Bug 10854

Summary:	REGRESSION: Crash in WebCore::Frame::stop in dom/xhtml/level2/html/HTMLIFrameElement11.xhtml
Product:	WebKit	Reporter:	Mark Rowe (bdash) <mrowe>
Component:	Page Loading	Assignee:	Brady Eidson <beidson>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	beidson
Priority:	P1	Keywords:	Regression
Version:	420+
Hardware:	Mac
OS:	OS X 10.4

Mark Rowe (bdash)

Reported 2006-09-14 04:25:48 PDT

Running DRT on dom/xhtml/level2/html/HTMLIFrameElement11.xhtml inside GDB results in a crash, details shown below. This appears to be a result of r16360 (http://trac.webkit.org/projects/webkit/changeset/16360#file13). Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x00000350 0x010f8319 in WebCore::Frame::stop (this=0x1a9f8f00) at /Users/mrowe/Documents/Source/SVN/WebKit-Devel/WebCore/page/Frame.cpp:788 788 if (d->m_iconLoader) (gdb) bt #0 0x010f8319 in WebCore::Frame::stop (this=0x1a9f8f00) at /Users/mrowe/Documents/Source/SVN/WebKit-Devel/WebCore/page/Frame.cpp:788 #1 0x01126492 in -[WebCoreFrameBridge stop] (self=0x1a9a2100, _cmd=0x90ac2ba8) at /Users/mrowe/Documents/Source/SVN/WebKit-Devel/WebCore/bridge/mac/WebCoreFrameBridge.mm:733 #2 0x00230be1 in -[WebDataSource(WebInternal) _receivedMainResourceError:complete:] (self=0x1a9ea350, _cmd=0x90a7d144, error=0x1a9f89b0, isComplete=1 '\001') at /Users/mrowe/Documents/Source/SVN/WebKit-Devel/WebKit/WebView/WebDataSource.m:464 #3 0x0029c1f2 in -[WebFrameLoader _receivedMainResourceError:complete:] (self=0x1a9f8ff0, _cmd=0x90a7d144, error=0x1a9f89b0, isComplete=1 '\001') at /Users/mrowe/Documents/Source/SVN/WebKit-Devel/WebKit/Loader/WebFrameLoader.m:445 #4 0x0029fd70 in -[WebMainResourceLoader receivedError:] (self=0x1a9f9680, _cmd=0x90ab41a0, error=0x1a9f89b0) at /Users/mrowe/Documents/Source/SVN/WebKit-Devel/WebKit/Loader/WebMainResourceLoader.m:87 #5 0x002a113d in -[WebMainResourceLoader didFailWithError:] (self=0x1a9f9680, _cmd=0x90a9b158, error=0x1a9f89b0) at /Users/mrowe/Documents/Source/SVN/WebKit-Devel/WebKit/Loader/WebMainResourceLoader.m:375 #6 0x0029f7be in -[WebLoader connection:didFailWithError:] (self=0x1a9f9680, _cmd=0x90a97018, con=0x1a9e2460, error=0x1a9f89b0) at /Users/mrowe/Documents/Source/SVN/WebKit-Devel/WebKit/Loader/WebLoader.m:491 #7 0x927b2d7e in -[NSURLConnection(NSURLConnectionInternal) _sendDidFailCallback] () #8 0x9278db15 in -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] () #9 0x9278d7b3 in _sendCallbacks () #10 0x90823379 in CFRunLoopRunSpecific () #11 0x90822eb5 in CFRunLoopRunInMode () #12 0x9275eb4a in -[NSRunLoop runMode:beforeDate:] () #13 0x00008ca6 in runTest (pathOrURL=0xbffff7c4 "LayoutTests/dom/xhtml/level2/html/HTMLIFrameElement11.xhtml") at /Users/mrowe/Documents/Source/SVN/WebKit-Devel/WebKitTools/DumpRenderTree/DumpRenderTree.m:985 #14 0x00005de7 in main (argc=2, argv=0xbffff6a0) at /Users/mrowe/Documents/Source/SVN/WebKit-Devel/WebKitTools/DumpRenderTree/DumpRenderTree.m:356 Current language: auto; currently c++ (gdb) print d warning: can't find linker symbol for virtual table for `Frame' value $1 = (FramePrivate *) 0x0 (gdb) list 783 // WebKit partially uses WebCore when loading non-HTML docs. In these cases doc==nil, but 784 // WebCore is enough involved that we need to checkCompleted() in order for m_bComplete to 785 // become true. An example is when a subframe is a pure text doc, and that subframe is the 786 // last one to complete. 787 checkCompleted(); 788 if (d->m_iconLoader) 789 d->m_iconLoader->stopLoading(); 790 } 791 792 void Frame::gotoAnchor() (gdb) The program is running. Exit anyway? (y or n) y

Attachments
Add attachment proposed patch, testcase, etc.

Brady Eidson

Comment 1 2006-09-14 15:52:53 PDT

Got it - the frame was deleting itself (in effect) by its refptrs running out. Added a protector

David Kilzer (:ddkilzer)

Comment 2 2006-09-14 16:09:29 PDT

(In reply to comment #1) > Got it - the frame was deleting itself (in effect) by its refptrs running out. > Added a protector Apparently fixed in r16366.

Mark Rowe (bdash)

Comment 3 2006-09-14 16:16:39 PDT

I'm still seeing this exact crash after r16366.

Brady Eidson

Comment 4 2006-09-14 16:28:17 PDT

Yup - I found the fix, but needed to put it in more than one place - very rash of me, actually, fixing it on the local break I was seeing and not fully exploring the stack trace that was *actually* reported. I have the actual fix building right now.

Brady Eidson

Comment 5 2006-09-14 16:39:32 PDT

From OpenSource/LayoutTests - `run-webkit-tests dom/xhtml/level2/html/HTMLIFrameElement11.xhtml` ---- Running tests from /Volumes/Data/Users/bradeeoh/svn/OpenSource/LayoutTests Testing 1 test cases. dom/xhtml/level2/html . 3.88s total testing time all 1 test cases succeeded ---- okay, submitted in 16367 - please let this be the end ;)

Mark Rowe (bdash)

Comment 6 2006-09-14 21:07:54 PDT

That seems to have done the trick. Thanks Brady!

Note You need to log in before you can comment on or make changes to this bug.