Bug 60808

Summary: Crash (preceded by assertion failure in Document::updateStyleIfNeeded) on http://javatester.org/enabled.html
Product: WebKit Reporter: Adam Roben (:aroben) <aroben>
Component: Plug-insAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WONTFIX    
Severity: Normal CC: ap
Priority: P2 Keywords: InRadar, PlatformOnly
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows 7   
URL: http://javatester.org/enabled.html

Adam Roben (:aroben)
Reported 2011-05-13 14:59:29 PDT
To reproduce: 1. Install Java 6 Update 3 from http://java.sun.com/products/archive/j2se/6u3/index.html 2. Go to http://javatester.org/enabled.html You'll first hit an assertion failure in Document::updateStyleIfNeeded, then sometime later you'll crash. It looks like Java is spinning a nested message loop which is causing WebCore Timers to fire at unexpected times. Here's the backtrace of the asertion failure: > WebKit.dll!WebCore::Document::updateStyleIfNeeded() Line 1576 C++ WebKit.dll!WebCore::RenderView::selectionBounds(bool clipToVisibleContent=true) Line 345 + 0x26 bytes C++ WebKit.dll!WebCore::FrameSelection::bounds(bool clipToVisibleContent=true) Line 1805 C++ WebKit.dll!WebCore::FrameSelection::focusedOrActiveStateChanged() Line 1560 + 0x12 bytes C++ WebKit.dll!WebCore::FrameSelection::setFocused(bool flag=false) Line 1611 C++ WebKit.dll!WebCore::FocusController::setFocused(bool focused=false) Line 143 C++ WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd=0x00030bd4, unsigned int message=8, unsigned int wParam=0, long lParam=0) Line 2250 C++ user32.dll!_InternalCallWinProc@20() + 0x28 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_CallWindowProcAorW@24() + 0x51 bytes user32.dll!_CallWindowProcW@20() + 0x1b bytes comctl32.dll!_CallOriginalWndProc@24() + 0x1a bytes comctl32.dll!_CallNextSubclassProc@20() + 0x3c bytes comctl32.dll!_DefSubclassProc@16() + 0x46 bytes comctl32.dll!TTSubclassProc() + 0x59 bytes comctl32.dll!_CallNextSubclassProc@20() + 0x3c bytes comctl32.dll!_MasterSubclassProc@16() + 0x54 bytes user32.dll!_InternalCallWinProc@20() + 0x28 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_DispatchClientMessage@20() + 0x4d bytes user32.dll!___fnDWORD@4() + 0x24 bytes ntdll.dll!_KiUserCallbackDispatcher@12() + 0x13 bytes user32.dll!_NtUserMessageCall@28() + 0xc bytes user32.dll!_SendMessageW@16() + 0x49 bytes awt.dll!6d110d12() [Frames below may be incorrect and/or missing, no symbols loaded for awt.dll] jvm.dll!135d02ec() jvm.dll!135d067d() jvm.dll!1365f4f1() jvm.dll!135f7988() jvm.dll!135d9aa3() jvm.dll!135d070e() jvm.dll!135d9a7b() jvm.dll!1365197a() jvm.dll!13529125() msvcr71.dll!7c34218f() jvm.dll!1365197a() jvm.dll!1365197a() msvcr71.dll!7c34218f() jvm.dll!135280f6() jvm.dll!135dc933() jpinscp.dll!6d4c6f03() jpinscp.dll!6d4c74e0() jpinscp.dll!6d4c39a4() jpinscp.dll!6d4c3c41() jpioji.dll!6d4e3215() npJavaPlugin.dll!JavaPlugin::windowCreated() + 0x25 bytes C++ npJavaPlugin.dll!NP::Plugin::setwindow() + 0x31 bytes C++ WebKit.dll!WebCore::PluginView::setNPWindowRect(const WebCore::IntRect & rect={...}) Line 811 + 0x2d bytes C++ WebKit.dll!WebCore::PluginView::platformStart() Line 1000 C++ WebKit.dll!WebCore::PluginView::start() Line 268 + 0x8 bytes C++ WebKit.dll!WebCore::PluginView::startOrAddToUnstartedList() Line 224 C++ WebKit.dll!WebCore::PluginView::init() Line 201 + 0x8 bytes C++ WebKit.dll!WebCore::PluginView::setParent(WebCore::ScrollView * parent=0x10809548) Line 750 C++ WebKit.dll!WebCore::ScrollView::addChild(WTF::PassRefPtr<WebCore::Widget> prpChild={...}) Line 74 + 0x13 bytes C++ WebKit.dll!WebCore::moveWidgetToParentSoon(WebCore::Widget * child=0x106000f8, WebCore::FrameView * parent=0x10809548) Line 91 C++ WebKit.dll!WebCore::RenderWidget::setWidget(WTF::PassRefPtr<WebCore::Widget> widget={...}) Line 215 + 0x18 bytes C++ WebKit.dll!WebCore::RenderApplet::createWidgetIfNecessary() Line 81 C++ WebKit.dll!WebCore::RenderApplet::layout() Line 92 C++ WebKit.dll!WebCore::RenderObject::layoutIfNeeded() Line 537 + 0x30 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutInlineChildren(bool relayoutChildren=true, int & repaintLogicalTop=0, int & repaintLogicalBottom=0) Line 1149 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true, int pageLogicalHeight=0) Line 1236 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 1133 + 0x16 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x1059169c, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatLogicalBottom=0, int & maxFloatLogicalBottom=0) Line 1975 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatLogicalBottom=0) Line 1914 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true, int pageLogicalHeight=0) Line 1240 C++ WebKit.dll!WebCore::RenderTableCell::layout() Line 162 + 0x1d bytes C++ WebKit.dll!WebCore::RenderTableRow::layout() Line 150 + 0x12 bytes C++ WebKit.dll!WebCore::RenderObject::layoutIfNeeded() Line 537 + 0x30 bytes C++ WebKit.dll!WebCore::RenderTableSection::layout() Line 404 C++ WebKit.dll!WebCore::RenderObject::layoutIfNeeded() Line 537 + 0x30 bytes C++ WebKit.dll!WebCore::RenderTable::layout() Line 307 C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x1038b424, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatLogicalBottom=0, int & maxFloatLogicalBottom=0) Line 1975 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatLogicalBottom=0) Line 1914 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true, int pageLogicalHeight=0) Line 1240 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 1133 + 0x16 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x1046dddc, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatLogicalBottom=0, int & maxFloatLogicalBottom=0) Line 1975 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatLogicalBottom=0) Line 1914 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true, int pageLogicalHeight=0) Line 1240 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 1133 + 0x16 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x0af4105c, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatLogicalBottom=0, int & maxFloatLogicalBottom=0) Line 1975 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatLogicalBottom=0) Line 1914 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true, int pageLogicalHeight=0) Line 1240 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 1133 + 0x16 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x106a7d14, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatLogicalBottom=0, int & maxFloatLogicalBottom=0) Line 1975 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatLogicalBottom=0) Line 1914 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true, int pageLogicalHeight=0) Line 1240 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 1133 + 0x16 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x1072268c, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatLogicalBottom=0, int & maxFloatLogicalBottom=0) Line 1975 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatLogicalBottom=0) Line 1914 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true, int pageLogicalHeight=0) Line 1240 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 1133 + 0x16 bytes C++ WebKit.dll!WebCore::RenderView::layout() Line 132 C++ WebKit.dll!WebCore::FrameView::layout(bool allowSubtree=true) Line 964 + 0x12 bytes C++ WebKit.dll!WebCore::FrameView::layoutTimerFired(WebCore::Timer<WebCore::FrameView> * __formal=0x10809660) Line 1685 C++ WebKit.dll!WebCore::Timer<WebCore::FrameView>::fired() Line 100 + 0x29 bytes C++ WebKit.dll!WebCore::ThreadTimers::sharedTimerFiredInternal() Line 112 + 0xf bytes C++ WebKit.dll!WebCore::ThreadTimers::sharedTimerFired() Line 91 C++ WebKit.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x002207cc, unsigned int message=49574, unsigned int wParam=0, long lParam=0) Line 103 + 0x8 bytes C++ user32.dll!_InternalCallWinProc@20() + 0x28 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_DispatchMessageWorker@8() + 0xdc bytes user32.dll!_DispatchMessageW@4() + 0xf bytes
Attachments
Add attachment proposed patch, testcase, etc.
Adam Roben (:aroben)
Comment 1 2011-05-13 15:02:17 PDT
This bug does not occur with the latest version of Java, Java 6 Update 25.
Adam Roben (:aroben)
Comment 2 2011-05-13 15:02:41 PDT
<rdar://problem/9436998>
Alexey Proskuryakov
Comment 3 2022-07-01 11:35:50 PDT
Mass closing plug-in bugs, as plug-in support has been removed from WebKit. Please comment and/or reopen if this still affects WebKit in some way.
Note You need to log in before you can comment on or make changes to this bug.