Bug 30121

Summary: [GTK] Segfault while testing fast/events/keydown-keypress-preventDefault.html
Product: WebKit Reporter: Philippe Normand <pnormand>
Component: WebKitGTKAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, mrobinson, xan.lopez
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Attachments:
Description Flags
Fix for this issue none

Philippe Normand
Reported 2009-10-06 05:46:14 PDT
Thread 2 (Thread 0xf4120b90 (LWP 16702)): #0 0xf7fdf430 in __kernel_vsyscall () #1 0xf55f4292 in pthread_cond_timedwait@@GLIBC_2.3.2 () at ../nptl/sysdeps/unix/sysv/linux/i386/i686/../i486/pthread_cond_timedwait.S:179 #2 0xf4fcb06d in g_cond_timed_wait_posix_impl (cond=0x80fbc58, entered_mutex=0x80, abs_time=0x9) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/gthread/gthread-posix.c:242 #3 0xf4e00b19 in g_async_queue_pop_intern_unlocked (queue=0x80fa478, try=<value optimized out>, end_time=0xf41202e4) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/glib/gasyncqueue.c:365 #4 0xf4e537a8 in g_thread_pool_wait_for_new_task (data=0x80fa440) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/glib/gthreadpool.c:220 #5 g_thread_pool_thread_proxy (data=0x80fa440) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/glib/gthreadpool.c:254 #6 0xf4e5211f in g_thread_create_proxy (data=0x80fa4b8) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/glib/gthread.c:635 #7 0xf55f04b5 in start_thread (arg=0xf4120b90) at pthread_create.c:300 #8 0xf4c38a5e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:130 Thread 1 (Thread 0xf42e4760 (LWP 16690)): #0 0xf695cc7e in imContextCommitted (context=0x80a4040, str=0x81892f0 "A", client=0x80ae098) at ../../WebKit/gtk/WebCoreSupport/EditorClientGtk.cpp:64 #1 0xf4ebfc5c in IA__g_cclosure_marshal_VOID__STRING (closure=0x80ae0d0, return_value=0x0, n_param_values=2, param_values=0x8097400, invocation_hint=0xffffb78c, marshal_data=0xf695cc33) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/gobject/gmarshal.c:496 #2 0xf4eb2e43 in IA__g_closure_invoke (closure=0x80ae0d0, return_value=0x0, n_param_values=2, param_values=0x8097400, invocation_hint=0xffffb78c) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/gobject/gclosure.c:767 #3 0xf4ec6e5f in signal_emit_unlocked_R (node=0x80ad168, detail=0, instance=0x80a4040, emission_return=0x0, instance_and_params=0x8097400) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/gobject/gsignal.c:3247 #4 0xf4ec82a9 in IA__g_signal_emit_valist (instance=0x80a4040, signal_id=146, detail=0, var_args=0xffffb96c "\4\344\22\b\231m4\365\230F\356\364\250\271\377\377\\\374\353\364Xi\24\b\360\232\30\b@@\n\b\2") at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/gobject/gsignal.c:2980 #5 0xf4ec85a5 in IA__g_signal_emit_by_name (instance=0x80a4040, detailed_signal=0xf5517f03 "commit") at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/gobject/gsignal.c:3074 #6 0xf5346dbe in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #7 0xf4ebfc5c in IA__g_cclosure_marshal_VOID__STRING (closure=0x81810a8, return_value=0x0, n_param_values=2, param_values=0x8097428, invocation_hint=0xffffbb0c, marshal_data=0xf5346d90) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/gobject/gmarshal.c:496 #8 0xf4eb2e43 in IA__g_closure_invoke (closure=0x81810a8, return_value=0x0, n_param_values=2, param_values=0x8097428, invocation_hint=0xffffbb0c) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/gobject/gclosure.c:767 #9 0xf4ec6e5f in signal_emit_unlocked_R (node=0x80ad168, detail=0, instance=0x8146958, emission_return=0x0, instance_and_params=0x8097428) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/gobject/gsignal.c:3247 #10 0xf4ec82a9 in IA__g_signal_emit_valist (instance=0x8146958, signal_id=146, detail=0, var_args=0xffffbcec "n\347\36\365") at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/gobject/gsignal.c:2980 #11 0xf4ec85a5 in IA__g_signal_emit_by_name (instance=0x8146958, detailed_signal=0xf5517f03 "commit") at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/gobject/gsignal.c:3074 #12 0xf53446ed in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #13 0xf5345437 in ?? () from /usr/lib/libgtk-x11-2.0.so.0 #14 0xf5343b9c in gtk_im_context_filter_keypress () from /usr/lib/libgtk-x11-2.0.so.0 #15 0xf5343b9c in gtk_im_context_filter_keypress () from /usr/lib/libgtk-x11-2.0.so.0 #16 0xf695b97a in WebKit::EditorClient::handleInputMethodKeydown (this=0x80ae098, event=0x814fe68) at ../../WebKit/gtk/WebCoreSupport/EditorClientGtk.cpp:578 #17 0xf6d3371f in WebCore::Editor::handleInputMethodKeydown (this=0x80c93d8, event=0x814fe68) at ../../WebCore/editing/Editor.cpp:114 #18 0xf6ed614f in WebCore::EventHandler::keyEvent (this=0x80c9404, initialKeyEvent=...) at ../../WebCore/page/EventHandler.cpp:2058 #19 0xf6989673 in webkit_web_view_key_press_event (widget=0x80c5000, event=0xffffc35c) at ../../WebKit/gtk/webkit/webkitwebview.cpp:464 #20 0xf5364ef6 in ?? () from /usr/lib/libgtk-x11-2.0.so.0 ---Type <return> to continue, or q <return> to quit--- #21 0xf4eb15c9 in g_type_class_meta_marshal (closure=0x41, return_value=0xffffc170, n_param_values=2, param_values=0xf69895e1, invocation_hint=0xffffc15c, marshal_data=0xcc) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/gobject/gclosure.c:878 #22 0xf4eb2e43 in IA__g_closure_invoke (closure=0x80b02b8, return_value=0xffffc170, n_param_values=2, param_values=0x8097450, invocation_hint=0xffffc15c) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/gobject/gclosure.c:767 #23 0xf4ec6b07 in signal_emit_unlocked_R (node=0x80b0230, detail=0, instance=0x80c5000, emission_return=0xffffc2a8, instance_and_params=0x8097450) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/gobject/gsignal.c:3285 #24 0xf4ec813f in IA__g_signal_emit_valist (instance=0x80c5000, signal_id=42, detail=0, var_args=0xffffc33c "\240\303\377\377\300+L\363\332Q\231\366h\303\377\377\300+L\363\376\377\377\377\310\62\375\367h\303\377\377\b") at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/gobject/gsignal.c:2990 #25 0xf4ec85a5 in IA__g_signal_emit_by_name (instance=0x80c5000, detailed_signal=0x805c549 "key-press-event") at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/gobject/gsignal.c:3074 #26 0x08056e7a in keyDownCallback (context=0xf351c100, function=0xf34c3280, thisObject=0xf34c2b80, argumentCount=1, arguments=0xffffc3fc, exception=0xffffc444) at ../../WebKitTools/DumpRenderTree/gtk/EventSender.cpp:439 #27 0xf699219c in JSC::JSCallbackFunction::call (exec=0xf351c100, functionObject=0xf34c3280, thisValue=..., args=...) at ../../JavaScriptCore/API/JSCallbackFunction.cpp:65 #28 0xf69d8531 in cti_op_call_NotJSFunction (args=0x81309f0) at ../../JavaScriptCore/jit/JITStubs.cpp:1607 #29 0xf69cf4fa in doubleHash (key=4086415888) at ../../JavaScriptCore/wtf/HashTable.h:437 #30 0xf6a08787 in JSC::JITCode::execute (this=0x80ff100, registerFile=0x8107a64, callFrame=0xf351c050, globalData=0x81054e0, exception=0x8105f0c) at ../../JavaScriptCore/jit/JITCode.h:79 #31 0xf69f6af8 in JSC::Interpreter::execute (this=0x8107a58, functionExecutable=0x80ff0f0, callFrame=0x8107e3c, function=0xf34c2d80, thisObj=0xf34c0000, args=..., scopeChain=0x810ca90, exception=0x8105f0c) at ../../JavaScriptCore/interpreter/Interpreter.cpp:724 #32 0xf6ac5a99 in JSC::JSFunction::call (this=0xf34c2d80, exec=0x8107e3c, thisValue=..., args=...) at ../../JavaScriptCore/runtime/JSFunction.cpp:120 #33 0xf6aa8152 in JSC::call (exec=0x8107e3c, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...) at ../../JavaScriptCore/runtime/CallData.cpp:39 #34 0xf6b5da6b in WebCore::JSEventListener::handleEvent (this=0x8130bd8, scriptExecutionContext=0x81007f0, event=0x80feb90) at ../../WebCore/bindings/js/JSEventListener.cpp:112 #35 0xf6cb6e3a in WebCore::EventTarget::fireEventListeners (this=0x80e4ea0, event=0x80feb90) at ../../WebCore/dom/EventTarget.cpp:272 #36 0xf6ec7a3d in WebCore::DOMWindow::dispatchEvent (this=0x80e4ea0, prpEvent=..., prpTarget=...) at ../../WebCore/page/DOMWindow.cpp:1318 #37 0xf6ec86f3 in WebCore::DOMWindow::dispatchLoadEvent (this=0x80e4ea0) at ../../WebCore/page/DOMWindow.cpp:1288 #38 0xf6c7e458 in WebCore::Document::dispatchWindowLoadEvent (this=0x81007c0) at ../../WebCore/dom/Document.cpp:2892 #39 0xf6c7fbf6 in WebCore::Document::implicitClose (this=0x81007c0) at ../../WebCore/dom/Document.cpp:1715 #40 0xf6e8ca92 in WebCore::FrameLoader::checkCallImplicitClose (this=0x80c8ff4) at ../../WebCore/loader/FrameLoader.cpp:1258 #41 0xf6e914b5 in WebCore::FrameLoader::checkCompleted (this=0x80c8ff4) at ../../WebCore/loader/FrameLoader.cpp:1206 #42 0xf6e92ace in WebCore::FrameLoader::finishedParsing (this=0x80c8ff4) at ../../WebCore/loader/FrameLoader.cpp:1144 #43 0xf6c80ffb in WebCore::Document::finishedParsing (this=0x81007c0) at ../../WebCore/dom/Document.cpp:4020 #44 0xf6de7a45 in WebCore::HTMLParser::finished (this=0x80e0430) at ../../WebCore/html/HTMLParser.cpp:1635 #45 0xf6dfdb62 in WebCore::HTMLTokenizer::end (this=0x80e6020) at ../../WebCore/html/HTMLTokenizer.cpp:1859 #46 0xf6dfdf64 in WebCore::HTMLTokenizer::finish (this=0x80e6020) at ../../WebCore/html/HTMLTokenizer.cpp:1899 #47 0xf6c76ee5 in WebCore::Document::finishParsing (this=0x81007c0) at ../../WebCore/dom/Document.cpp:1860 #48 0xf6e8d7f6 in WebCore::FrameLoader::endIfNotLoadingMainResource (this=0x80c8ff4) at ../../WebCore/loader/FrameLoader.cpp:986 #49 0xf6e8d82f in WebCore::FrameLoader::end (this=0x80c8ff4) at ../../WebCore/loader/FrameLoader.cpp:971 #50 0xf6e6f736 in WebCore::DocumentLoader::finishedLoading (this=0x80f5880) at ../../WebCore/loader/DocumentLoader.cpp:330 #51 0xf6e87d2c in WebCore::FrameLoader::finishedLoading (this=0x80c8ff4) at ../../WebCore/loader/FrameLoader.cpp:2875 #52 0xf6e9d5e8 in WebCore::MainResourceLoader::didFinishLoading (this=0x80f8e00) at ../../WebCore/loader/MainResourceLoader.cpp:375 #53 0xf6ea6ab2 in WebCore::ResourceLoader::didFinishLoading (this=0x80f8e00) at ../../WebCore/loader/ResourceLoader.cpp:403 #54 0xf72cdd15 in closeCallback (source=0x80dfac0, res=0x80f8790) at ../../WebCore/platform/network/soup/ResourceHandleSoup.cpp:689 #55 0xf4f22572 in async_ready_close_callback_wrapper (source_object=0x80dfac0, res=0x80f8790, user_data=0x0) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/gio/ginputstream.c:485 ---Type <return> to continue, or q <return> to quit--- #56 0xf4f30cd9 in IA__g_simple_async_result_complete (simple=0x80f8790) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/gio/gsimpleasyncresult.c:588 #57 0xf4f3100e in complete_in_idle_cb_for_thread (_data=0x80f0db0) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/gio/gsimpleasyncresult.c:650 #58 0xf4e260b1 in g_idle_dispatch (source=0x80fbb80, callback=0xbbadbeef, user_data=0x80f0db0) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/glib/gmain.c:4065 #59 0xf4e27e98 in g_main_dispatch (context=0x8095da0) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/glib/gmain.c:1960 #60 IA__g_main_context_dispatch (context=0x8095da0) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/glib/gmain.c:2513 #61 0xf4e2b623 in g_main_context_iterate (context=0x8095da0, block=1, dispatch=1, self=0x8073060) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/glib/gmain.c:2591 #62 0xf4e2b7a8 in IA__g_main_context_iteration (context=0x8095da0, may_block=1) at /build/buildd-glib2.0_2.22.1-1-i386-tx7y62/glib2.0-2.22.1/glib/gmain.c:2654 #63 0x08055f17 in runTest (testPathOrURL=...) at ../../WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp:484 #64 0x08056424 in main (argc=2, argv=0xffffd7a4) at ../../WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp:807 (gdb)
Attachments
Fix for this issue (3.19 KB, patch)
2009-10-07 01:08 PDT, Martin Robinson 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Xan Lopez
Comment 1 2009-10-06 06:10:54 PDT
So basically it seems imContextCommitted can and will be called when there's an existing pendingComposition...
Martin Robinson
Comment 2 2009-10-06 10:29:03 PDT
Philippe, do you happen to know what GTK+ input method you are using? It's listed when you right click on an input field in GTK+.
Philippe Normand
Comment 3 2009-10-06 23:57:47 PDT
(In reply to comment #2) > Philippe, do you happen to know what GTK+ input method you are using? It's > listed when you right click on an input field in GTK+. This test is failing on our buildbot, I don't have access to the X server, we use XvFB
Martin Robinson
Comment 4 2009-10-07 01:08:56 PDT
Created attachment 40769 [details] Fix for this issue In this case it appears as though preventDefault() was preventing the creation of a keypress events. Preedit and completed composition data is processed during keypress events. Thus, in this test, the unused data was still lingering during the next keydown event. The attached patch handles this situation by first clearing the previous data, if any exists during keydown events.
Xan Lopez
Comment 5 2009-10-07 01:12:20 PDT
Comment on attachment 40769 [details] Fix for this issue r=me
WebKit Commit Bot
Comment 6 2009-10-07 01:23:40 PDT
Comment on attachment 40769 [details] Fix for this issue Clearing flags on attachment: 40769 Committed r49233: <http://trac.webkit.org/changeset/49233>
WebKit Commit Bot
Comment 7 2009-10-07 01:23:44 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.