Bug 115261
| Summary: | REGRESSION(r144400): It made editing/selection/selection-invalid-offset.html fails with crash | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Ádám Kallai <kadam> |
| Component: | Page Loading | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | allan.jensen, ap, leviw, ossy, rniwa, zarvai |
| Priority: | P2 | Keywords: | LayoutTestFailure |
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Bug Depends on: | |||
| Bug Blocks: | 79668 | ||
Ádám Kallai
I could reproduce the problem. This test passes if it is run alone. Otherwise, if editing/selection/selection-in-iframe-removed-crash.html and editing/selection/selection-invalid-offset.html are run together, then the last one starts to fail with crash. The test fails with crash on debug bots.
#0 0x00007f470a81f425 in __GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1 0x00007f470a822b8b in __GI_abort () at abort.c:91
#2 0x00007f470b14376e in QMessageLogger::fatal(char const*, ...) const () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#3 0x00007f4700b40018 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.1/plugins/platforms/libqxcb.so
#4 0x00007f4700b41cbf in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.1/plugins/platforms/libqxcb.so
#5 0x00007f4700b5099a in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.1/plugins/platforms/libqxcb.so
#6 0x00007f470b7c0a67 in QGuiApplicationPrivate::createPlatformIntegration() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Gui.so.5
#7 0x00007f470b7c16dd in QGuiApplicationPrivate::createEventDispatcher() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Gui.so.5
#8 0x00007f470b2eaade in QCoreApplication::init() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#9 0x00007f470b2eab45 in QCoreApplication::QCoreApplication(QCoreApplicationPrivate&) ()
from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5
#10 0x00007f470b7c21b9 in QGuiApplication::QGuiApplication(QGuiApplicationPrivate&) ()
from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Gui.so.5
#11 0x00007f470c3890b2 in QApplication::QApplication(int&, char**, int) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5
#12 0x000000000042a4df in takeOptionValue (arguments=..., index=0)
at /home/kadam/webkit/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeMain.cpp:88
#13 0x00007f470a80a76d in __libc_start_main (main=0x42a3d3 <isOption(QString const&)+636>, argc=2, ubp_av=0x7fffcdfb42d8,
init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffcdfb42c8) at libc-start.c:226
#14 0x0000000000412f29 in QString::compare ()
#15 0x00007fffcdfb42c8 in ?? ()
#16 0x000000000000001c in ?? ()
#17 0x0000000000000002 in ?? ()
#18 0x00007fffcdfb4d48 in ?? ()
#19 0x00007fffcdfb4d87 in ?? ()
#20 0x0000000000000000 in ?? ()
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Ádám Kallai
Skipped in: http://trac.webkit.org/changeset/149189
Ryosuke Niwa
The fix shouldn’t cause a new crash. Chances are, the crash had been masked by a use-after-free bug :(
Alexey Proskuryakov
This test is flakily crashing on Mac too, and TestExpectations entry points to this bug. Removing [Qt] form title.
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x0000000104b52e9a WebCore::FrameLoader::dispatchDidCommitLoad() + 122 (RefPtr.h:59)
1 com.apple.WebCore 0x0000000104b52c53 WebCore::FrameLoader::receivedFirstData() + 19 (FrameLoader.cpp:624)
2 com.apple.WebCore 0x0000000104a43594 WebCore::DocumentLoader::commitData(char const*, unsigned long) + 244 (RefPtr.h:40)
3 com.apple.WebKit 0x00000001045a2c63 -[WebHTMLRepresentation receivedData:withDataSource:] + 115 (WebHTMLRepresentation.mm:189)
4 com.apple.WebKit 0x0000000104577b00 -[WebDataSource(WebInternal) _receivedData:] + 64 (WebDataSource.mm:216)
5 com.apple.WebKit 0x000000010458ef57 WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 103 (WebFrameLoaderClient.mm:888)
6 com.apple.WebCore 0x0000000104a44cbb WebCore::DocumentLoader::commitLoad(char const*, int) + 139 (RefCounted.h:141)
7 com.apple.WebCore 0x0000000104a45310 WebCore::DocumentLoader::dataReceived(WebCore::CachedResource*, char const*, int) + 720 (DocumentLoader.cpp:864)