Bug 57733

Summary:

fast/images/extra-image-in-image-document.html crashes when run after embed-image.html

Product:

WebKit

Reporter:

mitz

Component:

Tools / Tests

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

aestes, bdakin

Priority:

Keywords:

LayoutTestFailure, MakingBotsRed, Regression

Version:

528+ (Nightly build)

Hardware:

Mac (Intel)

OS:

OS X 10.5

Attachments:

Description	Flags
Avoid unnecessary layout when the page scale is not changing	mjs: review+

Description mitz 2011-04-03 14:29:15 PDT

To reproduce, with a release build on Leopard, run-webkit-tests fast/images/embed-image.html fast/images/extra-image-in-image-document.html

Here is an example of the crash <http://build.webkit.org/results/Leopard%20Intel%20Debug%20(Tests)/r82794%20(28446)/fast/images/extra-image-in-image-document-crash-log.txt>. Backtrace follows. I think this may have started happening after http://trac.webkit.org/changeset/82782 since that seems to force the layout that triggers the crash.

Exception Type:  EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x000000000000004c
Crashed Thread:  0

Thread 0 Crashed:
0   DumpRenderTree                	0x00037e67 std::_Rb_tree<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::_Identity<std::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::less<std::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::begin() const + 9 (stl_tree.h:588)
1   DumpRenderTree                	0x00037e8f std::set<std::basic_string<char, std::char_traits<char>, std::allocator<char> >, std::less<std::basic_string<char, std::char_traits<char>, std::allocator<char> > >, std::allocator<std::basic_string<char, std::char_traits<char>, std::allocator<char> > > >::begin() const + 17 (stl_set.h:239)
2   DumpRenderTree                	0x00037a40 -[ResourceLoadDelegate webView:resource:willSendRequest:redirectResponse:fromDataSource:] + 944 (ResourceLoadDelegate.mm:163)
3   com.apple.WebKit              	0x00e4d364 CallDelegate + 390 (WebDelegateImplementationCaching.mm:327)
4   com.apple.WebKit              	0x00e4d3f2 CallResourceLoadDelegate + 60 (WebDelegateImplementationCaching.mm:540)
5   com.apple.WebKit              	0x00e6ebad WebFrameLoaderClient::dispatchWillSendRequest(WebCore::DocumentLoader*, unsigned long, WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 259 (WebFrameLoaderClient.mm:388)
6   com.apple.WebCore             	0x038d4952 WebCore::ResourceLoadNotifier::dispatchWillSendRequest(WebCore::DocumentLoader*, unsigned long, WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 154
7   com.apple.WebCore             	0x038d4ccc WebCore::ResourceLoadNotifier::willSendRequest(WebCore::ResourceLoader*, WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 96
8   com.apple.WebCore             	0x038d3233 WebCore::ResourceLoader::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 305
9   com.apple.WebCore             	0x038d39c3 WebCore::ResourceLoader::init(WebCore::ResourceRequest const&) + 539
10  com.apple.WebCore             	0x036b2dd9 WebCore::NetscapePlugInStreamLoader::create(WebCore::Frame*, WebCore::NetscapePlugInStreamLoaderClient*, WebCore::ResourceRequest const&) + 193
11  com.apple.WebCore             	0x038d5f48 WebCore::ResourceLoadScheduler::schedulePluginStreamLoad(WebCore::Frame*, WebCore::NetscapePlugInStreamLoaderClient*, WebCore::ResourceRequest const&) + 38
12  com.apple.WebKit              	0x00eb311d WebNetscapePluginStream::start() + 397 (WebNetscapePluginStream.mm:286)
13  com.apple.WebKit              	0x00ebafdb -[WebNetscapePluginDocumentView(WebNPPCallbacks) loadRequest:inTarget:withNotifyData:sendNotification:] + 1255 (WebNetscapePluginView.mm:1772)
14  com.apple.WebKit              	0x00ebd647 -[WebNetscapePluginDocumentView loadStream] + 385 (WebNetscapePluginView.mm:1173)
15  com.apple.WebKit              	0x00e38633 -[WebBaseNetscapePluginView start] + 859 (WebBaseNetscapePluginView.mm:475)
16  com.apple.WebKit              	0x00e35647 -[WebBaseNetscapePluginView viewDidMoveToWindow] + 265 (WebBaseNetscapePluginView.mm:662)
17  com.apple.AppKit              	0x938c5ddc -[NSView _setWindow:] + 1413
18  com.apple.AppKit              	0x938cebe5 -[NSView addSubview:] + 470
19  com.apple.WebKit              	0x00e8d14b -[WebHTMLView addSubview:] + 61 (WebHTMLView.mm:3090)
20  com.apple.WebCore             	0x03928d19 WebCore::ScrollView::platformAddChild(WebCore::Widget*) + 461
21  com.apple.WebCore             	0x03924349 WebCore::ScrollView::addChild(WTF::PassRefPtr<WebCore::Widget>) + 267
22  com.apple.WebCore             	0x038bd83a __ZN7WebCoreL22moveWidgetToParentSoonEPNS_6WidgetEPNS_9FrameViewE + 70
23  com.apple.WebCore             	0x038bdbaa WebCore::RenderWidget::setWidget(WTF::PassRefPtr<WebCore::Widget>) + 688
24  com.apple.WebCore             	0x0380e1b2 WebCore::RenderPart::setWidget(WTF::PassRefPtr<WebCore::Widget>) + 72
25  com.apple.WebCore             	0x039a27e0 WebCore::SubframeLoader::loadPlugin(WebCore::HTMLPlugInImageElement*, WebCore::KURL const&, WTF::String const&, WTF::Vector<WTF::String, 0ul> const&, WTF::Vector<WTF::String, 0ul> const&, bool) + 544
26  com.apple.WebCore             	0x039a35d8 WebCore::SubframeLoader::requestPlugin(WebCore::HTMLPlugInImageElement*, WebCore::KURL const&, WTF::String const&, WTF::Vector<WTF::String, 0ul> const&, WTF::Vector<WTF::String, 0ul> const&, bool) + 448
27  com.apple.WebCore             	0x039a3779 WebCore::SubframeLoader::requestObject(WebCore::HTMLPlugInImageElement*, WTF::String const&, WTF::AtomicString const&, WTF::String const&, WTF::Vector<WTF::String, 0ul> const&, WTF::Vector<WTF::String, 0ul> const&) + 401
28  com.apple.WebCore             	0x031de24e WebCore::HTMLEmbedElement::updateWidget(WebCore::PluginCreationOption) + 642
29  com.apple.WebCore             	0x0314fabe WebCore::FrameView::updateWidget(WebCore::RenderEmbeddedObject*) + 388
30  com.apple.WebCore             	0x0314fc7d WebCore::FrameView::updateWidgets() + 365
31  com.apple.WebCore             	0x0314ffe3 WebCore::FrameView::performPostLayoutTasks() + 287
32  com.apple.WebCore             	0x03153f53 WebCore::FrameView::layout(bool) + 3641
33  com.apple.WebCore             	0x0312c487 WebCore::Frame::scalePage(float, WebCore::IntPoint const&) + 259
34  com.apple.WebKit              	0x00f0cad4 -[WebView(WebPrivate) _scaleWebView:atOrigin:] + 88 (WebView.mm:2696)
35  DumpRenderTree                	0x00015349 __ZL42resetWebViewToConsistentStateBeforeTestingv + 213
36  DumpRenderTree                	0x00016149 __ZL7runTestRKSs + 747
37  DumpRenderTree                	0x00016ab1 __ZL20runTestingServerLoopv + 119
38  DumpRenderTree                	0x00016d44 dumpRenderTree(int, char const**) + 340
39  DumpRenderTree                	0x00016f70 main + 94 (DumpRenderTree.mm:726)
40  DumpRenderTree                	0x00002f4e start + 54

Comment 1 mitz 2011-04-03 15:20:37 PDT

The crash happens because the callback is made after clearing the previous test’s layout test controller and before making a new one for the next test, so gLayoutTestController is null.

Comment 2 mitz 2011-04-03 15:46:04 PDT

Created attachment 88022 [details]
Avoid unnecessary layout when the page scale is not changing

Comment 3 Maciej Stachowiak 2011-04-03 16:16:49 PDT

Comment on attachment 88022 [details]
Avoid unnecessary layout when the page scale is not changing

r=me

Comment 4 mitz 2011-04-03 16:23:39 PDT

Fixed in r82795. <http://trac.webkit.org/changeset/82795>