83539 2012-04-09 19:11:46 -0700 Web Inspector: ASSERT attempting to unbind null contentDocument 2012-04-09 21:42:39 -0700 1 1 1 Unclassified WebKit Web Inspector (Deprecated) 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 0 joepeck webkit-unassigned apavlov bweinstein joepeck keishi loislo pfeldman pmuellr rik timothy webkit.review.bot yurys oldest_to_newest 598888 0 joepeck 2012-04-09 19:11:46 -0700 ASSERT: ASSERTION FAILED: !HashTranslator::equal(KeyTraits::emptyValue(), key) 1 0x3b3c89b void WTF::HashTable<WTF::RefPtr<WebCore::Node>, std::__1::pair<WTF::RefPtr<WebCore::Node>, int>, WTF::PairFirstExtractor<std::__1::pair<WTF::RefPtr<WebCore::Node>, int> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::PairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<int> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> > >::checkKey<WTF::HashMapTranslator<WTF::PairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<int> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node> > >, WebCore::Node*>(WebCore::Node* const&) 2 0x3b3c387 std::__1::pair<WTF::RefPtr<WebCore::Node>, int>* WTF::HashTable<WTF::RefPtr<WebCore::Node>, std::__1::pair<WTF::RefPtr<WebCore::Node>, int>, WTF::PairFirstExtractor<std::__1::pair<WTF::RefPtr<WebCore::Node>, int> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::PairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<int> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> > >::lookup<WTF::HashMapTranslator<WTF::PairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<int> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node> > >, WebCore::Node*>(WebCore::Node* const&) 3 0x3b413c4 WTF::HashMap<WTF::RefPtr<WebCore::Node>, int, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<int> >::inlineGet(WebCore::Node*) const 4 0x3b2e6b4 WTF::HashMap<WTF::RefPtr<WebCore::Node>, int, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<int> >::get(WebCore::Node*) const 5 0x3b231c1 WebCore::InspectorDOMAgent::unbind(WebCore::Node*, WTF::HashMap<WTF::RefPtr<WebCore::Node>, int, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<int> >*) 6 0x3b23268 WebCore::InspectorDOMAgent::unbind(WebCore::Node*, WTF::HashMap<WTF::RefPtr<WebCore::Node>, int, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<int> >*) 7 0x3b2337c WebCore::InspectorDOMAgent::unbind(WebCore::Node*, WTF::HashMap<WTF::RefPtr<WebCore::Node>, int, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<int> >*) 8 0x3b2337c WebCore::InspectorDOMAgent::unbind(WebCore::Node*, WTF::HashMap<WTF::RefPtr<WebCore::Node>, int, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<int> >*) 9 0x3b2337c WebCore::InspectorDOMAgent::unbind(WebCore::Node*, WTF::HashMap<WTF::RefPtr<WebCore::Node>, int, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<int> >*) 10 0x3b23268 WebCore::InspectorDOMAgent::unbind(WebCore::Node*, WTF::HashMap<WTF::RefPtr<WebCore::Node>, int, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<int> >*) 11 0x3b2337c WebCore::InspectorDOMAgent::unbind(WebCore::Node*, WTF::HashMap<WTF::RefPtr<WebCore::Node>, int, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<int> >*) 12 0x3b2337c WebCore::InspectorDOMAgent::unbind(WebCore::Node*, WTF::HashMap<WTF::RefPtr<WebCore::Node>, int, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<int> >*) 13 0x3b2337c WebCore::InspectorDOMAgent::unbind(WebCore::Node*, WTF::HashMap<WTF::RefPtr<WebCore::Node>, int, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<int> >*) 14 0x3b2337c WebCore::InspectorDOMAgent::unbind(WebCore::Node*, WTF::HashMap<WTF::RefPtr<WebCore::Node>, int, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<int> >*) 15 0x3b2337c WebCore::InspectorDOMAgent::unbind(WebCore::Node*, WTF::HashMap<WTF::RefPtr<WebCore::Node>, int, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<int> >*) 16 0x3b2337c WebCore::InspectorDOMAgent::unbind(WebCore::Node*, WTF::HashMap<WTF::RefPtr<WebCore::Node>, int, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<int> >*) 17 0x3b2337c WebCore::InspectorDOMAgent::unbind(WebCore::Node*, WTF::HashMap<WTF::RefPtr<WebCore::Node>, int, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<int> >*) 18 0x3b2cc6f WebCore::InspectorDOMAgent::didRemoveDOMNode(WebCore::Node*) 19 0x3b68a7c WebCore::InspectorInstrumentation::didRemoveDOMNodeImpl(WebCore::InstrumentingAgents*, WebCore::Node*) 20 0x3252d73 WebCore::InspectorInstrumentation::willRemoveDOMNode(WebCore::Document*, WebCore::Node*) 21 0x324f9f9 WebCore::dispatchChildRemovalEvents(WebCore::Node*) 22 0x324cde1 WebCore::willRemoveChild(WebCore::Node*) 23 0x324a3ab WebCore::ContainerNode::removeChild(WebCore::Node*, int&) 24 0x4407db1 WebCore::Node::removeChild(WebCore::Node*, int&) 25 0x35cfda2 WebCore::DOMEditor::RemoveChildAction::redo(int&) 26 0x35cfc52 WebCore::DOMEditor::RemoveChildAction::perform(int&) 27 0x3b66d1c WebCore::InspectorHistory::perform(WTF::PassOwnPtr<WebCore::InspectorHistory::Action>, int&) 28 0x35cb24c WebCore::DOMEditor::removeChild(WebCore::Node*, WebCore::Node*, int&) 29 0x35cc087 WebCore::DOMEditor::removeChild(WebCore::Node*, WebCore::Node*, WTF::String*) 30 0x3b26bb2 WebCore::InspectorDOMAgent::removeNode(WTF::String*, int) 31 0x3b26c26 non-virtual thunk to WebCore::InspectorDOMAgent::removeNode(WTF::String*, int) InspectorDOMAgent::unbind: ... if (node->isFrameOwnerElement()) { const HTMLFrameOwnerElement* frameOwner = static_cast<const HTMLFrameOwnerElement*>(node); if (m_domListener) m_domListener->didRemoveDocument(frameOwner->contentDocument()); unbind(frameOwner->contentDocument(), nodesMap); } ... I was unable to reproduce this, but its clear that contentDocument can be null so when we're trying to unbind it we should avoid this if its null. Note that the bind side does null check: ... Document* doc = frameOwner->contentDocument(); if (doc) value->setContentDocument(buildObjectForNode(doc, 0, nodesMap)); ... 598890 1 joepeck 2012-04-09 19:12:38 -0700 <rdar://problem/11215264> 598896 2 136374 joepeck 2012-04-09 19:16:03 -0700 Created attachment 136374 [PATCH] Proposed Fix I was unable to reproduce this so I couldn't create a test case. =( In the fix we still call didRemoveDocument because that handles null and does other work. 598918 3 136374 timothy 2012-04-09 19:41:35 -0700 Comment on attachment 136374 [PATCH] Proposed Fix View in context: https://bugs.webkit.org/attachment.cgi?id=136374&action=review > Source/WebCore/inspector/InspectorDOMAgent.cpp:338 > + m_domListener->didRemoveDocument(contentDocument); Is it safe to pass a null contenDocument to didRemoveDocument? 598929 4 joepeck 2012-04-09 19:56:04 -0700 (In reply to comment #3) > (From update of attachment 136374 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=136374&action=review > > > Source/WebCore/inspector/InspectorDOMAgent.cpp:338 > > + m_domListener->didRemoveDocument(contentDocument); > > Is it safe to pass a null contenDocument to didRemoveDocument? Yep, and I think its preferred since that does other work we might want: void InspectorCSSAgent::didRemoveDocument(Document* document) { if (document) m_documentToInspectorStyleSheet.remove(document); clearPseudoState(false); } 598989 5 136374 webkit.review.bot 2012-04-09 21:42:35 -0700 Comment on attachment 136374 [PATCH] Proposed Fix Clearing flags on attachment: 136374 Committed r113675: <http://trac.webkit.org/changeset/113675> 598990 6 webkit.review.bot 2012-04-09 21:42:39 -0700 All reviewed patches have been landed. Closing bug. 136374 2012-04-09 19:16:03 -0700 2012-04-09 21:42:34 -0700 [PATCH] Proposed Fix take1.patch text/plain 1665 joepeck ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZwppbmRleCAxNzRlZDg4Li45NDYyZjVjIDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29y ZS9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTUg QEAKKzIwMTItMDQtMDkgIEpvc2VwaCBQZWNvcmFybyAgPHBlY29yYXJvQGFwcGxlLmNvbT4KKwor ICAgICAgICA8aHR0cDovL3dlYmtpdC5vcmcvYi84MzUzOT4gV2ViIEluc3BlY3RvcjogQVNTRVJU IGF0dGVtcHRpbmcgdG8gdW5iaW5kIG51bGwgY29udGVudERvY3VtZW50CisKKyAgICAgICAgQXZv aWQgY2FsbGluZyB1bmJpbmQgd2l0aCBhIG51bGwgb2JqZWN0LiBUaGUgSFRNTEZyYW1lT3duZXJF bGVtZW50J3MKKyAgICAgICAgY29udGVudERvY3VtZW50IGNhbiBiZSBudWxsLgorCisgICAgICAg IFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgICogaW5zcGVjdG9yL0luc3Bl Y3RvckRPTUFnZW50LmNwcDoKKyAgICAgICAgKFdlYkNvcmU6Okluc3BlY3RvckRPTUFnZW50Ojp1 bmJpbmQpOgorCiAyMDEyLTA0LTA1ICBKb3NlcGggUGVjb3Jhcm8gIDxwZWNvcmFyb0BhcHBsZS5j b20+CiAKICAgICAgICAgPGh0dHA6Ly93ZWJraXQub3JnL2IvODMxMDg+IFdlYiBJbnNwZWN0b3I6 IEpTQyBDcmFzaCBpbnNwZWN0aW5nIG5vZGUgd2l0aCBvYmplY3QgZXZlbnQgbGlzdGVuZXIKZGlm ZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL2luc3BlY3Rvci9JbnNwZWN0b3JET01BZ2VudC5jcHAg Yi9Tb3VyY2UvV2ViQ29yZS9pbnNwZWN0b3IvSW5zcGVjdG9yRE9NQWdlbnQuY3BwCmluZGV4IDhi OWFkOTIuLmY3MjdjOGYgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL2luc3BlY3Rvci9JbnNw ZWN0b3JET01BZ2VudC5jcHAKKysrIGIvU291cmNlL1dlYkNvcmUvaW5zcGVjdG9yL0luc3BlY3Rv ckRPTUFnZW50LmNwcApAQCAtMzMzLDkgKzMzMywxMSBAQCB2b2lkIEluc3BlY3RvckRPTUFnZW50 Ojp1bmJpbmQoTm9kZSogbm9kZSwgTm9kZVRvSWRNYXAqIG5vZGVzTWFwKQogCiAgICAgaWYgKG5v ZGUtPmlzRnJhbWVPd25lckVsZW1lbnQoKSkgewogICAgICAgICBjb25zdCBIVE1MRnJhbWVPd25l ckVsZW1lbnQqIGZyYW1lT3duZXIgPSBzdGF0aWNfY2FzdDxjb25zdCBIVE1MRnJhbWVPd25lckVs ZW1lbnQqPihub2RlKTsKKyAgICAgICAgRG9jdW1lbnQqIGNvbnRlbnREb2N1bWVudCA9IGZyYW1l T3duZXItPmNvbnRlbnREb2N1bWVudCgpOwogICAgICAgICBpZiAobV9kb21MaXN0ZW5lcikKLSAg ICAgICAgICAgIG1fZG9tTGlzdGVuZXItPmRpZFJlbW92ZURvY3VtZW50KGZyYW1lT3duZXItPmNv bnRlbnREb2N1bWVudCgpKTsKLSAgICAgICAgdW5iaW5kKGZyYW1lT3duZXItPmNvbnRlbnREb2N1 bWVudCgpLCBub2Rlc01hcCk7CisgICAgICAgICAgICBtX2RvbUxpc3RlbmVyLT5kaWRSZW1vdmVE b2N1bWVudChjb250ZW50RG9jdW1lbnQpOworICAgICAgICBpZiAoY29udGVudERvY3VtZW50KQor ICAgICAgICAgICAgdW5iaW5kKGNvbnRlbnREb2N1bWVudCwgbm9kZXNNYXApOwogICAgIH0KIAog ICAgIGlmIChub2RlLT5pc0VsZW1lbnROb2RlKCkgJiYgdG9FbGVtZW50KG5vZGUpLT5oYXNTaGFk b3dSb290KCkpIHsK