57733 2011-04-03 14:29:15 -0700 fast/images/extra-image-in-image-document.html crashes when run after embed-image.html 2011-04-03 16:23:39 -0700 1 1 1 Unclassified WebKit Tools / Tests 528+ (Nightly build) Mac (Intel) OS X 10.5 RESOLVED FIXED LayoutTestFailure, MakingBotsRed, Regression P1 Normal --- 1 mitz webkit-unassigned aestes bdakin oldest_to_newest 378586 0 mitz 2011-04-03 14:29:15 -0700 To reproduce, with a release build on Leopard, run-webkit-tests fast/images/embed-image.html fast/images/extra-image-in-image-document.html Here is an example of the crash <http://build.webkit.org/results/Leopard%20Intel%20Debug%20(Tests)/r82794%20(28446)/fast/images/extra-image-in-image-document-crash-log.txt>. Backtrace follows. I think this may have started happening after http://trac.webkit.org/changeset/82782 since that seems to force the layout that triggers the crash. Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x000000000000004c Crashed Thread: 0 Thread 0 Crashed: 0 DumpRenderTree 0x00037e67 std::_Rb_tree<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::_Identity<std::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::less<std::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::begin() const + 9 (stl_tree.h:588) 1 DumpRenderTree 0x00037e8f std::set<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::begin() const + 17 (stl_set.h:239) 2 DumpRenderTree 0x00037a40 -[ResourceLoadDelegate webView:resource:willSendRequest:redirectResponse:fromDataSource:] + 944 (ResourceLoadDelegate.mm:163) 3 com.apple.WebKit 0x00e4d364 CallDelegate + 390 (WebDelegateImplementationCaching.mm:327) 4 com.apple.WebKit 0x00e4d3f2 CallResourceLoadDelegate + 60 (WebDelegateImplementationCaching.mm:540) 5 com.apple.WebKit 0x00e6ebad WebFrameLoaderClient::dispatchWillSendRequest(WebCore::DocumentLoader*, unsigned long, WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 259 (WebFrameLoaderClient.mm:388) 6 com.apple.WebCore 0x038d4952 WebCore::ResourceLoadNotifier::dispatchWillSendRequest(WebCore::DocumentLoader*, unsigned long, WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 154 7 com.apple.WebCore 0x038d4ccc WebCore::ResourceLoadNotifier::willSendRequest(WebCore::ResourceLoader*, WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 96 8 com.apple.WebCore 0x038d3233 WebCore::ResourceLoader::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 305 9 com.apple.WebCore 0x038d39c3 WebCore::ResourceLoader::init(WebCore::ResourceRequest const&) + 539 10 com.apple.WebCore 0x036b2dd9 WebCore::NetscapePlugInStreamLoader::create(WebCore::Frame*, WebCore::NetscapePlugInStreamLoaderClient*, WebCore::ResourceRequest const&) + 193 11 com.apple.WebCore 0x038d5f48 WebCore::ResourceLoadScheduler::schedulePluginStreamLoad(WebCore::Frame*, WebCore::NetscapePlugInStreamLoaderClient*, WebCore::ResourceRequest const&) + 38 12 com.apple.WebKit 0x00eb311d WebNetscapePluginStream::start() + 397 (WebNetscapePluginStream.mm:286) 13 com.apple.WebKit 0x00ebafdb -[WebNetscapePluginDocumentView(WebNPPCallbacks) loadRequest:inTarget:withNotifyData:sendNotification:] + 1255 (WebNetscapePluginView.mm:1772) 14 com.apple.WebKit 0x00ebd647 -[WebNetscapePluginDocumentView loadStream] + 385 (WebNetscapePluginView.mm:1173) 15 com.apple.WebKit 0x00e38633 -[WebBaseNetscapePluginView start] + 859 (WebBaseNetscapePluginView.mm:475) 16 com.apple.WebKit 0x00e35647 -[WebBaseNetscapePluginView viewDidMoveToWindow] + 265 (WebBaseNetscapePluginView.mm:662) 17 com.apple.AppKit 0x938c5ddc -[NSView _setWindow:] + 1413 18 com.apple.AppKit 0x938cebe5 -[NSView addSubview:] + 470 19 com.apple.WebKit 0x00e8d14b -[WebHTMLView addSubview:] + 61 (WebHTMLView.mm:3090) 20 com.apple.WebCore 0x03928d19 WebCore::ScrollView::platformAddChild(WebCore::Widget*) + 461 21 com.apple.WebCore 0x03924349 WebCore::ScrollView::addChild(WTF::PassRefPtr<WebCore::Widget>) + 267 22 com.apple.WebCore 0x038bd83a __ZN7WebCoreL22moveWidgetToParentSoonEPNS_6WidgetEPNS_9FrameViewE + 70 23 com.apple.WebCore 0x038bdbaa WebCore::RenderWidget::setWidget(WTF::PassRefPtr<WebCore::Widget>) + 688 24 com.apple.WebCore 0x0380e1b2 WebCore::RenderPart::setWidget(WTF::PassRefPtr<WebCore::Widget>) + 72 25 com.apple.WebCore 0x039a27e0 WebCore::SubframeLoader::loadPlugin(WebCore::HTMLPlugInImageElement*, WebCore::KURL const&, WTF::String const&, WTF::Vector<WTF::String, 0ul> const&, WTF::Vector<WTF::String, 0ul> const&, bool) + 544 26 com.apple.WebCore 0x039a35d8 WebCore::SubframeLoader::requestPlugin(WebCore::HTMLPlugInImageElement*, WebCore::KURL const&, WTF::String const&, WTF::Vector<WTF::String, 0ul> const&, WTF::Vector<WTF::String, 0ul> const&, bool) + 448 27 com.apple.WebCore 0x039a3779 WebCore::SubframeLoader::requestObject(WebCore::HTMLPlugInImageElement*, WTF::String const&, WTF::AtomicString const&, WTF::String const&, WTF::Vector<WTF::String, 0ul> const&, WTF::Vector<WTF::String, 0ul> const&) + 401 28 com.apple.WebCore 0x031de24e WebCore::HTMLEmbedElement::updateWidget(WebCore::PluginCreationOption) + 642 29 com.apple.WebCore 0x0314fabe WebCore::FrameView::updateWidget(WebCore::RenderEmbeddedObject*) + 388 30 com.apple.WebCore 0x0314fc7d WebCore::FrameView::updateWidgets() + 365 31 com.apple.WebCore 0x0314ffe3 WebCore::FrameView::performPostLayoutTasks() + 287 32 com.apple.WebCore 0x03153f53 WebCore::FrameView::layout(bool) + 3641 33 com.apple.WebCore 0x0312c487 WebCore::Frame::scalePage(float, WebCore::IntPoint const&) + 259 34 com.apple.WebKit 0x00f0cad4 -[WebView(WebPrivate) _scaleWebView:atOrigin:] + 88 (WebView.mm:2696) 35 DumpRenderTree 0x00015349 __ZL42resetWebViewToConsistentStateBeforeTestingv + 213 36 DumpRenderTree 0x00016149 __ZL7runTestRKSs + 747 37 DumpRenderTree 0x00016ab1 __ZL20runTestingServerLoopv + 119 38 DumpRenderTree 0x00016d44 dumpRenderTree(int, char const**) + 340 39 DumpRenderTree 0x00016f70 main + 94 (DumpRenderTree.mm:726) 40 DumpRenderTree 0x00002f4e start + 54 378592 1 mitz 2011-04-03 15:20:37 -0700 The crash happens because the callback is made after clearing the previous test’s layout test controller and before making a new one for the next test, so gLayoutTestController is null. 378593 2 88022 mitz 2011-04-03 15:46:04 -0700 Created attachment 88022 Avoid unnecessary layout when the page scale is not changing 378595 3 88022 mjs 2011-04-03 16:16:49 -0700 Comment on attachment 88022 Avoid unnecessary layout when the page scale is not changing r=me 378597 4 mitz 2011-04-03 16:23:39 -0700 Fixed in r82795. <http://trac.webkit.org/changeset/82795> 88022 2011-04-03 15:46:04 -0700 2011-04-03 16:16:49 -0700 Avoid unnecessary layout when the page scale is not changing 57733_r1.diff text/plain 2285 mitz SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDgyNzk0KQorKysgU291cmNlL1dlYkNvcmUvQ2hhbmdl TG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMjEgQEAKKzIwMTEtMDQtMDMgIERhbiBCZXJu c3RlaW4gIDxtaXR6QGFwcGxlLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9P UFMhKS4KKworICAgICAgICBmYXN0L2ltYWdlcy9leHRyYS1pbWFnZS1pbi1pbWFnZS1kb2N1bWVu dC5odG1sIGNyYXNoZXMgd2hlbiBydW4gYWZ0ZXIgZW1iZWQtaW1hZ2UuaHRtbAorICAgICAgICBo dHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NTc3MzMKKworICAgICAgICBU aGUgY3Jhc2ggaGFwcGVucyBiZWNhdXNlIHJlc2V0dGluZyB0aGUgcGFnZSBzY2FsZSBhcyBwYXJ0 IG9mIHByZXBhcmluZyB0aGUgV2ViVmlldyBmb3IgdGhlCisgICAgICAgIG5leHQgdGVzdCB0cmln Z2VyZWQgbGF5b3V0LCB3aGljaCBpbiB0dXJuIGNhdXNlZCBhIHBsdWctaW4gdG8gbWFrZSBhIHJl c291cmNlIHJlcXVlc3QsIGFuZAorICAgICAgICBEdW1wUmVuZGVyVHJlZdVzIGRlbGVnYXRlIHRv IGJlIGRpc3BhdGNoZWQuIFRoZSBkZWxlZ2F0ZSBkb2VzbtV0IGV4cGVjdCB0byBiZSBjYWxsZWQg YmV0d2VlbgorICAgICAgICB0ZXN0cywgYW5kIGl0IHJlZmVyZW5jZXMgdGhlIGxheW91dCB0ZXN0 IGNvbnRyb2xsZXIsIHdoaWNoIGlzIG51bGwuCisKKyAgICAgICAgKiBwYWdlL0ZyYW1lLmNwcDoK KyAgICAgICAgKFdlYkNvcmU6OkZyYW1lOjpzY2FsZVBhZ2UpOiBBdm9pZCBhbiB1bm5lY2Vzc2Fy eSBsYXlvdXQgaWYgdGhlIHBhZ2Ugc2NhbGUgaXNu1XQgY2hhbmdpbmcuIFRoaXMKKyAgICAgICAg aXMgbW9yZSBlZmZpY2llbnQsIGFuZCBoYXMgdGhlIHNpZGUgZWZmZWN0IG9mIGF2b2lkaW5nIHRo ZSBjcmFzaCBpbiBEdW1wUmVuZGVyVHJlZSwgYWx0aG91Z2gKKyAgICAgICAgRHVtcFJlbmRlclRy ZWUgY291bGQgc3RpbGwgY3Jhc2ggd2hlbiBhZnRlciBhIHRlc3Qgd2l0aCBkaXNhYmxlZCBwbHVn LWlucyBhbmQgYSBub24tMSBwYWdlIHNjYWxlLgorICAgICAgICBJIHRoaW5rIHRoZXJlIGFyZSBj dXJyZW50bHkgbm8gc3VjaCB0ZXN0cywgc28gSSBhbSBub3QgZml4aW5nIER1bXBSZW5kZXJUcmVl LgorCiAyMDExLTA0LTAzICBFcmljIFNlaWRlbCAgPGVyaWNAd2Via2l0Lm9yZz4KIAogICAgICAg ICBSZXZpZXdlZCBieSBSeW9zdWtlIE5pd2EuCkluZGV4OiBTb3VyY2UvV2ViQ29yZS9wYWdlL0Zy YW1lLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViQ29yZS9wYWdlL0ZyYW1lLmNwcAkocmV2 aXNpb24gODI3OTMpCisrKyBTb3VyY2UvV2ViQ29yZS9wYWdlL0ZyYW1lLmNwcAkod29ya2luZyBj b3B5KQpAQCAtOTk3LDE2ICs5OTcsMTggQEAgdm9pZCBGcmFtZTo6c2NhbGVQYWdlKGZsb2F0IHNj YWxlLCBjb25zdAogICAgIGlmICghZG9jdW1lbnQpCiAgICAgICAgIHJldHVybjsKIAotICAgIG1f cGFnZVNjYWxlRmFjdG9yID0gc2NhbGU7CisgICAgaWYgKHNjYWxlICE9IG1fcGFnZVNjYWxlRmFj dG9yKSB7CisgICAgICAgIG1fcGFnZVNjYWxlRmFjdG9yID0gc2NhbGU7CiAKLSAgICBpZiAoZG9j dW1lbnQtPnJlbmRlcmVyKCkpCi0gICAgICAgIGRvY3VtZW50LT5yZW5kZXJlcigpLT5zZXROZWVk c0xheW91dCh0cnVlKTsKKyAgICAgICAgaWYgKGRvY3VtZW50LT5yZW5kZXJlcigpKQorICAgICAg ICAgICAgZG9jdW1lbnQtPnJlbmRlcmVyKCktPnNldE5lZWRzTGF5b3V0KHRydWUpOwogCi0gICAg ZG9jdW1lbnQtPnJlY2FsY1N0eWxlKE5vZGU6OkZvcmNlKTsKKyAgICAgICAgZG9jdW1lbnQtPnJl Y2FsY1N0eWxlKE5vZGU6OkZvcmNlKTsKIAogI2lmIFVTRShBQ0NFTEVSQVRFRF9DT01QT1NJVElO RykKLSAgICB1cGRhdGVDb250ZW50c1NjYWxlKHNjYWxlKTsKKyAgICAgICAgdXBkYXRlQ29udGVu dHNTY2FsZShzY2FsZSk7CiAjZW5kaWYKKyAgICB9CiAKICAgICBpZiAoRnJhbWVWaWV3KiB2aWV3 ID0gdGhpcy0+dmlldygpKSB7CiAgICAgICAgIGlmIChkb2N1bWVudC0+cmVuZGVyZXIoKSAmJiBk b2N1bWVudC0+cmVuZGVyZXIoKS0+bmVlZHNMYXlvdXQoKSAmJiB2aWV3LT5kaWRGaXJzdExheW91 dCgpKQo=