NEW 112620
ASSERTION FAILED: !NoEventDispatchAssertion::isEventDispatchForbidden() 
https://bugs.webkit.org/show_bug.cgi?id=112620
Summary ASSERTION FAILED: !NoEventDispatchAssertion::isEventDispatchForbidden()
Simon Fraser (smfr)
Reported 2013-03-18 13:56:47 PDT
svg/custom/image-with-attr-change-after-delete-crash.html asserted: ASSERTION FAILED: !NoEventDispatchAssertion::isEventDispatchForbidden() http://build.webkit.org/results/Apple%20MountainLion%20Debug%20WK1%20(Tests)/r146104%20(6472)/svg/custom/image-with-attr-change-after-delete-crash-crash-log.txt Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef VM Regions Near 0xbbadbeef: --> __TEXT 000000010505c000-00000001050f6000 [ 616K] r-x/rwx SM=COW /Volumes/VOLUME/* Application Specific Information: CRASHING TEST: svg/custom/image-with-attr-change-after-delete-crash.html Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000001071e199d WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 93 (EventTarget.cpp:188) 1 com.apple.WebCore 0x0000000107120d90 WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 272 (DOMWindow.cpp:1706) 2 com.apple.WebCore 0x00000001072af9a7 WebCore::FrameLoader::stopLoading(WebCore::UnloadEventPolicy) + 519 (FrameLoader.cpp:406) 3 com.apple.WebCore 0x00000001072b010f WebCore::FrameLoader::closeURL() + 111 (FrameLoader.cpp:488) 4 com.apple.WebCore 0x00000001072b9c9c WebCore::FrameLoader::detachFromParent() + 44 (FrameLoader.cpp:2411) 5 com.apple.WebCore 0x00000001072ba067 WebCore::FrameLoader::frameDetached() + 71 (FrameLoader.cpp:2404) 6 com.apple.WebCore 0x00000001084dc2be WebCore::SVGImage::~SVGImage() + 142 (SVGImage.cpp:56) 7 com.apple.WebCore 0x00000001084dc225 WebCore::SVGImage::~SVGImage() + 21 (SVGImage.cpp:61) 8 com.apple.WebCore 0x00000001084dc1f9 WebCore::SVGImage::~SVGImage() + 25 (SVGImage.cpp:52) 9 com.apple.WebCore 0x0000000106c76463 WTF::RefCounted<WebCore::Image>::deref() + 83 (RefCounted.h:203) 10 com.apple.WebCore 0x0000000106c763fb void WTF::derefIfNotNull<WebCore::Image>(WebCore::Image*) + 59 (PassRefPtr.h:54) 11 com.apple.WebCore 0x0000000106c782e7 WTF::RefPtr<WebCore::Image>::clear() + 39 (RefPtr.h:99) 12 com.apple.WebCore 0x0000000106c72387 WebCore::CachedImage::clearImage() + 103 (CachedImage.cpp:347) 13 com.apple.WebCore 0x0000000106c6fd8a WebCore::CachedImage::~CachedImage() + 58 (CachedImage.cpp:79) 14 com.apple.WebCore 0x0000000106c6fd15 WebCore::CachedImage::~CachedImage() + 21 (CachedImage.cpp:79) 15 com.apple.WebCore 0x0000000106c6fce9 WebCore::CachedImage::~CachedImage() + 25 (CachedImage.cpp:77) 16 com.apple.WebCore 0x0000000106c81c0e WebCore::CachedResource::deleteIfPossible() + 94 (CachedResource.cpp:611) 17 com.apple.WebCore 0x0000000107d94089 WebCore::MemoryCache::evict(WebCore::CachedResource*) + 505 (MemoryCache.cpp:454) 18 com.apple.WebCore 0x0000000107d95317 WebCore::MemoryCache::pruneDeadResourcesToSize(unsigned int) + 1143 (MemoryCache.cpp:368) 19 com.apple.WebCore 0x0000000107d94e8b WebCore::MemoryCache::pruneDeadResources() + 123 (MemoryCache.cpp:293) 20 com.apple.WebCore 0x0000000107d95702 WebCore::MemoryCache::prune() + 82 (MemoryCache.cpp:838) 21 com.apple.WebCore 0x0000000106c81b47 WebCore::CachedResource::removeClient(WebCore::CachedResourceClient*) + 631 (CachedResource.cpp:587) 22 com.apple.WebCore 0x0000000107ff7c85 WebCore::RenderImageResource::shutdown() + 165 (RenderImageResource.cpp:61) 23 com.apple.WebCore 0x00000001080f15f6 WebCore::RenderSVGImage::~RenderSVGImage() + 70 (RenderSVGImage.cpp:62) 24 com.apple.WebCore 0x00000001080f15a5 WebCore::RenderSVGImage::~RenderSVGImage() + 21 (RenderSVGImage.cpp:62) 25 com.apple.WebCore 0x00000001080f1569 WebCore::RenderSVGImage::~RenderSVGImage() + 25 (RenderSVGImage.cpp:60) 26 com.apple.WebCore 0x00000001080a148b WebCore::RenderObject::arenaDelete(WebCore::RenderArena*, void*) + 459 (RenderObject.cpp:2605) 27 com.apple.WebCore 0x00000001080a12b1 WebCore::RenderObject::destroy() + 65 (RenderObject.cpp:2577) 28 com.apple.WebCore 0x00000001080a1267 WebCore::RenderObject::destroyAndCleanupAnonymousWrappers() + 247 (RenderObject.cpp:2571) 29 com.apple.WebCore 0x0000000107de6e85 WebCore::Node::detach() + 149 (Node.cpp:1114) 30 com.apple.WebCore 0x0000000106d3163b WebCore::ContainerNode::detach() + 43 (ContainerNode.cpp:835) 31 com.apple.WebCore 0x00000001071874b0 WebCore::Element::detach() + 288 (Element.cpp:1318)
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2013-03-18 16:17:18 PDT
It is certainly very true that no events should be dispatched here.
Note You need to log in before you can comment on or make changes to this bug.