Bug 29293

Summary: [GTK] Crash when visiting http://flipper.googlelabs.com/
Product: WebKit Reporter: Priit Laes (IRC: plaes) <plaes>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Critical CC: eric, gustavo
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
Attachments:
Description Flags
proposed fix and acompanying layout test xan.lopez: review+, gustavo: commit-queue-

Priit Laes (IRC: plaes)
Reported 2009-09-15 22:33:27 PDT
With epiphany and webkit-gtk-1.1.14 #0 0x00007fac65c5ba4f in __libc_waitpid (pid=26708, stat_loc=0x7fff95297c70, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:41 #1 0x00007fac6620f7f9 in IA__g_spawn_sync (working_directory=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>, flags=<value optimized out>, child_setup=<value optimized out>, user_data=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=0x0, error=0x7fff95297df8) at gspawn.c:386 #2 0x00007fac6620fb09 in IA__g_spawn_command_line_sync (command_line=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=0x0, error=0x7fff95297df8) at gspawn.c:700 #3 0x00007fac55996ba3 in bugbuddy_segv_handle (signum=<value optimized out>) at gnome-breakpad.cc:369 #4 <signal handler called> #5 WebCore::MediaPlayerPrivate::supportsType (type=@0x7fff952983a0, codecs=<value optimized out>) at ./WebCore/platform/text/StringImpl.h:112 #6 0x00007fac6a05d443 in chooseBestEngineForTypeAndCodecs (type=@0x7fff952983a0, codecs=<value optimized out>) at WebCore/platform/graphics/MediaPlayer.cpp:174 #7 0x00007fac6a05d7c6 in WebCore::MediaPlayer::supportsType (contentType=<value optimized out>) at WebCore/platform/graphics/MediaPlayer.cpp:462 #8 0x00007fac69cbd130 in WebCore::DOMImplementation::createDocument (type=@0x7fac4e487198, frame=0x7fac4e487000, inViewSourceMode=<value optimized out>) at WebCore/dom/DOMImplementation.cpp:351 #9 0x00007fac69e52205 in WebCore::FrameLoader::begin (this=0x7fac4e487050, url=@0x7fac4e4871e0, dispatch=false, origin=0x0) at WebCore/loader/FrameLoader.cpp:912 #10 0x00007fac69e5ec42 in WebCore::FrameLoader::receivedFirstData (this=0x0) at WebCore/loader/FrameLoader.cpp:854 #11 0x00007fac69e5efb4 in WebCore::FrameLoader::setEncoding (this=0x7fac4e487050, name=@0x7fff952986a0, userChosen=false) at WebCore/loader/FrameLoader.cpp:1784 #12 0x00007fac69a5fff0 in WebKit::FrameLoaderClient::committedLoad (this=0x7fac4fd5e460, loader=0x7fac4dfea380, data=0x0, length=0) at WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:148 #13 0x00007fac69e5fb98 in WebCore::FrameLoader::finishedLoadingDocument (this=0x7fac4e487050, loader=0x7fac4dfea380) at WebCore/loader/FrameLoader.cpp:3207 #14 0x00007fac69e3a0a8 in WebCore::DocumentLoader::finishedLoading (this=0x7fac4dfea380) at WebCore/loader/DocumentLoader.cpp:329 #15 0x00007fac69e544af in WebCore::FrameLoader::finishedLoading (this=0x7fac4e487050) at WebCore/loader/FrameLoader.cpp:3141 #16 0x00007fac69e649dd in WebCore::MainResourceLoader::didFinishLoading (this=0x7fac503c0480) at WebCore/loader/MainResourceLoader.cpp:371 #17 0x00007fac6a1db6e6 in finishedCallback (session=<value optimized out>, msg=0x2fdc8f0, data=<value optimized out>) at WebCore/platform/network/soup/ResourceHandleSoup.cpp:324 #18 0x00007fac679fb43d in final_finished (req=0x2fdc8f0, user_data=<value optimized out>) at soup-session-async.c:381 #19 0x00007fac6648c66a in IA__g_closure_invoke (closure=0x34c8110, return_value=0x0, n_param_values=<value optimized out>, param_values=0x30cef00, invocation_hint=0x7fff952989c0) at gclosure.c:767 #20 0x00007fac664a2e7b in signal_emit_unlocked_R (node=0x2800a50, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, instance_and_params=<value optimized out>) at gsignal.c:3317 #21 0x00007fac664a3d2c in IA__g_signal_emit_valist (instance=0x2fdc8f0, signal_id=<value optimized out>, detail=0, var_args=0x7fff95298bb0) at gsignal.c:2980 #22 0x00007fac664a4273 in IA__g_signal_emit (instance=0x0, signal_id=0, detail=264) at gsignal.c:3037 #23 0x00007fac679f1e5f in soup_message_io_finished (msg=0x2fdc8f0) at soup-message-io.c:176 #24 0x00007fac6648c66a in IA__g_closure_invoke (closure=0x3121700, return_value=0x0, n_param_values=<value optimized out>, param_values=0x1ff18e0, invocation_hint=0x7fff95298de0) at gclosure.c:767 #25 0x00007fac664a287f in signal_emit_unlocked_R (node=0x29e56b0, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, instance_and_params=<value optimized out>) at gsignal.c:3247 #26 0x00007fac664a3d2c in IA__g_signal_emit_valist (instance=0x2db9000, signal_id=<value optimized out>, detail=0, var_args=0x7fff95298fd0) at gsignal.c:2980 #27 0x00007fac664a4273 in IA__g_signal_emit (instance=0x0, signal_id=0, detail=264) at gsignal.c:3037 #28 0x00007fac679fd401 in socket_read_watch (chan=<value optimized out>, cond=0, user_data=<value optimized out>) at soup-socket.c:1189 #29 0x00007fac661d85ad in IA__g_main_context_dispatch (context=0x1df9240) at gmain.c:1960 #30 0x00007fac661dbf68 in g_main_context_iterate (context=0x1df9240, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at gmain.c:2591 #31 0x00007fac661dc3c5 in IA__g_main_loop_run (loop=0x1e8ecb0) at gmain.c:2799 #32 0x00007fac6902c3e7 in IA__gtk_main () at gtkmain.c:1205 #33 0x00000000004331ed in main (argc=1, argv=0x7fff9529a478) at ephy-main.c:782 Thread 2 (Thread 0x7fac5357b910 (LWP 23119)): #0 0x00007fac65993451 in nanosleep () from /lib/libc.so.6 No symbol table info available. #1 0x00007fac65993277 in __sleep (seconds=<value optimized out>) at ../sysdeps/unix/sysv/linux/sleep.c:138 ts = {tv_sec = 0, tv_nsec = 597511378} set = {__val = {65536, 0 <repeats 15 times>}} oset = {__val = {0, 0, 4294967296, 140378510232840, 140378510335240, 140378109358096, 140378510334384, 140378418511065, 0, 0, 140378415038736, 140378510327808, 0, 4294967295, 0, 19096896}} result = 4294967295 #2 0x00007fac69b32077 in WTF::TCMalloc_PageHeap::scavengerThread (this=0x7fac6a9aeaa0) at JavaScriptCore/wtf/FastMalloc.cpp:2295 No locals. #3 0x00007fac69b32109 in WTF::TCMalloc_PageHeap::runScavengerThread (context=0x7fac5357b000) at JavaScriptCore/wtf/FastMalloc.cpp:1429 No locals. #4 0x00007fac65c542e7 in start_thread (arg=<value optimized out>) at pthread_create.c:297 __res = <value optimized out> pd = (struct pthread *) 0x7fac5357b910 unwind_buf = {cancel_jmp_buf = {{jmp_buf = {140378109360400, -4862234975235988441, 140378418568864, 140378109358496, 0, 4096, 4890198509226304551, 4890087343061345319}, mask_was_saved = 0}}, priv = {pad = {0x0, 0x0, 0x0, 0x0}, data = {prev = 0x0, cleanup = 0x0, canceltype = 0}}} not_first_call = <value optimized out> robust = <value optimized out> #5 0x00007fac659c438d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:112 No locals. #6 0x0000000000000000 in ?? () No symbol table info available. Thread 1 (Thread 0x7fac6b3c4770 (LWP 23118)): #0 0x00007fac65c5ba4f in __libc_waitpid (pid=26708, stat_loc=0x7fff95297c70, options=0) at ../sysdeps/unix/sysv/linux/waitpid.c:41 oldtype = 0 result = <value optimized out> #1 0x00007fac6620f7f9 in IA__g_spawn_sync (working_directory=<value optimized out>, argv=<value optimized out>, envp=<value optimized out>, flags=<value optimized out>, child_setup=<value optimized out>, user_data=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=0x0, error=0x7fff95297df8) at gspawn.c:386 outpipe = -1 errpipe = -1 pid = 26708 fds = {__fds_bits = {0, 16, 16, 0, 47386328, 140735695912440, 50836096, 47386304, 3, 0, 47386328, 140378424427309, 140735695912056, 140735695912048, 140735695912168, 0}} ret = -512 outstr = (GString *) 0x0 errstr = (GString *) 0x0 failed = 0 status = <value optimized out> __PRETTY_FUNCTION__ = "IA__g_spawn_sync" #2 0x00007fac6620fb09 in IA__g_spawn_command_line_sync (command_line=<value optimized out>, standard_output=0x0, standard_error=0x0, exit_status=0x0, error=0x7fff95297df8) at gspawn.c:700 retval = 0 argv = (gchar **) 0x2d30ec0 __PRETTY_FUNCTION__ = "IA__g_spawn_command_line_sync" #3 0x00007fac55996ba3 in bugbuddy_segv_handle (signum=<value optimized out>) at gnome-breakpad.cc:369 in_segv = 1 #4 <signal handler called> No locals. #5 WebCore::MediaPlayerPrivate::supportsType (type=@0x7fff952983a0, codecs=<value optimized out>) at ./WebCore/platform/text/StringImpl.h:112 No locals. #6 0x00007fac6a05d443 in chooseBestEngineForTypeAndCodecs (type=@0x7fff952983a0, codecs=<value optimized out>) at WebCore/platform/graphics/MediaPlayer.cpp:174 engineSupport = <value optimized out> ndx = 0 engines = <value optimized out> engine = (WebCore::MediaPlayerFactory *) 0x0 supported = WebCore::MediaPlayer::IsNotSupported count = 1 #7 0x00007fac6a05d7c6 in WebCore::MediaPlayer::supportsType (contentType=<value optimized out>) at WebCore/platform/graphics/MediaPlayer.cpp:462 type = {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x0}} codecs = {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x0}} engine = <value optimized out> #8 0x00007fac69cbd130 in WebCore::DOMImplementation::createDocument (type=@0x7fac4e487198, frame=0x7fac4e487000, inViewSourceMode=<value optimized out>) at WebCore/dom/DOMImplementation.cpp:351 pluginData = (class WebCore::PluginData *) 0x7fac4eab7880 #9 0x00007fac69e52205 in WebCore::FrameLoader::begin (this=0x7fac4e487050, url=@0x7fac4e4871e0, dispatch=false, origin=0x0) at WebCore/loader/FrameLoader.cpp:912 ref = {m_string = {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x6}}, m_isValid = false, m_protocolInHTTPFamily = false, m_schemeEnd = 32684, m_userStart = 1319861242, m_userEnd = 32684, m_passwordEnd = 1389835384, m_hostEnd = 32684, m_portEnd = 6, m_pathAfterLastSlash = 0, m_pathEnd = 1773364820, m_queryEnd = 32684, m_fragmentEnd = 5} settings = <value optimized out> #10 0x00007fac69e5ec42 in WebCore::FrameLoader::receivedFirstData (this=0x0) at WebCore/loader/FrameLoader.cpp:854 delay = <value optimized out> url = {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x7fac664b8230}} #11 0x00007fac69e5efb4 in WebCore::FrameLoader::setEncoding (this=0x7fac4e487050, name=@0x7fff952986a0, userChosen=false) at WebCore/loader/FrameLoader.cpp:1784 No locals. #12 0x00007fac69a5fff0 in WebKit::FrameLoaderClient::committedLoad (this=0x7fac4fd5e460, loader=0x7fac4dfea380, data=0x0, length=0) at WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:148 encoding = {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x0}} userChosen = 8 frameLoader = (WebCore::FrameLoader *) 0x7fac4e487050 #13 0x00007fac69e5fb98 in WebCore::FrameLoader::finishedLoadingDocument (this=0x7fac4e487050, loader=0x7fac4dfea380) at WebCore/loader/FrameLoader.cpp:3207 responseMIMEType = (const WebCore::String &) @0x7fac4dfea708: {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x0}} mainResource = <value optimized out> userChosenEncoding = {m_impl = {<WTF::FastAllocBase> = {<No data fields>}, m_ptr = 0x0}} #14 0x00007fac69e3a0a8 in WebCore::DocumentLoader::finishedLoading (this=0x7fac4dfea380) at WebCore/loader/DocumentLoader.cpp:329 loader = (WebCore::FrameLoader *) 0x1ff #15 0x00007fac69e544af in WebCore::FrameLoader::finishedLoading (this=0x7fac4e487050) at WebCore/loader/FrameLoader.cpp:3141 No locals. #16 0x00007fac69e649dd in WebCore::MainResourceLoader::didFinishLoading (this=0x7fac503c0480) at WebCore/loader/MainResourceLoader.cpp:371 No locals. #17 0x00007fac6a1db6e6 in finishedCallback (session=<value optimized out>, msg=0x2fdc8f0, data=<value optimized out>) at WebCore/platform/network/soup/ResourceHandleSoup.cpp:324 d = (class WebCore::ResourceHandleInternal *) 0x7fac50fe4800 client = (class WebCore::ResourceHandleClient *) 0x7fac503c0480 #18 0x00007fac679fb43d in final_finished (req=0x2fdc8f0, user_data=<value optimized out>) at soup-session-async.c:381 item = (SoupMessageQueueItem *) 0x7fac48003180 session = (SoupSession *) 0x1df98e0 #19 0x00007fac6648c66a in IA__g_closure_invoke (closure=0x34c8110, return_value=0x0, n_param_values=<value optimized out>, param_values=0x30cef00, invocation_hint=0x7fff952989c0) at gclosure.c:767 marshal = (GClosureMarshal) 0x7fac66499510 <IA__g_cclosure_marshal_VOID__VOID> marshal_data = (gpointer) 0x2a __PRETTY_FUNCTION__ = "IA__g_closure_invoke" #20 0x00007fac664a2e7b in signal_emit_unlocked_R (node=0x2800a50, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, instance_and_params=<value optimized out>) at gsignal.c:3317 tmp = <value optimized out> handler = (Handler *) 0x7fac4804d4d0 accumulator = (SignalAccumulator *) 0x0 emission = {next = 0x7fff95298dd0, instance = 0x2fdc8f0, ihint = {signal_id = 411, detail = 0, run_type = G_SIGNAL_RUN_LAST}, state = EMISSION_RUN, chain_type = 4} class_closure = (GClosure *) 0x2800a00 handler_list = (Handler *) 0x34bf360 return_accu = <value optimized out> accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} signal_id = 411 max_sequential_handler_number = 61061 return_value_altered = 1 #21 0x00007fac664a3d2c in IA__g_signal_emit_valist (instance=0x2fdc8f0, signal_id=<value optimized out>, detail=0, var_args=0x7fff95298bb0) at gsignal.c:2980 signal_return_type = 4 param_values = <value optimized out> node = (SignalNode *) 0x2800a50 i = <value optimized out> n_params = <value optimized out> __PRETTY_FUNCTION__ = "IA__g_signal_emit_valist" #22 0x00007fac664a4273 in IA__g_signal_emit (instance=0x0, signal_id=0, detail=264) at gsignal.c:3037 var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff95298c90, reg_save_area = 0x7fff95298bd0}} #23 0x00007fac679f1e5f in soup_message_io_finished (msg=0x2fdc8f0) at soup-message-io.c:176 No locals. #24 0x00007fac6648c66a in IA__g_closure_invoke (closure=0x3121700, return_value=0x0, n_param_values=<value optimized out>, param_values=0x1ff18e0, invocation_hint=0x7fff95298de0) at gclosure.c:767 marshal = (GClosureMarshal) 0x7fac66499510 <IA__g_cclosure_marshal_VOID__VOID> marshal_data = (gpointer) 0x2a __PRETTY_FUNCTION__ = "IA__g_closure_invoke" #25 0x00007fac664a287f in signal_emit_unlocked_R (node=0x29e56b0, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, instance_and_params=<value optimized out>) at gsignal.c:3247 tmp = <value optimized out> handler = (Handler *) 0x34c50d0 accumulator = (SignalAccumulator *) 0x0 emission = {next = 0x0, instance = 0x2db9000, ihint = {signal_id = 414, detail = 0, run_type = G_SIGNAL_RUN_FIRST}, state = EMISSION_RUN, chain_type = 4} class_closure = (GClosure *) 0x2763f40 handler_list = (Handler *) 0x34c50d0 return_accu = <value optimized out> accu = {g_type = 0, data = {{v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}, {v_int = 0, v_uint = 0, v_long = 0, v_ulong = 0, v_int64 = 0, v_uint64 = 0, v_float = 0, v_double = 0, v_pointer = 0x0}}} signal_id = 414 max_sequential_handler_number = 61061 return_value_altered = 0 #26 0x00007fac664a3d2c in IA__g_signal_emit_valist (instance=0x2db9000, signal_id=<value optimized out>, detail=0, var_args=0x7fff95298fd0) at gsignal.c:2980 signal_return_type = 4 param_values = <value optimized out> node = (SignalNode *) 0x29e56b0 i = <value optimized out> n_params = <value optimized out> __PRETTY_FUNCTION__ = "IA__g_signal_emit_valist" #27 0x00007fac664a4273 in IA__g_signal_emit (instance=0x0, signal_id=0, detail=264) at gsignal.c:3037 var_args = {{gp_offset = 24, fp_offset = 48, overflow_arg_area = 0x7fff952990b0, reg_save_area = 0x7fff95298ff0}} #28 0x00007fac679fd401 in socket_read_watch (chan=<value optimized out>, cond=0, user_data=<value optimized out>) at soup-socket.c:1189 sock = (SoupSocket *) 0x2db9000 #29 0x00007fac661d85ad in IA__g_main_context_dispatch (context=0x1df9240) at gmain.c:1960 No locals. #30 0x00007fac661dbf68 in g_main_context_iterate (context=0x1df9240, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at gmain.c:2591 max_priority = 300 timeout = 0 some_ready = 1 nfds = 15 allocated_nfds = 1713277328 fds = <value optimized out> __PRETTY_FUNCTION__ = "g_main_context_iterate" #31 0x00007fac661dc3c5 in IA__g_main_loop_run (loop=0x1e8ecb0) at gmain.c:2799 self = (GThread *) 0x1dbe0b0 __PRETTY_FUNCTION__ = "IA__g_main_loop_run" #32 0x00007fac6902c3e7 in IA__gtk_main () at gtkmain.c:1205 tmp_list = (GList *) 0x1e36640 functions = (GList *) 0x0 init = (GtkInitFunction *) 0x1e6cb20 loop = (GMainLoop *) 0x1e8ecb0 #33 0x00000000004331ed in main (argc=1, argv=0x7fff9529a478) at ephy-main.c:782 option_context = <value optimized out> option_group = <value optimized out> proxy = <value optimized out> error = (GError *) 0x0 user_time = 694348453 0x00007fac65c5ba4f 41 in ../sysdeps/unix/sysv/linux/waitpid.c The program is running. Quit anyway (and detach it)? (y or n) [answered Y; input not from terminal]
Attachments
proposed fix and acompanying layout test (4.00 KB, patch)
2009-09-16 06:00 PDT, Gustavo Noronha (kov) 		xan.lopez: review+
gustavo: commit-queue-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Gustavo Noronha (kov)
Comment 1 2009-09-16 06:00:55 PDT
Created attachment 39643 [details] proposed fix and acompanying layout test
Xan Lopez
Comment 2 2009-09-16 06:17:26 PDT
Comment on attachment 39643 [details] proposed fix and acompanying layout test r=me
Gustavo Noronha (kov)
Comment 3 2009-09-16 06:40:56 PDT
Landed as r48413. Notice that we are not redirecting on that page, even with this fix. I opened a separate bug about this: https://bugs.webkit.org/show_bug.cgi?id=29299
Eric Seidel (no email)
Comment 4 2009-09-17 00:49:53 PDT
The test is broken on Tiger, see bug 29329.
Note You need to log in before you can comment on or make changes to this bug.