::loadSubframe (this=0x8417bfc, ownerElement=0x8c94438, url=@0xbffe9f3c, name=@0x8c9447c, referrer=@0x8417cdc) at ../../../WebCore/loader/FrameLoader.cpp:479 #50 0xb674d4c2 in WebCore::FrameLoader::requestFrame (this=0x8417bfc, ownerElement=0x8c94438, urlString=@0x8c94478, frameName=@0x8c9447c) at ../../../WebCore/loader/FrameLoader.cpp:450 #51 0xb666bf0b in WebCore::HTMLFrameElementBase::openURL (this=0x8c94438) at ../../../WebCore/html/HTMLFrameElementBase.cpp:104 #52 0xb666c534 in WebCore::HTMLFrameElementBase::setNameAndOpenURL (this=0x8c94438) at ../../../WebCore/html/HTMLFrameElementBase.cpp:160 #53 0xb666c559 in WebCore::HTMLFrameElementBase::setNameAndOpenURLCallback (n=0x8c94438) at ../../../WebCore/html/HTMLFrameElementBase.cpp:165 #54 0xb64e3f57 in WebCore::ContainerNode::dispatchPostAttachCallbacks () at ../../../WebCore/dom/ContainerNode.cpp:572 #55 0xb64e4084 in WebCore::ContainerNode::resumePostAttachCallbacks (this=0x8c94438) at ../../../WebCore/dom/ContainerNode.cpp:545 #56 0xb64e4202 in WebCore::ContainerNode::attach (this=0x8c94438) at ../../../WebCore/dom/ContainerNode.cpp:585 #57 0xb6531d50 in WebCore::Element::attach (this=0x8c94438) at ../../../WebCore/dom/Element.cpp:710 #58 0xb666bbb7 in WebCore::HTMLFrameElementBase::attach (this=0x8c94438) at ../../../WebCore/html/HTMLFrameElementBase.cpp:192 #59 0xb6671b69 in WebCore::HTMLIFrameElement::attach (this=0x8c94438) at ../../../WebCore/html/HTMLIFrameElement.cpp:117 #60 0xb6693a70 in WebCore::HTMLParser::insertNode (this=0x8506ac8, n=0x8c94438, flat=false) at ../../../WebCore/html/HTMLParser.cpp:363 #61 0xb66963a6 in WebCore::HTMLParser::parseToken (this=0x8506ac8, t=0x85f9e28) at ../../../WebCore/html/HTMLParser.cpp:267 #62 0xb66af86f in WebCore::HTMLTokenizer::processToken (this=0x85f9e10) at ../../../WebCore/html/HTMLTokenizer.cpp:1886 #63 0xb66b60d6 in WebCore::HTMLTokenizer::parseTag (this=0x85f9e10, src=@0x85fa764, state={m_bits = 4194304}) at ../../../WebCore/html/HTMLTokenizer.cpp:1471 #64 0xb66b6f37 in WebCore::HTMLTokenizer::write (this=0x85f9e10, str=@0xbffea4ec, appendData=false) at ../../../WebCore/html/HTMLTokenizer.cpp:1717 #65 0xb64f4cc1 in WebCore::Document::write (this=0x85a9da0, text=@0xbffea4ec, ownerDocument=0x85a9da0) at ../../../WebCore/dom/Document.cpp:1701 #66 0xb639f4c2 in documentWrite (exec=0xb1bf1360, args=@0xbffea65c, document=0x85a9da0, addNewline=WebCore::DoNotAddNewline) at ../../../WebCore/bindings/js/JSHTMLDocumentCustom.cpp:154 #67 0xb639f5af in WebCore::JSHTMLDocument::write (this=0xb1bd12e0, exec=0xb1bf1360, args=@0xbffea65c) at ../../../WebCore/bindings/js/JSHTMLDocumentCustom.cpp:159 #68 0xb6d7e6ec in WebCore::jsHTMLDocumentPrototypeFunctionWrite (exec=0xb1bf1360, thisValue={m_ptr = 0xb1bd12e0}, args=@0xbffea65c) at tmp/JSHTMLDocument.cpp:359 #69 0xb62bcf93 in JSC::Interpreter::privateExecute (this=0x855a3d0, flag=JSC::Interpreter::Normal, registerFile=0x855a3d8, callFrame=0xb1bf1280, exception=0xbffec0ec) at ../../../JavaScriptCore/interpreter/Interpreter.cpp:2960 #70 0xb62c020e in JSC::Interpreter::execute (this=0x855a3d0, programNode=0x89e4590, callFrame=0x855aafc, scopeChain=0x8640640, thisObj=0xb1bd0000, exception=0xbffec0ec) at ../../../JavaScriptCore/interpreter/Interpreter.cpp:625 #71 0xb62f65d9 in JSC::evaluate (exec=0x855aafc, scopeChain=@0x855aab8, source=@0xbffec4b8, thisValue={m_ptr = 0xb1bd0000}) at ../../../JavaScriptCore/runtime/Completion.cpp:67 #72 0xb63d5319 in WebCore::ScriptController::evaluate (this=0x8417e70, sourceCode=@0xbffec4b8) at ../../../WebCore/bindings/js/ScriptController.cpp:104 #73 0xb6744393 in WebCore::FrameLoader::executeScript (this=0x8417bfc, sourceCode=@0xbffec4b8) at ../../../WebCore/loader/FrameLoader.cpp:796 #74 0xb66b2bd3 in WebCore::HTMLTokenizer::scriptExecution (this=0x85f9e10, sourceCode=@0xbffec4b8, state={m_bits = 4194304}) at ../../../WebCore/html/HTMLTokenizer.cpp:554 #75 0xb66b39f4 in WebCore::HTMLTokenizer::scriptHandler (this=0x85f9e10, state={m_bits = 4194304}) at ../../../WebCore/html/HTMLTokenizer.cpp:496 #76 0xb66b41ac in WebCore::HTMLTokenizer::parseSpecial (this=0x85f9e10, src=@0x85fa764, state={m_bits = 4194432}) at ../../../WebCore/html/HTMLTokenizer.cpp:347 #77 0xb66b6373 in WebCore::HTMLTokenizer::parseTag (this=0x85f9e10, src=@0x85fa764, state={m_bits = 4194432}) at ../../../WebCore/html/HTMLTokenizer.cpp:1486 #78 0xb66b6f37 in WebCore::HTMLTokenizer::write (this=0x85f9e10, str=@0xbffec83c, appendData=false) at ../../../WebCore/html/HTMLTokenizer.cpp:1717 #79 0xb64f4cc1 in WebCore::Document::write (this=0x85a9da0, text=@0xbffec83c, ownerDocument=0x85a9da0) at ../../../WebCore/dom/Document.cpp:1701 #80 0xb639f4c2 in documentWrite (exec=0xb1bf0a98, args=@0xbffec9ac, document=0x85a9da0, addNewline=WebCore::DoNotAddNewline) at ../../../WebCore/bindings/js/JSHTMLDocumentCustom.cpp:154 #81 0xb639f5af in WebCore::JSHTMLDocument::write (this=0xb1bd12e0, exec=0xb1bf0a98, args=@0xbffec9ac) at ../../../WebCore/bindings/js/JSHTMLDocumentCustom.cpp:159 #82 0xb6d7e6ec in WebCore::jsHTMLDocumentPrototypeFunctionWrite (exec=0xb1bf0a98, thisValue={m_ptr = 0xb1bd12e0}, args=@0xbffec9ac) at tmp/JSHTMLDocument.cpp:359 #83 0xb62bcf93 in JSC::Interpreter::privateExecute (this=0x855a3d0, flag=JSC::Interpreter::Normal, registerFile=0x855a3d8, callFrame=0xb1bf09b0, exception=0xbffee43c) at ../../../JavaScriptCore/interpreter/Interpreter.cpp:2960 #84 0xb62c020e in JSC::Interpreter::execute (this=0x855a3d0, programNode=0x8975298, callFrame=0x855aafc, scopeChain=0x8640640, thisObj=0xb1bd0000, exception=0xbffee43c) at ../../../JavaScriptCore/interpreter/Interpreter.cpp:625 #85 0xb62f65d9 in JSC::evaluate (exec=0x855aafc, scopeChain=@0x855aab8, source=@0xbffee760, thisValue={m_ptr = 0xb1bd0000}) at ../../../JavaScriptCore/runtime/Completion.cpp:67 #86 0xb63d5319 in WebCore::ScriptController::evaluate (this=0x8417e70, sourceCode=@0xbffee760) at ../../../WebCore/bindings/js/ScriptController.cpp:104 #87 0xb6744393 in WebCore::FrameLoader::executeScript (this=0x8417bfc, sourceCode=@0xbffee760) at ../../../WebCore/loader/FrameLoader.cpp:796 #88 0xb66b2bd3 in WebCore::HTMLTokenizer::scriptExecution (this=0x85f9e10, sourceCode=@0xbffee760, state={m_bits = 4194304}) at ../../../WebCore/html/HTMLTokenizer.cpp:554 #89 0xb66b30af in WebCore::HTMLTokenizer::notifyFinished (this=0x85f9e10) at ../../../WebCore/html/HTMLTokenizer.cpp:1974 #90 0xb66af446 in WebCore::HTMLTokenizer::executeScriptsWaitingForStylesheets (this=0x85f9e10) at ../../../WebCore/html/HTMLTokenizer.cpp:1931 #91 0xb64f3dcb in WebCore::Document::removePendingSheet (this=0x85a9da0) at ../../../WebCore/dom/Document.cpp:2189 #92 0xb668146e in WebCore::HTMLLinkElement::sheetLoaded (this=0x8a8bb00) at ../../../WebCore/html/HTMLLinkElement.cpp:282 #93 0xb64c2c34 in WebCore::CSSStyleSheet::checkLoaded (this=0x89e6508) at ../../../WebCore/css/CSSStyleSheet.cpp:189 #94 0xb6681725 in WebCore::HTMLLinkElement::setCSSStyleSheet (this=0x8a8bb00, url=@0x8a7b1dc, charset=@0xbffee8b8, sheet=0x8a7b1b0) at ../../../WebCore/html/HTMLLinkElement.cpp:267 #95 0xb670d205 in WebCore::CachedCSSStyleSheet::checkNotify (this=0x8a7b1b0) at ../../../WebCore/loader/CachedCSSStyleSheet.cpp:116 #96 0xb670d45c in WebCore::CachedCSSStyleSheet::data (this=0x8a7b1b0, data=@0xbffee978, allDataReceived=true) at ../../../WebCore/loader/CachedCSSStyleSheet.cpp:104 #97 0xb6761535 in WebCore::Loader::Host::didFinishLoading (this=0x87df928, loader=0x8a8d650) at ../../../WebCore/loader/loader.cpp:304 #98 0xb677495d in WebCore::SubresourceLoader::didFinishLoading (this=0x8a8d650) at ../../../WebCore/loader/SubresourceLoader.cpp:183 #99 0xb6771a3c in WebCore::ResourceLoader::didFinishLoading (this=0x8a8d650) at ../../../WebCore/loader/ResourceLoader.cpp:416 #100 0xb6a1bd0e in WebCore::QNetworkReplyHandler::finish (this=0x8a8bd68) at ../../../WebCore/platform/network/qt/QNetworkReplyHandler.cpp:224 #101 0xb6a1bda4 in WebCore::QNetworkReplyHandler::qt_metacall (this=0x8a8bd68, _c=QMetaObject::InvokeMetaMethod, _id=0, _a=0x87e8128) at ./moc_QNetworkReplyHandler.cpp:69 #102 0xb456637b in QMetaCallEvent::placeMetaCall (this=0x8910c40, object=0x8a8bd68) at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qobject.cpp:489 #103 0xb4567ec8 in QObject::event (this=0x8a8bd68, e=0x8910c40) at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qobject.cpp:1109 #104 0xb4ab8a7f in QApplicationPrivate::notify_helper (this=0x81425e8, receiver=0x8a8bd68, e=0x8910c40) at /var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qapplication.cpp:4084 #105 0xb4abc6b9 in QApplication::notify (this=0xbffef17c, receiver=0x8a8bd68, e=0x8910c40) at /var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qapplication.cpp:3631 #106 0xb455681b in QCoreApplication::notifyInternal (this=0xbffef17c, receiver=0x8a8bd68, event=0x8910c40) at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.cpp:602 #107 0xb455798e in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x81426b8) at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.h:213 #108 0xb4557c3d in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.cpp:1132 #109 0xb4582c8f in postEventSourceDispatch (s=0x814af10) at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.h:218 #110 0xb4378cf6 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #111 0xb437c0b3 in ?? () from /usr/lib/libglib-2.0.so.0 #112 0xb437c66e in g_main_context_iteration () from /usr/lib/libglib-2.0.so.0 #113 0xb458303e in QEventDispatcherGlib::processEvents (this=0x81483b8, flags=@0xbffef078) at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qeventdispatcher_glib.cpp:323 #114 0xb4b52bd5 in QGuiEventDispatcherGlib::processEvents (this=0x81483b8, flags=@0xbffef0a8) at /var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qguieventdispatcher_glib.cpp:202 #115 0xb45559ed in QEventLoop::processEvents (this=0xbffef120, flags=@0xbffef0e8) at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qeventloop.cpp:149 #116 0xb4555d5d in QEventLoop::exec (this=0xbffef120, flags=@0xbffef128) at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qeventloop.cpp:200 #117 0xb4557cfc in QCoreApplication::exec () at /var/tmp/qt-x11-src-4.5.0/src/corelib/kernel/qcoreapplication.cpp:880 #118 0xb4ab8217 in QApplication::exec () at /var/tmp/qt-x11-src-4.5.0/src/gui/kernel/qapplication.cpp:3553 #119 0x080eebef in main (argc=Cannot access memory at address 0x0 ) at main.cpp:67 ^done 118148 6 robert 2009-04-20 12:28:00 -0700 in FrameLoader.cpp: // this somewhat odd set of steps is needed to give the frame an initial empty document m_isDisplayingInitialEmptyDocument = false; m_creatingInitialEmptyDocument = true; setPolicyDocumentLoader(m_client->createDocumentLoader(ResourceRequest(KURL("")), SubstituteData()).get()); setProvisionalDocumentLoader(m_policyDocumentLoader.get()); setState(FrameStateProvisional); m_provisionalDocumentLoader->setResponse(ResourceResponse(KURL(), "text/html", 0, String(), String())); m_provisionalDocumentLoader->finishedLoading(); the crash originates from the last line. at this point there's still no document() available. however numerous calls later qt ends up trying to reference the document() while adjusting the frame's layout. i think the reason you don't see it in mac is because qtchromeclient.cpp emits a signal to update the status bar text, which eventually results in the crash-point expecting to have a document() to hand. i imagine only qt does this, though it is acting on a prompt from webcore itself: WebCore::Chrome::setStatusbarText(). the only sane alternative that i can think of to the patch i previously posted is: Index: WebCore/page/Chrome.cpp =================================================================== --- WebCore/page/Chrome.cpp (revision 42258) +++ WebCore/page/Chrome.cpp (working copy) @@ -292,7 +292,10 @@ void Chrome::setStatusbarText(Frame* frame, const String& status) { ASSERT(frame); - m_client->setStatusbarText(frame->displayStringModifiedByEncoding(status)); + /* We may not have a document at this point because sometimes the process of creating an + empty one brings us here before the document has been created. */ + if (frame->document()) + m_client->setStatusbarText(frame->displayStringModifiedByEncoding(status)); } bool Chrome::shouldInterruptJavaScript() 118149 7 29620 robert 2009-04-20 12:31:00 -0700 Created attachment 29620 alternative patch 118152 8 29622 robert 2009-04-20 13:05:50 -0700 Created attachment 29622 better patch OK, I think this is the place to patch it. The problem is probably specific to Qt so Qt should check for a document() if it plans to start rendering pages. 120122 9 kenneth 2009-05-06 12:00:29 -0700 Ok, I had a look at the backtrace posted on IRC, and apparently what happens is that a repaint is triggers by Qt (in Arora; everything works fine in the QtLauncher) as it acts on the statusBarMessage signal and sets the Arora status bar. Painting calls needsLayout() which assumes that a document() exits, but as it doesn't we experience a crash. Now the question is, why doesn't a document exist - or - should we guard for repaints when do document exist? 120151 10 robert 2009-05-06 14:30:36 -0700 removing: connect(webView, SIGNAL(statusBarMessage(const QString&)), this, SIGNAL(showStatusBarMessage(const QString&))); in line 296 of tabwidget.cpp in arora prevents the crash from happening. long story short: the repaint of the status bar in qt cascades all the way up to the qmainwindow and then all the way down through the qwebview. given that the statusbar is getting repainted because a doc is getting initialized in WebCore::FrameLoader::init, once the rendering iterates through the frameviews in RenderView::updateWidgetPositions it eventually hits the frame that is still being constructed and still has an uninitialized/null doc in it and so crashes in WebCore::FrameView::layout. none of my patches (except the first one) can actually prevent this crash, so as kenne suggests, the trick will be to catch it in qt and prevent the rendering from taking place. 'better patch' won't necessarily do this because the frame with the null doc is not at the top level of the qwebview. 120250 11 ap 2009-05-07 01:20:07 -0700 So, the problem is that a client call (setStatusbarText) is made when there is still no document in the frame. It happens so that Qt asks for repaint, but another client could ask for something else. Instead of adding document null checks to all code paths a client could potentially trigger, I think that it would be better to ensure that the frame has a document before any client calls. An obvious way to achieve this is to move "begin(KURL(), false);" one or two lines upwards in FrameLoader::init(). I don't know this code well enough to predict if that will cause any undesired consequences, but it seems worth experimenting with. If it works, please also add an ASSERT(m_doc) in Frame::setJSStatusBarText(), with a comment briefly explaining that we want the frame to be in a consistent state before handing off control to the client. 120251 12 ap 2009-05-07 01:26:17 -0700 And if changing FrameLoader::init() proves impractically difficult, you could add an m_doc null check before setStatusbarText() - that's worse than improving the guarantee of every frame having a document, but better than calling the client while the frame is in an inconsistent state. 120325 13 robert 2009-05-07 13:00:15 -0700 Moving begin() around results in either a crash or the following warnings: ERROR: called Frame::paint with nil renderer (../../../WebCore/page/FrameView.cpp:1328 virtual void WebCore::FrameView::paintContents(WebCore::GraphicsContext*, const WebCore::IntRect&)) ERROR: called Frame::paint with nil renderer (../../../WebCore/page/FrameView.cpp:1328 virtual void WebCore::FrameView::paintContents(WebCore::GraphicsContext*, const WebCore::IntRect&)) So I've had to go with your last suggestion which is to prevent calls to setJSStatusBarText if a frame's document is still in the middle of intialization. 120328 14 30111 robert 2009-05-07 13:01:56 -0700 Created attachment 30111 patch for FrameLoader::didOpenURL 120400 15 30111 ap 2009-05-07 23:23:10 -0700 Comment on attachment 30111 patch for FrameLoader::didOpenURL > + Not sure how I would create a test case for this patch, sorry! > + > + * loader/FrameLoader.cpp: > + (WebCore::FrameLoader::didOpenURL): There should be a bug URL and title in the ChangeLog, so that one could easily find the associated discussion. Also, it's best to describe changes for each function - that's why the list of functions is generated. As mentioned in a previous comment, we should have an ASSERT in Frame::setJSStatusBarText(), so that accidental undoing of this fix (or other similar issues) would be caught regardless of platform used. In fact, it would be useful to add such assertions before other client calls. r=me - I'll address my nitpicks while landing. 120409 16 ap 2009-05-08 00:58:54 -0700 Committed <http://trac.webkit.org/changeset/43393>. 29171 2009-04-01 12:14:59 -0700 2009-05-07 13:01:56 -0700 patch ensures document object is non-null frameview.patch text/plain 712 robert SW5kZXg6IFdlYkNvcmUvcGFnZS9GcmFtZVZpZXcuY3BwCj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUv cGFnZS9GcmFtZVZpZXcuY3BwCShyZXZpc2lvbiA0MjE1MCkKKysrIFdlYkNvcmUvcGFnZS9GcmFt ZVZpZXcuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC00NjgsNiArNDY4LDggQEAKICAgICAgICAgcmV0 dXJuOwogCiAgICAgRG9jdW1lbnQqIGRvY3VtZW50ID0gbV9mcmFtZS0+ZG9jdW1lbnQoKTsKKyAg ICBpZiAoIWRvY3VtZW50KQorICAgICAgICByZXR1cm47CiAKICAgICBtX2xheW91dFNjaGVkdWxp bmdFbmFibGVkID0gZmFsc2U7CiAKQEAgLTk2MCw3ICs5NjIsNyBAQAogICAgIHJldHVybiBsYXlv dXRQZW5kaW5nKCkKICAgICAgICAgfHwgKHJvb3QgJiYgcm9vdC0+bmVlZHNMYXlvdXQoKSkKICAg ICAgICAgfHwgbV9sYXlvdXRSb290Ci0gICAgICAgIHx8IGRvY3VtZW50LT5oYXNDaGFuZ2VkQ2hp bGQoKSAvLyBjYW4gb2NjdXIgd2hlbiB1c2luZyBXZWJLaXQgT2JqQyBpbnRlcmZhY2UKKyAgICAg ICAgfHwgKGRvY3VtZW50ICYmIGRvY3VtZW50LT5oYXNDaGFuZ2VkQ2hpbGQoKSkgLy8gY2FuIG9j Y3VyIHdoZW4gdXNpbmcgV2ViS2l0IE9iakMgaW50ZXJmYWNlCiAgICAgICAgIHx8IG1fZnJhbWUt Pm5lZWRzUmVhcHBseVN0eWxlcygpOwogfQogCg== 29175 2009-04-01 12:53:49 -0700 2009-05-07 13:01:56 -0700 and another one frameview.patch text/plain 1237 robert SW5kZXg6IFdlYkNvcmUvcGFnZS9GcmFtZVZpZXcuY3BwCj09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUv cGFnZS9GcmFtZVZpZXcuY3BwCShyZXZpc2lvbiA0MjE1MikKKysrIFdlYkNvcmUvcGFnZS9GcmFt ZVZpZXcuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC00NjgsNiArNDY4LDggQEAKICAgICAgICAgcmV0 dXJuOwogCiAgICAgRG9jdW1lbnQqIGRvY3VtZW50ID0gbV9mcmFtZS0+ZG9jdW1lbnQoKTsKKyAg ICBpZiAoIWRvY3VtZW50KQorICAgICAgICByZXR1cm47CiAKICAgICBtX2xheW91dFNjaGVkdWxp bmdFbmFibGVkID0gZmFsc2U7CiAKQEAgLTk2MCw3ICs5NjIsNyBAQAogICAgIHJldHVybiBsYXlv dXRQZW5kaW5nKCkKICAgICAgICAgfHwgKHJvb3QgJiYgcm9vdC0+bmVlZHNMYXlvdXQoKSkKICAg ICAgICAgfHwgbV9sYXlvdXRSb290Ci0gICAgICAgIHx8IGRvY3VtZW50LT5oYXNDaGFuZ2VkQ2hp bGQoKSAvLyBjYW4gb2NjdXIgd2hlbiB1c2luZyBXZWJLaXQgT2JqQyBpbnRlcmZhY2UKKyAgICAg ICAgfHwgKGRvY3VtZW50ICYmIGRvY3VtZW50LT5oYXNDaGFuZ2VkQ2hpbGQoKSkgLy8gY2FuIG9j Y3VyIHdoZW4gdXNpbmcgV2ViS2l0IE9iakMgaW50ZXJmYWNlCiAgICAgICAgIHx8IG1fZnJhbWUt Pm5lZWRzUmVhcHBseVN0eWxlcygpOwogfQogCkBAIC0xMjQzLDcgKzEyNDUsNyBAQAogdm9pZCBG cmFtZVZpZXc6OnVwZGF0ZURhc2hib2FyZFJlZ2lvbnMoKQogewogICAgIERvY3VtZW50KiBkb2N1 bWVudCA9IG1fZnJhbWUtPmRvY3VtZW50KCk7Ci0gICAgaWYgKCFkb2N1bWVudC0+aGFzRGFzaGJv YXJkUmVnaW9ucygpKQorICAgIGlmICghZG9jdW1lbnQgfHwgIWRvY3VtZW50LT5oYXNEYXNoYm9h cmRSZWdpb25zKCkpCiAgICAgICAgIHJldHVybjsKICAgICBWZWN0b3I8RGFzaGJvYXJkUmVnaW9u VmFsdWU+IG5ld1JlZ2lvbnM7CiAgICAgZG9jdW1lbnQtPnJlbmRlckJveCgpLT5jb2xsZWN0RGFz aGJvYXJkUmVnaW9ucyhuZXdSZWdpb25zKTsKQEAgLTEzMDAsNiArMTMwMiw5IEBACiAgICAgCiAg ICAgRG9jdW1lbnQqIGRvY3VtZW50ID0gZnJhbWUoKS0+ZG9jdW1lbnQoKTsKIAorICAgIGlmICgh ZG9jdW1lbnQpCisgICAgICByZXR1cm47CisKICNpZm5kZWYgTkRFQlVHCiAgICAgYm9vbCBmaWxs V2l0aFJlZDsKICAgICBpZiAoZG9jdW1lbnQtPnByaW50aW5nKCkpCg== 29620 2009-04-20 12:31:00 -0700 2009-05-07 13:01:56 -0700 alternative patch 24992.patch text/plain 701 robert SW5kZXg6IFdlYkNvcmUvcGFnZS9DaHJvbWUuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvcGFn ZS9DaHJvbWUuY3BwCShyZXZpc2lvbiA0MjI1OCkKKysrIFdlYkNvcmUvcGFnZS9DaHJvbWUuY3Bw CSh3b3JraW5nIGNvcHkpCkBAIC0yOTIsNyArMjkyLDEwIEBACiB2b2lkIENocm9tZTo6c2V0U3Rh dHVzYmFyVGV4dChGcmFtZSogZnJhbWUsIGNvbnN0IFN0cmluZyYgc3RhdHVzKQogewogICAgIEFT U0VSVChmcmFtZSk7Ci0gICAgbV9jbGllbnQtPnNldFN0YXR1c2JhclRleHQoZnJhbWUtPmRpc3Bs YXlTdHJpbmdNb2RpZmllZEJ5RW5jb2Rpbmcoc3RhdHVzKSk7CisgICAgLyogV2UgZG8gbm90IGhh dmUgYSBkb2N1bWVudCBhdCB0aGlzIHBvaW50LCBhbmQgdGhhdCBjYW4gYmUgZmF0YWwgZm9yCisg ICAgICAgY2xpZW50cyB0aGF0IHBlcmZvcm0gbGF5b3V0IGNoYW5nZXMgb24gdGhlIHVwZGF0ZSB0 byB0aGUgc3RhdHVzIGJhcidzIHRleHQuICovCisgICAgaWYgKGZyYW1lLT5kb2N1bWVudCgpKQor ICAgICAgICBtX2NsaWVudC0+c2V0U3RhdHVzYmFyVGV4dChmcmFtZS0+ZGlzcGxheVN0cmluZ01v ZGlmaWVkQnlFbmNvZGluZyhzdGF0dXMpKTsKIH0KIAogYm9vbCBDaHJvbWU6OnNob3VsZEludGVy cnVwdEphdmFTY3JpcHQoKQo= 29622 2009-04-20 13:05:50 -0700 2009-05-07 13:01:56 -0700 better patch 24992.patch text/plain 509 robert SW5kZXg6IFdlYktpdC9xdC9BcGkvcXdlYmZyYW1lLmNwcAo9PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBXZWJLaXQv cXQvQXBpL3F3ZWJmcmFtZS5jcHAJKHJldmlzaW9uIDQyMjU4KQorKysgV2ViS2l0L3F0L0FwaS9x d2ViZnJhbWUuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC0yMDUsNyArMjA1LDcgQEAKIAogdm9pZCBR V2ViRnJhbWVQcml2YXRlOjpyZW5kZXJQcml2YXRlKFFQYWludGVyICpwYWludGVyLCBjb25zdCBR UmVnaW9uICZjbGlwLCBib29sIGNvbnRlbnRzKQogewotICAgIGlmICghZnJhbWUtPnZpZXcoKSB8 fCAhZnJhbWUtPmNvbnRlbnRSZW5kZXJlcigpKQorICAgIGlmICghZnJhbWUtPnZpZXcoKSB8fCAh ZnJhbWUtPmNvbnRlbnRSZW5kZXJlcigpIHx8ICFmcmFtZS0+ZG9jdW1lbnQoKSkKICAgICAgICAg cmV0dXJuOwogCiAgICAgUVZlY3RvcjxRUmVjdD4gdmVjdG9yID0gY2xpcC5yZWN0cygpOwo= 30111 2009-05-07 13:01:56 -0700 2009-05-07 23:23:10 -0700 patch for FrameLoader::didOpenURL nulldoc.patch text/plain 1559 robert SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA0MzM1NykKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMjEgQEAKKzIwMDktMDUtMDcgIFJvYmVydCBIb2dhbiAgPHJvYmVydEByb2JlcnRo b2dhbi5uZXQ+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAg ICAgTm90IHN1cmUgaG93IEkgd291bGQgY3JlYXRlIGEgdGVzdCBjYXNlIGZvciB0aGlzIHBhdGNo LCBzb3JyeSEKKworICAgICAgICAqIGxvYWRlci9GcmFtZUxvYWRlci5jcHA6CisgICAgICAgIChX ZWJDb3JlOjpGcmFtZUxvYWRlcjo6ZGlkT3BlblVSTCk6CisKIDIwMDktMDUtMDcgIEJyYWR5IEVp ZHNvbiAgPGJlaWRzb25AYXBwbGUuY29tPgogCiAgICAgICAgIEkgaGF0ZSBteXNlbGYgZm9yIGRv aW5nIHRoaXMsIGJ1dCBuZWVkIHRvIGZpeCB0aGF0IENoYW5nZUxvZyBlbnRyeS4KSW5kZXg6IFdl YkNvcmUvbG9hZGVyL0ZyYW1lTG9hZGVyLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBXZWJDb3JlL2xvYWRl ci9GcmFtZUxvYWRlci5jcHAJKHJldmlzaW9uIDQzMzU3KQorKysgV2ViQ29yZS9sb2FkZXIvRnJh bWVMb2FkZXIuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC03MjEsOSArNzIxLDEzIEBAIGJvb2wgRnJh bWVMb2FkZXI6OmRpZE9wZW5VUkwoY29uc3QgS1VSTCYKICAgICBtX2lzTG9hZGluZ01haW5SZXNv dXJjZSA9IHRydWU7CiAgICAgbV9kaWRDYWxsSW1wbGljaXRDbG9zZSA9IGZhbHNlOwogCi0gICAg bV9mcmFtZS0+c2V0SlNTdGF0dXNCYXJUZXh0KFN0cmluZygpKTsKLSAgICBtX2ZyYW1lLT5zZXRK U0RlZmF1bHRTdGF0dXNCYXJUZXh0KFN0cmluZygpKTsKLQorICAgIC8vIElmIHdlIGFyZSBzdGls bCBpbiB0aGUgcHJvY2VzcyBvZiBpbml0aWFsaXppbmcgYW4gZW1wdHkgZG9jdW1lbnQgdGhlbgor ICAgIC8vIGl0cyBmcmFtZSBpcyBub3QgaW4gYSBjb25zaXN0ZW50IHN0YXRlIGZvciByZW5kZXJp bmcsIHNvIGF2b2lkIHNldEpTU3RhdHVzQmFyVGV4dAorICAgIC8vIHNpbmNlIGl0IG1heSBjYXVz ZSBjbGllbnRzIHRvIGF0dGVtcHQgdG8gcmVuZGVyIHRoZSBmcmFtZS4KKyAgICBpZiAoIW1fY3Jl YXRpbmdJbml0aWFsRW1wdHlEb2N1bWVudCkgeworICAgICAgICBtX2ZyYW1lLT5zZXRKU1N0YXR1 c0JhclRleHQoU3RyaW5nKCkpOworICAgICAgICBtX2ZyYW1lLT5zZXRKU0RlZmF1bHRTdGF0dXNC YXJUZXh0KFN0cmluZygpKTsKKyAgICB9CiAgICAgbV9VUkwgPSB1cmw7CiAgICAgaWYgKChtX1VS TC5wcm90b2NvbElzKCJodHRwIikgfHwgbV9VUkwucHJvdG9jb2xJcygiaHR0cHMiKSkgJiYgIW1f VVJMLmhvc3QoKS5pc0VtcHR5KCkgJiYgbV9VUkwucGF0aCgpLmlzRW1wdHkoKSkKICAgICAgICAg bV9VUkwuc2V0UGF0aCgiLyIpOwo=