Bug 105529 - [Qt]REGRESSION(r138222): It made fast/forms/number/number-spinbutton-click-in-iframe.html crash
Summary: [Qt]REGRESSION(r138222): It made fast/forms/number/number-spinbutton-click-in...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 420+
Hardware: Unspecified Unspecified
: P1 Critical
Assignee: Nobody
URL:
Keywords: Qt, QtTriaged
Depends on:
Blocks: 105330 79668
  Show dependency treegraph
 
Reported: 2012-12-20 04:10 PST by Csaba Osztrogonác
Modified: 2012-12-20 08:47 PST (History)
5 users (show)

See Also:

Attachments
Patch (1.96 KB, patch)
2012-12-20 05:44 PST, Carlos Garcia Campos 		no flags Details | Formatted Diff | Diff
Updated patch (3.25 KB, patch)
2012-12-20 05:56 PST, Carlos Garcia Campos 		japhet: review+
Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Csaba Osztrogonác 2012-12-20 04:10:58 PST 
$ gdb WebKitBuild/Debug/bin/DumpRenderTree
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/oszi/WebKit/WebKitBuild/Debug/bin/DumpRenderTree...done.
(gdb) run LayoutTests/fast/forms/number/number-spinbutton-click-in-iframe.html
Starting program: /home/oszi/WebKit/WebKitBuild/Debug/bin/DumpRenderTree LayoutTests/fast/forms/number/number-spinbutton-click-in-iframe.html
[Thread debugging using libthread_db enabled]
[New Thread 0x7fffa1e69700 (LWP 18300)]
[Thread 0x7fffa1e69700 (LWP 18300) exited]
[New Thread 0x7fffa1e69700 (LWP 18301)]
[New Thread 0x7fffa1089700 (LWP 18302)]

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7594fd6 in WebCore::Frame::page (this=0x0) at /home/oszi/WebKit/Source/WebCore/page/Frame.h:330
330             return m_page;
(gdb) bt
#0  0x00007ffff7594fd6 in WebCore::Frame::page (this=0x0) at /home/oszi/WebKit/Source/WebCore/page/Frame.h:330
#1  0x00007ffff438544f in WebCore::MainResourceLoader::load (this=0x7d3050, initialRequest=..., substituteData=...) at /home/oszi/WebKit/Source/WebCore/loader/MainResourceLoader.cpp:647
#2  0x00007ffff434b207 in WebCore::DocumentLoader::startLoadingMainResource (this=0x7d3960) at /home/oszi/WebKit/Source/WebCore/loader/DocumentLoader.cpp:888
#3  0x00007ffff43692d2 in WebCore::FrameLoader::continueLoadAfterWillSubmitForm (this=0x7cf7a8) at /home/oszi/WebKit/Source/WebCore/loader/FrameLoader.cpp:2217
#4  0x00007ffff436be87 in WebCore::FrameLoader::continueLoadAfterNavigationPolicy (this=0x7cf7a8, formState=..., shouldContinue=true) at /home/oszi/WebKit/Source/WebCore/loader/FrameLoader.cpp:2818
#5  0x00007ffff436b590 in WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy (argument=0x7cf7a8, request=..., formState=..., shouldContinue=true) at /home/oszi/WebKit/Source/WebCore/loader/FrameLoader.cpp:2688
#6  0x00007ffff4388d8d in WebCore::PolicyCallback::call (this=0x7fffffff9d30, shouldContinue=true) at /home/oszi/WebKit/Source/WebCore/loader/PolicyCallback.cpp:103
#7  0x00007ffff4389e01 in WebCore::PolicyChecker::continueAfterNavigationPolicy (this=0x7cf7b8, policy=WebCore::PolicyUse) at /home/oszi/WebKit/Source/WebCore/loader/PolicyChecker.cpp:167
#8  0x00007ffff75a56f6 in WebCore::FrameLoaderClientQt::callPolicyFunction (this=0x7e2fe0, function=0x7ffff4389bb6 <WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction)>, action=WebCore::PolicyUse)
    at /home/oszi/WebKit/Source/WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:242
#9  0x00007ffff75ab81a in WebCore::FrameLoaderClientQt::dispatchDecidePolicyForNavigationAction (this=0x7e2fe0, function=0x7ffff4389bb6 <WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction)>, action=...,
    request=...) at /home/oszi/WebKit/Source/WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:1284
#10 0x00007ffff4389721 in WebCore::PolicyChecker::checkNavigationPolicy (this=0x7cf7b8, request=..., loader=0x7d3960, formState=...,
    function=0x7ffff436b53a <WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>, argument=0x7cf7a8)
    at /home/oszi/WebKit/Source/WebCore/loader/PolicyChecker.cpp:89
#11 0x00007ffff4365a0b in WebCore::FrameLoader::loadWithDocumentLoader (this=0x7cf7a8, loader=0x7d3960, type=WebCore::FrameLoadTypeRedirectWithLockedBackForwardList, prpFormState=...)
    at /home/oszi/WebKit/Source/WebCore/loader/FrameLoader.cpp:1398
#12 0x00007ffff436525b in WebCore::FrameLoader::loadWithNavigationAction (this=0x7cf7a8, request=..., action=..., lockHistory=false, type=WebCore::FrameLoadTypeRedirectWithLockedBackForwardList, formState=...)
    at /home/oszi/WebKit/Source/WebCore/loader/FrameLoader.cpp:1302
#13 0x00007ffff4364863 in WebCore::FrameLoader::loadURL (this=0x7cf7a8, newURL=..., referrer=..., frameName=..., lockHistory=false, newLoadType=WebCore::FrameLoadTypeRedirectWithLockedBackForwardList, event=..., prpFormState=...)
    at /home/oszi/WebKit/Source/WebCore/loader/FrameLoader.cpp:1237
#14 0x00007ffff4362ba1 in WebCore::FrameLoader::loadURLIntoChildFrame (this=0x6b2ab8, url=..., referer=..., childFrame=0x7cf720) at /home/oszi/WebKit/Source/WebCore/loader/FrameLoader.cpp:860
#15 0x00007ffff75abc75 in WebCore::FrameLoaderClientQt::createFrame (this=0x6b2840, url=..., name=..., ownerElement=0x7f1990, referrer=..., allowsScrolling=true, marginWidth=-1, marginHeight=-1)
    at /home/oszi/WebKit/Source/WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:1329
#16 0x00007ffff439b6ad in WebCore::SubframeLoader::loadSubframe (this=0x6b2d08, ownerElement=0x7f1990, url=..., name=..., referrer=...) at /home/oszi/WebKit/Source/WebCore/loader/SubframeLoader.cpp:370
#17 0x00007ffff439b3ee in WebCore::SubframeLoader::loadOrRedirectSubframe (this=0x6b2d08, ownerElement=0x7f1990, url=..., frameName=..., lockHistory=true, lockBackForwardList=true)
    at /home/oszi/WebKit/Source/WebCore/loader/SubframeLoader.cpp:341
#18 0x00007ffff439a0c9 in WebCore::SubframeLoader::requestFrame (this=0x6b2d08, ownerElement=0x7f1990, urlString=..., frameName=..., lockHistory=true, lockBackForwardList=true)
    at /home/oszi/WebKit/Source/WebCore/loader/SubframeLoader.cpp:87
#19 0x00007ffff40fb527 in WebCore::HTMLFrameElementBase::openURL (this=0x7f1990, lockHistory=true, lockBackForwardList=true) at /home/oszi/WebKit/Source/WebCore/html/HTMLFrameElementBase.cpp:88
#20 0x00007ffff40fbb6c in WebCore::HTMLFrameElementBase::setNameAndOpenURL (this=0x7f1990) at /home/oszi/WebKit/Source/WebCore/html/HTMLFrameElementBase.cpp:141
#21 0x00007ffff40fbc37 in WebCore::HTMLFrameElementBase::didNotifySubtreeInsertions (this=0x7f1990) at /home/oszi/WebKit/Source/WebCore/html/HTMLFrameElementBase.cpp:172
#22 0x00007ffff3e873ad in WebCore::ChildNodeInsertionNotifier::notify (this=0x7fffffffb280, node=0x7f1990) at /home/oszi/WebKit/Source/WebCore/dom/ContainerNodeAlgorithms.h:230
#23 0x00007ffff3e8c440 in updateTreeAfterInsertion (parent=0x7814d0, child=0x7f1990, shouldLazyAttach=true) at /home/oszi/WebKit/Source/WebCore/dom/ContainerNode.cpp:1095
#24 0x00007ffff3e8a455 in WebCore::ContainerNode::appendChild (this=0x7814d0, newChild=..., ec=@0x7fffffffb41c, shouldLazyAttach=true) at /home/oszi/WebKit/Source/WebCore/dom/ContainerNode.cpp:676
#25 0x00007ffff3f5f1c0 in WebCore::Node::appendChild (this=0x7814d0, newChild=..., ec=@0x7fffffffb41c, shouldLazyAttach=true) at /home/oszi/WebKit/Source/WebCore/dom/Node.cpp:595
#26 0x00007ffff3c001f7 in WebCore::JSNode::appendChild (this=0x7fffa111fb40, exec=0x7fffa11c0100) at /home/oszi/WebKit/Source/WebCore/bindings/js/JSNodeCustom.cpp:181
#27 0x00007ffff4d3e377 in WebCore::jsNodePrototypeFunctionAppendChild (exec=0x7fffa11c0100) at generated/JSNode.cpp:496
#28 0x00007fffa1e6b265 in ?? ()
#29 0x00007fffffffb550 in ?? ()
#30 0x00007ffff07beb21 in llint_op_call () from /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1
#31 0x00007fffa11c0058 in ?? ()
warning: (Internal error: pc 0x712250 in read in psymtab, but not in symtab.)

warning: (Internal error: pc 0x71224f in read in psymtab, but not in symtab.)

warning: (Internal error: pc 0x71224f in read in psymtab, but not in symtab.)

#32 0x0000000000712250 in ?? (warning: (Internal error: pc 0x71224f in read in psymtab, but not in symtab.)

)
warning: (Internal error: pc 0x71224f in read in psymtab, but not in symtab.)

#33 0x00007fffffffb510 in ?? ()
#34 0x00007ffff0763237 in JSC::JSStack::installTrapsAfterFrame (this=0x0, frame=0x0) at /home/oszi/WebKit/Source/JavaScriptCore/interpreter/JSStackInlines.h:213
#35 0x00007ffff0761fa2 in JSC::JITCode::execute (this=0x7fffa11b7b80, stack=0x712250, callFrame=0x7fffa11c0058, globalData=0x707700) at /home/oszi/WebKit/Source/JavaScriptCore/jit/JITCode.h:134
#36 0x00007ffff075f08c in JSC::Interpreter::execute (this=0x712240, program=0x7fffa11b7b60, callFrame=0x7fffa115f388, thisObj=0x7fffa119ffc0) at /home/oszi/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:983
#37 0x00007ffff08555ef in JSC::evaluate (exec=0x7fffa115f388, source=..., thisValue=..., returnedException=0x7fffffffcb60) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:75
#38 0x00007ffff3bf77e0 in WebCore::JSMainThreadExecState::evaluate (exec=0x7fffa115f388, source=..., thisValue=..., exception=0x7fffffffcb60) at /home/oszi/WebKit/Source/WebCore/bindings/js/JSMainThreadExecState.h:77
#39 0x00007ffff3c196ef in WebCore::ScriptController::evaluateInWorld (this=0x6b2f10, sourceCode=..., world=0x7126a0) at /home/oszi/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:141
#40 0x00007ffff3c1980e in WebCore::ScriptController::evaluate (this=0x6b2f10, sourceCode=...) at /home/oszi/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:158
#41 0x00007ffff3f965fb in WebCore::ScriptElement::executeScript (this=0x7463f0, sourceCode=...) at /home/oszi/WebKit/Source/WebCore/dom/ScriptElement.cpp:304
#42 0x00007ffff3f95ddf in WebCore::ScriptElement::prepareScript (this=0x7463f0, scriptStartPosition=..., supportLegacyTypes=WebCore::ScriptElement::DisallowLegacyTypeInTypeAttribute)
    at /home/oszi/WebKit/Source/WebCore/dom/ScriptElement.cpp:242
#43 0x00007ffff418551c in WebCore::HTMLScriptRunner::runScript (this=0x772840, script=0x746380, scriptStartPosition=...) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:290
#44 0x00007ffff4184b2d in WebCore::HTMLScriptRunner::execute (this=0x772840, scriptElement=..., scriptStartPosition=...) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:170
#45 0x00007ffff417582d in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder (this=0x762f40) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:200
#46 0x00007ffff41758df in WebCore::HTMLDocumentParser::canTakeNextToken (this=0x762f40, mode=WebCore::HTMLDocumentParser::AllowYield, session=...) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:217
#47 0x00007ffff4175d10 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x762f40, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:254
#48 0x00007ffff41756da in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x762f40, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:173
#49 0x00007ffff417685f in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution (this=0x762f40) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:476
#50 0x00007ffff4176b15 in WebCore::HTMLDocumentParser::notifyFinished (this=0x762f40, cachedResource=0x77f240) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:516
---Type <return> to continue, or q <return> to quit---
#51 0x00007ffff4327ace in WebCore::CachedResource::checkNotify (this=0x77f240) at /home/oszi/WebKit/Source/WebCore/loader/cache/CachedResource.cpp:336
#52 0x00007ffff4333aed in WebCore::CachedScript::data (this=0x77f240, data=..., allDataReceived=true) at /home/oszi/WebKit/Source/WebCore/loader/cache/CachedScript.cpp:90
#53 0x00007ffff439d78e in WebCore::SubresourceLoader::didFinishLoading (this=0x77f840, finishTime=0) at /home/oszi/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:276
#54 0x00007ffff439254d in WebCore::ResourceLoader::didFinishLoading (this=0x77f840, finishTime=0) at /home/oszi/WebKit/Source/WebCore/loader/ResourceLoader.cpp:456
#55 0x00007ffff48cb8eb in WebCore::QNetworkReplyHandler::finish (this=0x780500) at /home/oszi/WebKit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:510
#56 0x00007ffff48c9f2e in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x780538) at /home/oszi/WebKit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:249
#57 0x00007ffff48c9c17 in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x780538, method=0x7ffff48cb718 <WebCore::QNetworkReplyHandler::finish()>) at /home/oszi/WebKit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:215
#58 0x00007ffff48caf1c in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x781840) at /home/oszi/WebKit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:403
#59 0x00007ffff48cdc51 in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x781840, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffd570) at .moc/release-shared/moc_QNetworkReplyHandler.cpp:173
#60 0x00007fffe8ded0d8 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#61 0x00007fffe8de770e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#62 0x00007fffea4798cc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#63 0x00007fffea47fbeb in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#64 0x00007fffe8dc2c04 in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#65 0x00007fffe8dc7829 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#66 0x00007fffe8e0ed43 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#67 0x00007fffec2876f2 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#68 0x00007fffec28b568 in ?? () from /lib/libglib-2.0.so.0
#69 0x00007fffec28b71c in g_main_context_iteration () from /lib/libglib-2.0.so.0
#70 0x00007fffe8e0e81b in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#71 0x00007fffe8dc1e4b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#72 0x00007fffe8dc7e4d in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#73 0x0000000000431d54 in main (argc=2, argv=0x7fffffffe3b8) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeMain.cpp:203
(gdb)
Comment 1 Csaba Osztrogonác 2012-12-20 04:14:12 PST 
I skipped it on Qt by r138243 to paint the bots green.\
Please unskip it with the proper fix.
Comment 2 Carlos Garcia Campos 2012-12-20 05:44:27 PST 
Created attachment 180327 [details]
Patch

Ossy confirmed on IRC this patch fixes the crash.
Comment 3 Carlos Garcia Campos 2012-12-20 05:56:41 PST 
Created attachment 180328 [details]
Updated patch

Forgot to unskip the test, sorry.
Comment 4 Nate Chapin 2012-12-20 08:40:50 PST 
Comment on attachment 180328 [details]
Updated patch

Derp. I should've caught that.

Thanks!
Comment 5 Carlos Garcia Campos 2012-12-20 08:47:10 PST 
Committed r138258: <http://trac.webkit.org/changeset/138258>