Bug 44287

Summary: Assertion failure in FrameView::layout when clicking on a YouTube video on youtube.com front page
Product: WebKit Reporter: Adam Roben (:aroben) <aroben>
Component: Layout and RenderingAssignee: Simon Fraser (smfr) <simon.fraser>
Status: RESOLVED FIXED    
Severity: Normal CC: andersca, ap, hyatt, mitz, sam, simon.fraser
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
URL: http://youtube.com/
Attachments:
Description Flags
Patch mitz: review+

Adam Roben (:aroben)
Reported 2010-08-19 12:18:54 PDT
To reproduce: 1. Go to http://youtube.com/ 2. Click on a video You'll hit this assertion in FrameView::layout: ASSERT(m_frame->view() == this); The code bails out at this point in a Release build. Continuing past the assertion shows that the page seems to load OK (though it uses a windowed plugin which we don't yet support, so it's hard to say for sure). I don't know if this can be reproduced on Mac; I haven't been able to get plugins to work at all in WebKit2 on Mac so far. Here's the backtrace: > WebKit.dll!WebCore::FrameView::layout(bool allowSubtree=true) Line 635 + 0x36 bytes C++ WebKit.dll!WebCore::RenderWidget::updateWidgetPosition() Line 355 C++ WebKit.dll!WebCore::RenderView::updateWidgetPositions() Line 588 + 0x13 bytes C++ WebKit.dll!WebCore::FrameView::performPostLayoutTasks() Line 1611 C++ WebKit.dll!WebCore::FrameView::layout(bool allowSubtree=true) Line 833 C++ WebKit.dll!WebCore::Document::updateLayout() Line 1519 C++ WebKit.dll!WebCore::Document::updateLayoutIgnorePendingStylesheets() Line 1551 C++ WebKit.dll!WebCore::HTMLEmbedElement::renderWidgetForJSBindings() Line 73 C++ WebKit.dll!WebCore::HTMLPlugInElement::pluginWidget() Line 103 + 0x12 bytes C++ WebKit.dll!WebCore::pluginScriptObjectFromPluginViewBase(WebCore::HTMLPlugInElement * pluginElement=0x049def58, JSC::JSGlobalObject * globalObject=0x04208fc0) Line 60 + 0x8 bytes C++ WebKit.dll!WebCore::pluginScriptObject(JSC::ExecState * exec=0x03dd0528, WebCore::JSHTMLElement * jsHTMLElement=0x04a9cc40) Line 90 + 0x12 bytes C++ WebKit.dll!WebCore::runtimeObjectCustomGetOwnPropertySlot(JSC::ExecState * exec=0x03dd0528, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}, WebCore::JSHTMLElement * element=0x04a9cc40) Line 115 + 0xd bytes C++ WebKit.dll!WebCore::JSHTMLEmbedElement::getOwnPropertySlotDelegate(JSC::ExecState * exec=0x03dd0528, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}) Line 38 + 0x15 bytes C++ WebKit.dll!WebCore::JSHTMLEmbedElement::getOwnPropertySlot(JSC::ExecState * exec=0x03dd0528, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}) Line 157 + 0x14 bytes C++ JavaScriptCore.dll!JSC::JSCell::fastGetOwnPropertySlot(JSC::ExecState * exec=0x03dd0528, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}) Line 404 + 0x1b bytes C++ JavaScriptCore.dll!JSC::JSValue::get(JSC::ExecState * exec=0x03dd0528, const JSC::Identifier & propertyName={...}, JSC::PropertySlot & slot={...}) Line 658 + 0x14 bytes C++ JavaScriptCore.dll!cti_op_get_by_id_proto_list(void * * args=0x0012f080) Line 1649 C++ JavaScriptCore.dll!@cti_op_create_this@4() + 0x1ef bytes C++ JavaScriptCore.dll!JSC::JITCode::execute(JSC::RegisterFile * registerFile=0x01e70fcc, JSC::ExecState * callFrame=0x03dd0048, JSC::JSGlobalData * globalData=0x01e65c50, JSC::JSValue * exception=0x01e66b88) Line 77 + 0x24 bytes C++ JavaScriptCore.dll!JSC::Interpreter::executeCall(JSC::ExecState * callFrame=0x04929768, JSC::JSObject * function=0x04225280, JSC::CallType callType=CallTypeJS, const JSC::CallData & callData={...}, JSC::JSValue thisValue={...}, const JSC::ArgList & args={...}, JSC::JSValue * exception=0x01e66b88) Line 780 + 0x2e bytes C++ JavaScriptCore.dll!JSC::call(JSC::ExecState * exec=0x04929768, JSC::JSValue functionObject={...}, JSC::CallType callType=CallTypeJS, const JSC::CallData & callData={...}, JSC::JSValue thisValue={...}, const JSC::ArgList & args={...}) Line 38 + 0x45 bytes C++ WebKit.dll!WebCore::JSMainThreadExecState::call(JSC::ExecState * exec=0x04929768, JSC::JSValue functionObject={...}, JSC::CallType callType=CallTypeJS, const JSC::CallData & callData={...}, JSC::JSValue thisValue={...}, const JSC::ArgList & args={...}) Line 48 + 0x29 bytes C++ WebKit.dll!WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext * scriptExecutionContext=, WebCore::Event * event=) Line 124 + 0x6a bytes C++ WebKit.dll!WebCore::EventTarget::fireEventListeners(WebCore::Event * event=0x04754ee0, WebCore::EventTargetData * d=0x048dd644, WTF::Vector<WebCore::RegisteredEventListener,1> & entry=[1]({listener=0x0493e7c8 {m_jsFunction=0x04225280 m_wrapper={...} m_isAttribute=false ...} useCapture=true })) Line 339 + 0x35 bytes C++ WebKit.dll!WebCore::EventTarget::fireEventListeners(WebCore::Event * event=0x04754ee0) Line 305 C++ WebKit.dll!WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event> prpEvent={...}, WTF::PassRefPtr<WebCore::EventTarget> prpTarget={...}) Line 1522 + 0x11 bytes C++ WebKit.dll!WebCore::FrameLoader::stopLoading(WebCore::UnloadEventPolicy unloadEventPolicy=UnloadEventPolicyUnloadAndPageHide, WebCore::DatabasePolicy databasePolicy=DatabasePolicyStop) Line 388 C++ WebKit.dll!WebCore::FrameLoader::closeURL() Line 464 C++ WebKit.dll!WebCore::FrameLoader::detachFromParent() Line 2575 C++ WebKit.dll!WebCore::FrameLoader::detachChildren() Line 2492 + 0xf bytes C++ WebKit.dll!WebCore::FrameLoader::detachFromParent() Line 2580 C++ WebKit.dll!WebCore::FrameLoader::detachChildren() Line 2492 + 0xf bytes C++ WebKit.dll!WebCore::FrameLoader::setDocumentLoader(WebCore::DocumentLoader * loader=0x049cd518) Line 1757 C++ WebKit.dll!WebCore::FrameLoader::transitionToCommitted(WTF::PassRefPtr<WebCore::CachedPage> cachedPage={...}) Line 1929 C++ WebKit.dll!WebCore::FrameLoader::commitProvisionalLoad() Line 1848 C++ WebKit.dll!WebCore::DocumentLoader::commitIfReady() Line 261 C++ WebKit.dll!WebCore::DocumentLoader::commitLoad(const char * data=0x05e33b20, int length=1623) Line 280 C++ WebKit.dll!WebCore::DocumentLoader::receivedData(const char * data=0x05e33b20, int length=1623) Line 294 C++ WebKit.dll!WebCore::FrameLoader::receivedData(const char * data=0x05e33b20, int length=1623) Line 1498 C++ WebKit.dll!WebCore::MainResourceLoader::addData(const char * data=0x05e33b20, int length=1623, bool allAtOnce=false) Line 150 C++ WebKit.dll!WebCore::ResourceLoader::didReceiveData(const char * data=0x05e33b20, int length=1623, __int64 lengthReceived=1623, bool allAtOnce=false) Line 260 + 0x1b bytes C++ WebKit.dll!WebCore::MainResourceLoader::didReceiveData(const char * data=0x05e33b20, int length=1623, __int64 lengthReceived=1623, bool allAtOnce=false) Line 421 C++ WebKit.dll!WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle * __formal=0x05e32020, const char * data=0x05e33b20, int length=1623, int lengthReceived=1623) Line 431 + 0x1f bytes C++ WebKit.dll!WebCore::didReceiveData(_CFURLConnection * conn=0x042d3850, const __CFData * data=0x05e62770, long originalLength=1623, const void * clientInfo=0x05e32020) Line 214 + 0x2a bytes C++
Attachments
Patch (5.30 KB, patch)
2010-11-01 16:01 PDT, Simon Fraser (smfr) 		mitz: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Adam Roben (:aroben)
Comment 1 2010-08-19 12:19:34 PDT
<rdar://problem/8330881>
Simon Fraser (smfr)
Comment 2 2010-08-19 12:27:12 PDT
Bug 43152 is about this same assertion.
Adam Roben (:aroben)
Comment 3 2010-08-19 12:29:20 PDT
It looks like m_frame->view() is null when the assertion fails.
Simon Fraser (smfr)
Comment 4 2010-08-19 14:57:00 PDT
It seems bad that renderWidgetForJSBindings() causes layout to happen.
Alexey Proskuryakov
Comment 5 2010-08-19 15:26:21 PDT
Bug 36675 sounded remotely related, FWIW.
Simon Fraser (smfr)
Comment 6 2010-09-13 10:28:26 PDT
I see this on Mac too, also in old WebKit.
Simon Fraser (smfr)
Comment 7 2010-11-01 16:01:50 PDT
Created attachment 72583 [details] Patch
Simon Fraser (smfr)
Comment 8 2010-11-01 16:42:49 PDT
http://trac.webkit.org/changeset/71074
Note You need to log in before you can comment on or make changes to this bug.