Bug 190320

Summary: Regression(r236862): Crash under DOMWindowExtension::willDetachGlobalObjectFromFrame()
Product: WebKit Reporter: Chris Dumez <cdumez>
Component: DOMAssignee: Chris Dumez <cdumez>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, commit-queue, dbates, esprehn+autocc, ews-watchlist, ggaren, kangil.han, rniwa, webkit-bug-importer
Priority: P2 Keywords: InRadar, Regression
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 190282    
Attachments:
Description Flags
WIP Patch (needs tests)
none
Patch none

Chris Dumez
Reported 2018-10-05 13:11:56 PDT
Crash under DOMWindowExtension::willDetachGlobalObjectFromFrame() since r236862: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x00000004110a95e0 WTFCrash + 16 (Assertions.cpp:255) 1 com.apple.WebCore 0x000000040000de8b WTFCrashWithInfo(int, char const*, char const*, int) + 27 2 com.apple.WebCore 0x00000004029e78e0 WebCore::DOMWindowExtension::willDetachGlobalObjectFromFrame() + 208 (DOMWindowExtension.cpp:104) 3 com.apple.WebCore 0x00000004029dc1a3 WebCore::DOMWindow::willDetachDocumentFromFrame() + 131 (DOMWindow.cpp:510) 4 com.apple.WebCore 0x00000004020294c1 WebCore::Document::detachFromFrame() + 49 5 com.apple.WebCore 0x000000040202a093 WebCore::Document::prepareForDestruction() + 1539 (Document.cpp:2501) 6 com.apple.WebCore 0x0000000402a3a560 WebCore::Frame::setView(WTF::RefPtr<WebCore::FrameView, WTF::DumbPtrTraits<WebCore::FrameView> >&&) + 192 (Frame.cpp:242) 7 com.apple.WebCore 0x0000000402a3e80b WebCore::Frame::createView(WebCore::IntSize const&, WebCore::Color const&, bool, WebCore::IntSize const&, WebCore::IntRect const&, bool, WebCore::ScrollbarMode, bool, WebCore::ScrollbarMode, bool) + 299 (Frame.cpp:913) 8 com.apple.WebKit 0x00000001104191ca WebKit::WebFrameLoaderClient::transitionToCommittedForNewPage() + 842 (WebFrameLoaderClient.cpp:1430) 9 com.apple.WebCore 0x000000040287f4b8 WebCore::FrameLoader::transitionToCommitted(WebCore::CachedPage*) + 1160 (FrameLoader.cpp:2131) 10 com.apple.WebCore 0x000000040287e550 WebCore::FrameLoader::commitProvisionalLoad() + 2128 (FrameLoader.cpp:1957) 11 com.apple.WebCore 0x0000000402817bcc WebCore::DocumentLoader::commitIfReady() + 60 (DocumentLoader.cpp:359) 12 com.apple.WebCore 0x000000040281e04c WebCore::DocumentLoader::commitLoad(char const*, int) + 76 (DocumentLoader.cpp:965) 13 com.apple.WebCore 0x000000040281dff5 WebCore::DocumentLoader::dataReceived(char const*, int) + 613 (DocumentLoader.cpp:1114) 14 com.apple.WebCore 0x000000040281e866 WebCore::DocumentLoader::dataReceived(WebCore::CachedResource&, char const*, int) + 150 (DocumentLoader.cpp:1087)
Attachments
WIP Patch (needs tests) (1.79 KB, patch)
2018-10-05 13:14 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (8.42 KB, patch)
2018-10-05 13:43 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2018-10-05 13:12:09 PDT
<rdar://problem/45044814>
Chris Dumez
Comment 2 2018-10-05 13:14:09 PDT
Created attachment 351693 [details] WIP Patch (needs tests)
Chris Dumez
Comment 3 2018-10-05 13:43:11 PDT
Created attachment 351697 [details] Patch
Geoffrey Garen
Comment 4 2018-10-05 15:02:02 PDT
Comment on attachment 351697 [details] Patch r=me legacy-animation-engine/fast/css-generated-content/noscript-pseudo-anim-crash.html doesn't have frames, so the failure seems unrelated.
Chris Dumez
Comment 5 2018-10-05 15:25:55 PDT
Comment on attachment 351697 [details] Patch Clearing flags on attachment: 351697 Committed r236888: <https://trac.webkit.org/changeset/236888>
Chris Dumez
Comment 6 2018-10-05 15:25:57 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.