NEW 115261
REGRESSION(r144400): It made editing/selection/selection-invalid-offset.html fails with crash 
https://bugs.webkit.org/show_bug.cgi?id=115261
Summary REGRESSION(r144400): It made editing/selection/selection-invalid-offset.html ...
Ádám Kallai
Reported 2013-04-26 08:50:33 PDT
I could reproduce the problem. This test passes if it is run alone. Otherwise, if editing/selection/selection-in-iframe-removed-crash.html and editing/selection/selection-invalid-offset.html are run together, then the last one starts to fail with crash. The test fails with crash on debug bots. #0 0x00007f470a81f425 in __GI_raise (sig=<optimized out>) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64 #1 0x00007f470a822b8b in __GI_abort () at abort.c:91 #2 0x00007f470b14376e in QMessageLogger::fatal(char const*, ...) const () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #3 0x00007f4700b40018 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.1/plugins/platforms/libqxcb.so #4 0x00007f4700b41cbf in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.1/plugins/platforms/libqxcb.so #5 0x00007f4700b5099a in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.1/plugins/platforms/libqxcb.so #6 0x00007f470b7c0a67 in QGuiApplicationPrivate::createPlatformIntegration() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Gui.so.5 #7 0x00007f470b7c16dd in QGuiApplicationPrivate::createEventDispatcher() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Gui.so.5 #8 0x00007f470b2eaade in QCoreApplication::init() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #9 0x00007f470b2eab45 in QCoreApplication::QCoreApplication(QCoreApplicationPrivate&) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #10 0x00007f470b7c21b9 in QGuiApplication::QGuiApplication(QGuiApplicationPrivate&) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Gui.so.5 #11 0x00007f470c3890b2 in QApplication::QApplication(int&, char**, int) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5 #12 0x000000000042a4df in takeOptionValue (arguments=..., index=0) at /home/kadam/webkit/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeMain.cpp:88 #13 0x00007f470a80a76d in __libc_start_main (main=0x42a3d3 <isOption(QString const&)+636>, argc=2, ubp_av=0x7fffcdfb42d8, init=<optimized out>, fini=<optimized out>, rtld_fini=<optimized out>, stack_end=0x7fffcdfb42c8) at libc-start.c:226 #14 0x0000000000412f29 in QString::compare () #15 0x00007fffcdfb42c8 in ?? () #16 0x000000000000001c in ?? () #17 0x0000000000000002 in ?? () #18 0x00007fffcdfb4d48 in ?? () #19 0x00007fffcdfb4d87 in ?? () #20 0x0000000000000000 in ?? ()
Attachments
Add attachment proposed patch, testcase, etc.
Ádám Kallai
Comment 1 2013-04-26 09:13:00 PDT
Skipped in: http://trac.webkit.org/changeset/149189
Ryosuke Niwa
Comment 2 2013-04-26 11:31:28 PDT
The fix shouldn’t cause a new crash. Chances are, the crash had been masked by a use-after-free bug :(
Alexey Proskuryakov
Comment 3 2013-09-26 15:53:34 PDT
This test is flakily crashing on Mac too, and TestExpectations entry points to this bug. Removing [Qt] form title. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x0000000104b52e9a WebCore::FrameLoader::dispatchDidCommitLoad() + 122 (RefPtr.h:59) 1 com.apple.WebCore 0x0000000104b52c53 WebCore::FrameLoader::receivedFirstData() + 19 (FrameLoader.cpp:624) 2 com.apple.WebCore 0x0000000104a43594 WebCore::DocumentLoader::commitData(char const*, unsigned long) + 244 (RefPtr.h:40) 3 com.apple.WebKit 0x00000001045a2c63 -[WebHTMLRepresentation receivedData:withDataSource:] + 115 (WebHTMLRepresentation.mm:189) 4 com.apple.WebKit 0x0000000104577b00 -[WebDataSource(WebInternal) _receivedData:] + 64 (WebDataSource.mm:216) 5 com.apple.WebKit 0x000000010458ef57 WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 103 (WebFrameLoaderClient.mm:888) 6 com.apple.WebCore 0x0000000104a44cbb WebCore::DocumentLoader::commitLoad(char const*, int) + 139 (RefCounted.h:141) 7 com.apple.WebCore 0x0000000104a45310 WebCore::DocumentLoader::dataReceived(WebCore::CachedResource*, char const*, int) + 720 (DocumentLoader.cpp:864)
Note You need to log in before you can comment on or make changes to this bug.