Bug 123726

Summary:

ASSERTION FAILED: m_gaveUpReference in WTF::PassRef<WebCore::RenderStyle>::~PassRef

Product:

WebKit

Reporter:

Renata Hodovan <rhodovan.u-szeged>

Component:

Layout and Rendering

Assignee:

Andreas Kling <kling>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

andersca, commit-queue, darin, esprehn+autocc, glenn, kling, koivisto, kondapallykalyan, noam

Priority:

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

Bug Blocks:

116980

Attachments:

Description	Flags
Test case	none
Patch	none

Renata Hodovan

Reported 2013-11-04 01:54:57 PST

Created attachment 215898 [details] Test case The test: <table> <div> <form style="display: none"/> Backtrace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff5d19749 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342 342 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff5d19749 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:342 #1 0x00007ffff1275c13 in WTF::PassRef<WebCore::RenderStyle>::~PassRef (this=0x7fffffffbf90, __in_chrg=<optimized out>) at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/PassRef.h:102 #2 0x00007ffff150724e in WebCore::HTMLElement::createRenderer (this=0x1225c20, style=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/HTMLElement.cpp:788 #3 0x00007ffff1da26f0 in WebCore::Style::createRendererIfNeeded (element=..., resolvedStyle=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:240 #4 0x00007ffff1da33b6 in WebCore::Style::attachRenderTree (current=..., resolvedStyle=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:478 #5 0x00007ffff1da44e6 in WebCore::Style::attachRenderTree (element=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/style/StyleResolveTree.cpp:832 #6 0x00007ffff15f67c2 in WebCore::executeTask (task=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:104 #7 0x00007ffff15f6b01 in WebCore::HTMLConstructionSite::executeQueuedTasks (this=0x93b678) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:150 #8 0x00007ffff1623442 in WebCore::HTMLTreeBuilder::constructTree (this=0x93b660, token=0x7fffffffc200) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:368 #9 0x00007ffff15fe77c in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken (this=0x106b880, rawToken=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:595 #10 0x00007ffff15fe3e7 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x106b880, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:552 #11 0x00007ffff15fdbd7 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x106b880, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:236 #12 0x00007ffff15fecbd in WebCore::HTMLDocumentParser::append (this=0x106b880, inputSource=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:742 #13 0x00007ffff1303a96 in WebCore::DecodedDataDocumentParser::flush (this=0x106b880, writer=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/DecodedDataDocumentParser.cpp:60 #14 0x00007ffff17701e1 in WebCore::DocumentWriter::end (this=0x1164020) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:242 #15 0x00007ffff175da7a in WebCore::DocumentLoader::finishedLoading (this=0x1163f80, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:408 #16 0x00007ffff175d7e8 in WebCore::DocumentLoader::notifyFinished (this=0x1163f80, resource=0x1179fc0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:345 #17 0x00007ffff17f3d76 in WebCore::CachedResource::checkNotify (this=0x1179fc0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:369 #18 0x00007ffff17f3e50 in WebCore::CachedResource::finishLoading (this=0x1179fc0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:385 #19 0x00007ffff17f08aa in WebCore::CachedRawResource::finishLoading (this=0x1179fc0, data=0x1129c50) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94 #20 0x00007ffff17ae630 in WebCore::SubresourceLoader::didFinishLoading (this=0x117a530, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:283 #21 0x00007ffff17aa7d1 in WebCore::ResourceLoader::didFinishLoading (this=0x117a530, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:487 #22 0x00007ffff248228e in WebCore::readCallback (asyncResult=0x117f9b0, data=0x1179fa0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1328 #23 0x00007fffe88b7bc9 in async_ready_callback_wrapper (source_object=0x670980, res=0x117f9b0, user_data=0x1179fa0) at ginputstream.c:530 #24 0x00007fffe88d9ccb in g_task_return_now (task=0x117f9b0) at gtask.c:1105 #25 complete_in_idle_cb (task=<optimized out>) at gtask.c:1114 #26 0x00007fffedfc7473 in g_main_dispatch (context=0x117f0a0) at gmain.c:3054 #27 g_main_context_dispatch (context=0x117f0a0) at gmain.c:3630 #28 0x00007ffff75c8aee in _ecore_glib_select__locked (ecore_timeout=0x117f0a0, efds=<optimized out>, wfds=<optimized out>, rfds=<optimized out>, ecore_fds=1, ctx=<optimized out>) at ecore_glib.c:171 #29 _ecore_glib_select (ecore_fds=1, rfds=<optimized out>, wfds=<optimized out>, efds=<optimized out>, ecore_timeout=0x117f0a0) at ecore_glib.c:205 #30 0x00007ffff75c2cb9 in _ecore_main_select (timeout=<optimized out>) at ecore_main.c:1466 #31 0x00007ffff75c3789 in _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1860 ---Type <return> to continue, or q <return> to quit--- #32 0x00007ffff75c3b47 in ecore_main_loop_begin () at ecore_main.c:956 #33 0x0000000000406dfa in main (argc=2, argv=0x7fffffffde68) at /home/reni/Data/REPOS/webkit_sec/Tools/EWebLauncher/main.c:1044

Attachments
Test case (43 bytes, text/html) 2013-11-04 01:54 PST, Renata Hodovan	no flags	Details
Patch (2.87 KB, patch) 2013-11-04 04:16 PST, Andreas Kling	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Andreas Kling

Comment 1 2013-11-04 04:16:51 PST

Created attachment 215910 [details] Patch

WebKit Commit Bot

Comment 2 2013-11-04 04:38:18 PST

The commit-queue encountered the following flaky tests while processing attachment 215910 [details]: webaudio/delaynode-maxdelay.html bug 123736 (authors: crogers@google.com, haraken@chromium.org, mark.lam@apple.com, and rniwa@webkit.org) The commit-queue is continuing to process your patch.

WebKit Commit Bot

Comment 3 2013-11-04 04:39:06 PST

Comment on attachment 215910 [details] Patch Clearing flags on attachment: 215910 Committed r158570: <http://trac.webkit.org/changeset/158570>

WebKit Commit Bot

Comment 4 2013-11-04 04:39:08 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.