Summary: | REGRESSION(r67176): editing/selection/doubleclick-inline-first-last-contenteditable.html crashes | ||||||
---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Ryosuke Niwa <rniwa> | ||||
Component: | Tools / Tests | Assignee: | Nobody <webkit-unassigned> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | Normal | CC: | abarth, eric, ossy, tonikitoo, tony, webkit.review.bot, zimmermann | ||||
Priority: | P1 | Keywords: | Qt, QtTriaged | ||||
Version: | 528+ (Nightly build) | ||||||
Hardware: | Other | ||||||
OS: | Other | ||||||
Attachments: |
|
Description
Ryosuke Niwa
2010-09-10 01:06:28 PDT
Committed r67180: <http://trac.webkit.org/changeset/67180> Thank for reporting and skipping the test. But it shouldn't be closed until the real bug fixed. Let's see the backtrace for crash. $WebKitTools/Scripts/run-webkit-tests editing/selection/doubleclick-inline-first-last-contenteditable.html --debug editing/selection/doubleclick-inline-first-last-contenteditable.html -> crashed 0.48s total testing time 1 test case (100%) crashed $ gdb WebKitBuild/Debug/bin/DumpRenderTree core #0 0xf59daa4a in WebCore::Node::getFlag (this=0x0, mask=WebCore::Node::IsElementFlag) at ../../../WebCore/dom/Node.h:651 651 bool getFlag(NodeFlags mask) const { return m_nodeFlags & mask; } (gdb) bt #0 0xf59daa4a in WebCore::Node::getFlag (this=0x0, mask=WebCore::Node::IsElementFlag) at ../../../WebCore/dom/Node.h:651 #1 0xf5a7e54f in WebCore::Node::isElementNode (this=0x0) at ../../../WebCore/dom/Node.h:182 #2 0xf5d9a5f7 in WebCore::Node::hasTagName (this=0x0, name=@0xf76ea588) at ../../../WebCore/dom/Element.h:373 #3 0xf6106da4 in ancestorToRetainStructureAndAppearance (commonAncestor=0x8224968) at ../../../WebCore/editing/markup.cpp:899 #4 0xf610d7dc in highestAncestorToWrapMarkup (range=0x8221140, fullySelectedRoot=0x0, shouldAnnotate=WebCore::AnnotateForInterchange) at ../../../WebCore/editing/markup.cpp:963 #5 0xf611039b in WebCore::createMarkup (range=0x8221270, nodes=0x0, shouldAnnotate=WebCore::AnnotateForInterchange, convertBlocksToInlines=false, shouldResolveURLs=WebCore::AbsoluteURLs) at ../../../WebCore/editing/markup.cpp:1064 #6 0xf667bbc9 in WebCore::Pasteboard::writeSelection (this=0x82212d0, selectedRange=0x8221270, canSmartCopyOrDelete=true, frame=0x815a708) at ../../../WebCore/platform/qt/PasteboardQt.cpp:68 #7 0xf60dd3f3 in WebCore::Editor::copy (this=0x815aa20) at ../../../WebCore/editing/Editor.cpp:1190 #8 0xf66cb421 in QWebPagePrivate::handleClipboard (this=0x816b668, ev=0x8224918, button=Qt::LeftButton) at ../../../WebKit/qt/Api/qwebpage.cpp:759 #9 0xf66cb58d in QWebPagePrivate::mouseReleaseEvent (this=0x816b668, ev=0x8224918) at ../../../WebKit/qt/Api/qwebpage.cpp:825 #10 0xf66d4103 in QWebPage::event (this=0xf2601690, ev=0x8224918) at ../../../WebKit/qt/Api/qwebpage.cpp:2759 #11 0xf66d5c0a in QWebView::mouseReleaseEvent (this=0xf2601390, ev=0x8224918) at ../../../WebKit/qt/Api/qwebview.cpp:1007 #12 0xf3ea31c0 in QWidget::event (this=0xf2601390, event=0x8224918) at kernel/qwidget.cpp:7998 #13 0xf66d6921 in QWebView::event (this=0xf2601390, e=0x8224918) at ../../../WebKit/qt/Api/qwebview.cpp:844 #14 0xf3e440dc in QApplicationPrivate::notify_helper (this=0x81209b8, receiver=0xf2601390, e=0x8224918) at kernel/qapplication.cpp:4300 #15 0xf3e4b535 in QApplication::notify (this=0xffffb4d8, receiver=0xf2601390, e=0x8224918) at kernel/qapplication.cpp:3865 #16 0xf3bd2feb in QCoreApplication::notifyInternal (this=0xffffb4d8, receiver=0xf2601390, event=0x8224918) at kernel/qcoreapplication.cpp:704 #17 0x0806cb32 in QCoreApplication::sendEvent (receiver=0xf2601390, event=0x8224918) at /usr/local/Trolltech/Qt-4.6.2/include/QtCore/qcoreapplication.h:215 #18 0x0806ec4b in EventSender::sendEvent (this=0x8157878, receiver=0xf2601390, event=0x8224918) at /home/oszi/WebKit/WebKitTools/DumpRenderTree/qt/EventSenderQt.cpp:650 #19 0x0806f21b in EventSender::sendOrQueueEvent (this=0x8157878, event=0x8224918) at /home/oszi/WebKit/WebKitTools/DumpRenderTree/qt/EventSenderQt.cpp:546 #20 0x0807190f in EventSender::mouseUp (this=0x8157878, button=0) at /home/oszi/WebKit/WebKitTools/DumpRenderTree/qt/EventSenderQt.cpp:163 #21 0x0807b69d in EventSender::qt_metacall (this=0x8157878, _c=QMetaObject::InvokeMetaMethod, _id=3, _a=0xffffa3f0) at moc_EventSenderQt.cpp:116 #22 0xf3bd8435 in QMetaObject::metacall (object=0xf768e914, cl=QMetaObject::InvokeMetaMethod, idx=7, argv=0xffffa3f0) at kernel/qmetaobject.cpp:237 #23 0xf663580c in JSC::Bindings::QtRuntimeMetaMethod::call (exec=0xf112c128) at ../../../WebCore/bridge/qt/qt_runtime.cpp:1404 #24 0xf6997d27 in cti_op_call_NotJSFunction (args=0xffffa530) at ../../../JavaScriptCore/jit/JITStubs.cpp:2177 #25 0xf698ccc6 in doubleHash (key=4151240568) at ../../../JavaScriptCore/wtf/HashTable.h:447 #26 0xf698a02f in JSC::JITCode::execute (this=0x81809cc, registerFile=0x813d334, callFrame=0xf112c038, globalData=0x81762e8, exception=0xffffa6a4) at ../../../JavaScriptCore/jit/JITCode.h:77 #27 0xf6984aff in JSC::Interpreter::execute (this=0x813d328, program=0x81809b8, callFrame=0x81b4dc4, scopeChain=0x816cb88, thisObj=0xf10c0000, exception=0xffffa6a4) at ../../../JavaScriptCore/interpreter/Interpreter.cpp:701 #28 0xf69b8197 in JSC::evaluate (exec=0x81b4dc4, scopeChain=@0x81b4d90, source=@0xffffa8b4, thisValue={u = {asEncodedJSValue = -4545839104, asDouble = -nan(0xffffef10c0000), asBits = {payload = -250871808, tag = -2}}}) at ../../../JavaScriptCore/runtime/Completion.cpp:63 #29 0xf5e0b43e in WebCore::JSMainThreadExecState::evaluate (exec=0x81b4dc4, chain=@0x81b4d90, source=@0xffffa8b4, thisValue= {u = {asEncodedJSValue = -4545839104, asDouble = -nan(0xffffef10c0000), asBits = {payload = -250871808, tag = -2}}}) at ../../../WebCore/bindings/js/JSMainThreadExecState.h:54 #30 0xf5e3b3c2 in WebCore::ScriptController::evaluateInWorld (this=0x815a9cc, sourceCode=@0xffffa8b0, world=0x81690c8, shouldAllowXSS=WebCore::DoNotAllowXSS) at ../../../WebCore/bindings/js/ScriptController.cpp:151 #31 0xf5e3b897 in WebCore::ScriptController::evaluate (this=0x815a9cc, sourceCode=@0xffffa8b0, shouldAllowXSS=WebCore::DoNotAllowXSS) at ../../../WebCore/bindings/js/ScriptController.cpp:177 #32 0xf5e621db in WebCore::ScriptController::executeScript (this=0x815a9cc, sourceCode=@0xffffa8b0, shouldAllowXSS=WebCore::DoNotAllowXSS) at ../../../WebCore/bindings/ScriptControllerBase.cpp:60 #33 0xf6206ab3 in WebCore::HTMLScriptRunner::executeScript (this=0x816a050, element=0x816c630, sourceCode=@0xffffa8b0) at ../../../WebCore/html/parser/HTMLScriptRunner.cpp:175 #34 0xf62073e0 in WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent (this=0x816a050, pendingScript=@0x816a058) at ../../../WebCore/html/parser/HTMLScriptRunner.cpp:158 #35 0xf62078e3 in WebCore::HTMLScriptRunner::executeParsingBlockingScript (this=0x816a050) at ../../../WebCore/html/parser/HTMLScriptRunner.cpp:139 #36 0xf620795b in WebCore::HTMLScriptRunner::executeParsingBlockingScripts (this=0x816a050) at ../../../WebCore/html/parser/HTMLScriptRunner.cpp:222 #37 0xf6207c22 in WebCore::HTMLScriptRunner::executeScriptsWaitingForLoad (this=0x816a050, cachedScript=0x81c2128) at ../../../WebCore/html/parser/HTMLScriptRunner.cpp:233 #38 0xf61fb2e3 in WebCore::HTMLDocumentParser::notifyFinished (this=0x81923d8, cachedResource=0x81c2128) at ../../../WebCore/html/parser/HTMLDocumentParser.cpp:491 #39 0xf62d30cb in WebCore::CachedScript::checkNotify (this=0x81c2128) at ../../../WebCore/loader/CachedScript.cpp:99 #40 0xf62d31f7 in WebCore::CachedScript::data (this=0x81c2128, data={m_ptr = 0xffffaafc}, allDataReceived=true) at ../../../WebCore/loader/CachedScript.cpp:89 #41 0xf632403e in WebCore::Loader::Host::didFinishLoading (this=0x8194900, loader=0x81cf808) at ../../../WebCore/loader/loader.cpp:409 #42 0xf63397ee in WebCore::SubresourceLoader::didFinishLoading (this=0x81cf808) at ../../../WebCore/loader/SubresourceLoader.cpp:183 #43 0xf63338f2 in WebCore::ResourceLoader::didFinishLoading (this=0x81cf808) at ../../../WebCore/loader/ResourceLoader.cpp:444 #44 0xf66660ae in WebCore::QNetworkReplyHandler::finish (this=0x81dd030) at ../../../WebCore/platform/network/qt/QNetworkReplyHandler.cpp:261 #45 0xf666698f in WebCore::QNetworkReplyHandler::qt_metacall (this=0x81dd030, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x81dd3b0) at ./moc_QNetworkReplyHandler.cpp:84 #46 0xf3bd8435 in QMetaObject::metacall (object=0xf768e914, cl=QMetaObject::InvokeMetaMethod, idx=5, argv=0x81dd3b0) at kernel/qmetaobject.cpp:237 #47 0xf3be2a36 in QMetaCallEvent::placeMetaCall (this=0x81b4888, object=0x81dd030) at kernel/qobject.cpp:561 #48 0xf3be3fc3 in QObject::event (this=0x81dd030, e=0x81b4888) at kernel/qobject.cpp:1240 #49 0xf3e440dc in QApplicationPrivate::notify_helper (this=0x81209b8, receiver=0x81dd030, e=0x81b4888) at kernel/qapplication.cpp:4300 #50 0xf3e4ab22 in QApplication::notify (this=0xffffb4d8, receiver=0x81dd030, e=0x81b4888) at kernel/qapplication.cpp:3704 #51 0xf3bd2feb in QCoreApplication::notifyInternal (this=0xffffb4d8, receiver=0x81dd030, event=0x81b4888) at kernel/qcoreapplication.cpp:704 #52 0xf3bd3f4f in QCoreApplicationPrivate::sendPostedEvents (receiver=0x0, event_type=0, data=0x813e308) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:215 #53 0xf3bd40fd in QCoreApplication::sendPostedEvents (receiver=0x0, event_type=0) at kernel/qcoreapplication.cpp:1238 #54 0xf3bffc5f in postEventSourceDispatch (s=0x8120a80) at ../../include/QtCore/../../src/corelib/kernel/qcoreapplication.h:220 #55 0xf30b81d8 in g_main_context_dispatch () from /usr/lib/libglib-2.0.so.0 #56 0xf30bb873 in ?? () from /usr/lib/libglib-2.0.so.0 #57 0x0813b700 in ?? () #58 0x00000000 in ?? () (In reply to comment #2) > Thank for reporting and skipping the test. > But it shouldn't be closed until the real bug fixed. Oops, that wasn't intended. It seems like webkit-patch did that because I included the bug number in the changelog. > Let's see the backtrace for crash. > > $WebKitTools/Scripts/run-webkit-tests editing/selection/doubleclick-inline-first-last-contenteditable.html --debug > > editing/selection/doubleclick-inline-first-last-contenteditable.html -> crashed > 0.48s total testing time > 1 test case (100%) crashed > > $ gdb WebKitBuild/Debug/bin/DumpRenderTree core > > #0 0xf59daa4a in WebCore::Node::getFlag (this=0x0, mask=WebCore::Node::IsElementFlag) at ../../../WebCore/dom/Node.h:651 > 651 bool getFlag(NodeFlags mask) const { return m_nodeFlags & mask; } > (gdb) bt > #0 0xf59daa4a in WebCore::Node::getFlag (this=0x0, mask=WebCore::Node::IsElementFlag) at ../../../WebCore/dom/Node.h:651 > #1 0xf5a7e54f in WebCore::Node::isElementNode (this=0x0) at ../../../WebCore/dom/Node.h:182 > #2 0xf5d9a5f7 in WebCore::Node::hasTagName (this=0x0, name=@0xf76ea588) at ../../../WebCore/dom/Element.h:373 > #3 0xf6106da4 in ancestorToRetainStructureAndAppearance (commonAncestor=0x8224968) at ../../../WebCore/editing/markup.cpp:899 > #4 0xf610d7dc in highestAncestorToWrapMarkup (range=0x8221140, fullySelectedRoot=0x0, shouldAnnotate=WebCore::AnnotateForInterchange) at ../../../WebCore/editing/markup.cpp:963 > #5 0xf611039b in WebCore::createMarkup (range=0x8221270, nodes=0x0, shouldAnnotate=WebCore::AnnotateForInterchange, convertBlocksToInlines=false, shouldResolveURLs=WebCore::AbsoluteURLs) at ../../../WebCore/editing/markup.cpp:1064 > #6 0xf667bbc9 in WebCore::Pasteboard::writeSelection (this=0x82212d0, selectedRange=0x8221270, canSmartCopyOrDelete=true, frame=0x815a708) at ../../../WebCore/platform/qt/PasteboardQt.cpp:68 > #7 0xf60dd3f3 in WebCore::Editor::copy (this=0x815aa20) at ../../../WebCore/editing/Editor.cpp:1190 > #8 0xf66cb421 in QWebPagePrivate::handleClipboard (this=0x816b668, ev=0x8224918, button=Qt::LeftButton) at ../../../WebKit/qt/Api/qwebpage.cpp:759 Why is it calling copy? That doesn't make any sense. The test only tests selecting text by double-clicking and click + modify selection. This must be a qt-specific behavior because on Mac, it's never copied. Ah! this crash is reproducible on Mac as well. Will submit a patch shortly. Created attachment 67212 [details]
Patch
(In reply to comment #5) > Created an attachment (id=67212) [details] > Patch Great, I tested editing/selection/doubleclick-inline-first-last-contenteditable.html and the new test, and both of them pass. Thanks for testing my patch! (In reply to comment #6) > (In reply to comment #5) > > Created an attachment (id=67212) [details] [details] > > Patch > > Great, I tested editing/selection/doubleclick-inline-first-last-contenteditable.html and the new test, and both of them pass. And thanks for your review, Antonio. Committed r67221: <http://trac.webkit.org/changeset/67221> http://trac.webkit.org/changeset/67221 might have broken Chromium Mac Release |