WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
109826
REGRESSION (
r142505
?): Crashes in WebCore::ScrollingStateNode::appendChild when using back/forward buttons
https://bugs.webkit.org/show_bug.cgi?id=109826
Summary
REGRESSION (r142505?): Crashes in WebCore::ScrollingStateNode::appendChild wh...
Dieter Komendera
Reported
2013-02-14 06:50:35 PST
Created
attachment 188340
[details]
full crash report Since yesterdays nightly builds I see crashes likes this when using the back/forward buttons. Haven't noticed a pattern when the crash happens, will post an update if I find something. Tested with Safari 6.0.2 (8536.26.17, 537+) and nightly
r142854
. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x0000000109143c68 WebCore::ScrollingStateNode::appendChild(WTF::PassOwnPtr<WebCore::ScrollingStateNode>) + 24 1 com.apple.WebCore 0x0000000109145a65 WebCore::ScrollingStateTree::attachNode(WebCore::ScrollingNodeType, unsigned long long, unsigned long long) + 501 2 com.apple.WebCore 0x0000000109029eb2 WebCore::RenderLayerBacking::attachToScrollingCoordinatorWithParent(WebCore::RenderLayerBacking*) + 162 3 com.apple.WebCore 0x000000010902d818 WebCore::RenderLayerCompositor::registerOrUpdateViewportConstrainedLayer(WebCore::RenderLayer*) + 248 4 com.apple.WebCore 0x00000001090326f3 WebCore::RenderLayerCompositor::updateViewportConstraintStatus(WebCore::RenderLayer*) + 163 5 com.apple.WebCore 0x0000000109029798 WebCore::RenderLayerBacking::registerScrollingLayers() + 88 6 com.apple.WebCore 0x000000010902869e WebCore::RenderLayerBacking::updateGraphicsLayerGeometry() + 5374 7 com.apple.WebCore 0x0000000109030c8d WebCore::RenderLayerCompositor::updateCompositingDescendantGeometry(WebCore::RenderLayer*, WebCore::RenderLayer*, bool) + 93 8 com.apple.WebCore 0x0000000109030e07 WebCore::RenderLayerCompositor::updateCompositingDescendantGeometry(WebCore::RenderLayer*, WebCore::RenderLayer*, bool) + 471 9 com.apple.WebCore 0x0000000109030e07 WebCore::RenderLayerCompositor::updateCompositingDescendantGeometry(WebCore::RenderLayer*, WebCore::RenderLayer*, bool) + 471 10 com.apple.WebCore 0x0000000109027130 WebCore::RenderLayerBacking::updateAfterLayout(unsigned int) + 64 11 com.apple.WebCore 0x000000010900e1c0 WebCore::RenderLayer::updateLayerPositions(WebCore::RenderGeometryMap*, unsigned int) + 1440 12 com.apple.WebCore 0x000000010900dc04 WebCore::RenderLayer::updateLayerPositionsAfterLayout(WebCore::RenderLayer const*, unsigned int) + 84 13 com.apple.WebCore 0x00000001089886d5 WebCore::FrameView::layout(bool) + 2197 14 com.apple.WebCore 0x000000010897248d WebCore::FrameLoader::commitProvisionalLoad() + 893 15 com.apple.WebCore 0x0000000108970f96 WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 502 16 com.apple.WebCore 0x0000000108971080 WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 32 17 com.apple.WebCore 0x0000000108f68299 WebCore::PolicyChecker::checkNavigationPolicy(WebCore::ResourceRequest const&, WebCore::DocumentLoader*, WTF::PassRefPtr<WebCore::FormState>, void (*)(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool), void*) + 489 18 com.apple.WebCore 0x0000000108970c47 WebCore::FrameLoader::loadWithDocumentLoader(WebCore::DocumentLoader*, WebCore::FrameLoadType, WTF::PassRefPtr<WebCore::FormState>) + 1287 19 com.apple.WebCore 0x000000010896d815 WebCore::FrameLoader::loadDifferentDocumentItem(WebCore::HistoryItem*, WebCore::FrameLoadType, WebCore::FrameLoader::FormSubmissionCacheLoadPolicy) + 101 20 com.apple.WebCore 0x00000001089d3b3c WebCore::HistoryController::recursiveGoToItem(WebCore::HistoryItem*, WebCore::HistoryItem*, WebCore::FrameLoadType) + 460 21 com.apple.WebCore 0x00000001089d3748 WebCore::HistoryController::goToItem(WebCore::HistoryItem*, WebCore::FrameLoadType) + 216 22 com.apple.WebCore 0x0000000108f400a5 WebCore::Page::goToItem(WebCore::HistoryItem*, WebCore::FrameLoadType) + 85 23 com.apple.WebKit2 0x0000000107e52087 WebKit::WebPage::goBack(unsigned long long) + 39
Attachments
full crash report
(63.38 KB, application/octet-stream)
2013-02-14 06:50 PST
,
Dieter Komendera
no flags
Details
Patch
(6.93 KB, patch)
2013-02-15 15:22 PST
,
Simon Fraser (smfr)
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Dieter Komendera
Comment 1
2013-02-14 06:55:49 PST
Maybe
http://trac.webkit.org/changeset/142505
?
Simon Fraser (smfr)
Comment 2
2013-02-14 12:51:27 PST
<
rdar://problem/13216100
>
Dieter Komendera
Comment 3
2013-02-15 02:06:58 PST
I'm able to reproduce the crash with one of our sites reliably now and cooked up a testcase. I stripped out us much html as I could. To reproduce: * navigate to
http://static.abloom.at/kommen/webkit/bug-109826.html
* click Safari's previous page button * click Safari's next page button Hope that helps.
Simon Fraser (smfr)
Comment 4
2013-02-15 15:22:13 PST
Created
attachment 188651
[details]
Patch
WebKit Review Bot
Comment 5
2013-02-15 17:22:18 PST
Comment on
attachment 188651
[details]
Patch Clearing flags on attachment: 188651 Committed
r143074
: <
http://trac.webkit.org/changeset/143074
>
WebKit Review Bot
Comment 6
2013-02-15 17:22:22 PST
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug