Bug 29514

Summary: Web Inspector: Crash When Logging an Element Before Opening Inspector
Product: WebKit Reporter: Joseph Pecoraro <joepeck>
Component: Web Inspector (Deprecated)Assignee: Pavel Feldman <pfeldman>
Status: RESOLVED FIXED    
Severity: Normal CC: aroben, joepeck, pfeldman, pmuellr, rik, timothy
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
[REDUCTION] Test Page Causing Crash
none
[REDUCTION] More Generic Test Page Causing Crash
none
patch timothy: review+

Joseph Pecoraro
Reported 2009-09-18 22:00:05 PDT
Created attachment 39811 [details] [REDUCTION] Test Page Causing Crash This is a regression. The attached file crashes WebKit (r48518) but not Safari 4.0.3. Safari exhibits the expected behavior. Steps to Reproduce: 1. Open the Attached Reduction 2. Click the button on the screen 3. Open the Web Inspector in any way (this will cause the browser to crash) Notes: - The <form> tag is required in order for the x variable in the onclick handler to refer to the <input name="x">
Attachments
[REDUCTION] Test Page Causing Crash (119 bytes, text/html)
2009-09-18 22:00 PDT, Joseph Pecoraro 		no flags
Details
[REDUCTION] More Generic Test Page Causing Crash (97 bytes, text/html)
2009-09-18 22:20 PDT, Joseph Pecoraro 		no flags
Details
patch (1.53 KB, patch)
2009-09-21 11:58 PDT, Pavel Feldman 		timothy: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Joseph Pecoraro
Comment 1 2009-09-18 22:20:11 PDT
Created attachment 39812 [details] [REDUCTION] More Generic Test Page Causing Crash After further investigation I found its not specific to form elements. Instead, if you attempt to console.log ANY element before opening the inspector, and then you open the inspector, it causes a crash. With this new test case the only user action required is opening the inspector, which will cause the crash.
Patrick Mueller
Comment 2 2009-09-21 10:35:25 PDT
Built a debug version of WebKit, debugged under XCode. EXC_BAD_ACCESS signal generated, stack trace below. in stack frame #6, the following code is executed: m_frontend->setDocument(buildObjectForNode(document, 2, &m_documentNodeToIdMap)); at that point, document is 0x0, which causes the eventual signal. Implies that also at stack frame #6, the call to mainFrameDocument() returns 0x0. At this point, I'm lost, assume pfeldman will have a handle on this, not investigating any further. #0 0x03f55954 in WTF::HashTable<WTF::RefPtr<WebCore::Node>, std::pair<WTF::RefPtr<WebCore::Node>, long>, WTF::PairFirstExtractor<std::pair<WTF::RefPtr<WebCore::Node>, long> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::PairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<long> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> > >::checkKey<WebCore::Node*, WTF::RefPtrHashMapRawKeyTranslator<WebCore::Node*, std::pair<WTF::RefPtr<WebCore::Node>, long>, WTF::PairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<long> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node> > > > at HashTable.h:455 #1 0x03f55a37 in WTF::HashTable<WTF::RefPtr<WebCore::Node>, std::pair<WTF::RefPtr<WebCore::Node>, long>, WTF::PairFirstExtractor<std::pair<WTF::RefPtr<WebCore::Node>, long> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::PairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<long> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> > >::lookup<WebCore::Node*, WTF::RefPtrHashMapRawKeyTranslator<WebCore::Node*, std::pair<WTF::RefPtr<WebCore::Node>, long>, WTF::PairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<long> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node> > > > at HashTable.h:469 #2 0x03f55b08 in WTF::HashMap<WTF::RefPtr<WebCore::Node>, long, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<long> >::inlineGet at RefPtrHashMap.h:270 #3 0x03f55b42 in WTF::HashMap<WTF::RefPtr<WebCore::Node>, long, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<long> >::get at RefPtrHashMap.h:280 #4 0x03f52411 in WebCore::InspectorDOMAgent::bind at InspectorDOMAgent.cpp:207 #5 0x03f52e3f in WebCore::InspectorDOMAgent::buildObjectForNode at InspectorDOMAgent.cpp:383 #6 0x03f53293 in WebCore::InspectorDOMAgent::pushDocumentToFrontend at InspectorDOMAgent.cpp:245 #7 0x03f53313 in WebCore::InspectorDOMAgent::pushNodePathToFrontend at InspectorDOMAgent.cpp:292 #8 0x03f3968d in WebCore::InspectorBackend::pushNodePathToFrontend at InspectorBackend.cpp:482 #9 0x0408d9d3 in WebCore::JSInspectorBackend::pushNodePathToFrontend at JSInspectorBackendCustom.cpp:328 #10 0x040891b5 in WebCore::jsInspectorBackendPrototypeFunctionPushNodePathToFrontend at JSInspectorBackend.cpp:988 #11 0x189cd166 in ?? #12 0x006e93a5 in JSC::JITCode::execute at JITCode.h:79 #13 0x006d53c1 in JSC::Interpreter::execute at Interpreter.cpp:721 #14 0x0063d815 in JSC::JSFunction::call at JSFunction.cpp:120 #15 0x0063d8f1 in JSC::call at CallData.cpp:39 #16 0x04376103 in WebCore::ScriptFunctionCall::call at ScriptFunctionCall.cpp:126 #17 0x03f3a3bc in WebCore::InspectorBackend::dispatchOnInjectedScript at InspectorBackend.cpp:418 #18 0x04089b13 in WebCore::jsInspectorBackendPrototypeFunctionDispatchOnInjectedScript at JSInspectorBackend.cpp:891 #19 0x189cd166 in ?? #20 0x006e93a5 in JSC::JITCode::execute at JITCode.h:79 #21 0x006d53c1 in JSC::Interpreter::execute at Interpreter.cpp:721 #22 0x0063d815 in JSC::JSFunction::call at JSFunction.cpp:120 #23 0x0063d8f1 in JSC::call at CallData.cpp:39 #24 0x04376103 in WebCore::ScriptFunctionCall::call at ScriptFunctionCall.cpp:126 #25 0x043761d2 in WebCore::ScriptFunctionCall::call at ScriptFunctionCall.cpp:141 #26 0x03f5fe21 in WebCore::InspectorFrontend::addMessageToConsole at InspectorFrontend.cpp:88 #27 0x03baf6ff in WebCore::ConsoleMessage::addToConsole at ConsoleMessage.cpp:93 #28 0x03f3f605 in WebCore::InspectorController::populateScriptObjects at InspectorController.cpp:652 #29 0x03f4167d in WebCore::InspectorController::setWindowVisible at InspectorController.cpp:316 #30 0x003560bd in -[WebInspectorWindowController showWindow:] at WebInspectorClient.mm:354 #31 0x00356284 in WebInspectorClient::showWindow at WebInspectorClient.mm:109 #32 0x03f40ebf in WebCore::InspectorController::showWindow at InspectorController.cpp:624 #33 0x03f43186 in WebCore::InspectorController::scriptObjectReady at InspectorController.cpp:540 #34 0x03f39e3e in WebCore::InspectorBackend::loaded at InspectorBackend.cpp:200 #35 0x0408c59d in WebCore::jsInspectorBackendPrototypeFunctionLoaded at JSInspectorBackend.cpp:260 #36 0x189cd166 in ?? #37 0x006e93a5 in JSC::JITCode::execute at JITCode.h:79 #38 0x006d53c1 in JSC::Interpreter::execute at Interpreter.cpp:721 #39 0x0063d815 in JSC::JSFunction::call at JSFunction.cpp:120 #40 0x0063d8f1 in JSC::call at CallData.cpp:39 #41 0x04008b2a in WebCore::JSEventListener::handleEvent at JSEventListener.cpp:120 #42 0x041e9284 in WebCore::Node::handleLocalEvents at Node.cpp:2463 #43 0x041eb525 in WebCore::Node::dispatchGenericEvent at Node.cpp:2590 #44 0x041ebac1 in WebCore::Node::dispatchEvent at Node.cpp:2517 #45 0x041e934f in WebCore::Node::dispatchEvent at Node.cpp:2905 #46 0x03ed6a9c in WebCore::HTMLScriptElement::dispatchLoadEvent at HTMLScriptElement.cpp:225 #47 0x043704ed in WebCore::ScriptElementData::execute at ScriptElement.cpp:202 #48 0x03cb7007 in WebCore::Document::executeScriptSoonTimerFired at Document.cpp:4324 #49 0x03cca827 in WebCore::Timer<WebCore::Document>::fired at Timer.h:98 #50 0x044aa13f in WebCore::ThreadTimers::sharedTimerFiredInternal at ThreadTimers.cpp:112 #51 0x044aa289 in WebCore::ThreadTimers::sharedTimerFired at ThreadTimers.cpp:90 #52 0x043995ba in WebCore::timerFired at SharedTimerMac.mm:86 #53 0x961308f5 in CFRunLoopRunSpecific #54 0x96130aa8 in CFRunLoopRunInMode #55 0x90bd52ac in RunCurrentEventLoopInMode #56 0x90bd50c5 in ReceiveNextEventCommon #57 0x90bd4f39 in BlockUntilNextEventMatchingListInMode #58 0x96cb06d5 in _DPSNextEvent #59 0x96caff88 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] #60 0x0000c303 in ?? #61 0x96ca8f9f in -[NSApplication run] #62 0x96c761d8 in NSApplicationMain
Pavel Feldman
Comment 3 2009-09-21 11:58:05 PDT
Created attachment 39862 [details] patch
Pavel Feldman
Comment 4 2009-09-21 14:29:38 PDT
Committing to http://svn.webkit.org/repository/webkit/trunk ... M WebCore/ChangeLog M WebCore/inspector/InspectorController.cpp Committed r48600
Note You need to log in before you can comment on or make changes to this bug.