WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED WORKSFORME
117025
ASSERTION FAILED: this in WebCore::Node::document()
https://bugs.webkit.org/show_bug.cgi?id=117025
Summary
ASSERTION FAILED: this in WebCore::Node::document()
Renata Hodovan
Reported
2013-05-30 04:40:39 PDT
The following test crashes in debug webkit: <html> <body> <applet code="lc3.class"> <embed type="video/webm"> <video width="28" controls="1"></video> </applet> </body> </html> Hint: don't try to run it with nouveau driver on the latest kernel (3.8.0.19) because it will kill your X (nvidia can handle it)!!! Program received signal SIGSEGV, Segmentation fault. 0x00007ffff56abebe in WTFCrash () at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WTF/wtf/Assertions.cpp:339 339 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff56abebe in WTFCrash () at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WTF/wtf/Assertions.cpp:339 #1 0x00007ffff3b40005 in WebCore::Node::document (this=0x0) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/dom/Node.h:422 #2 0x00007ffff3d3ebe6 in WebCore::RenderObject::document (this=0x9bb518) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/rendering/RenderObject.h:650 #3 0x00007ffff463f170 in WebCore::RenderObject::renderArena (this=0x9bb518) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/rendering/RenderObject.h:319 #4 0x00007ffff463f4a1 in WebCore::RenderWidget::ref (this=0x9bb518) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/rendering/RenderWidget.h:72 #5 0x00007ffff4648b3c in WebCore::FrameView::updateWidgets (this=0x76b0b0) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/page/FrameView.cpp:2671 #6 0x00007ffff4648fa6 in WebCore::FrameView::performPostLayoutTasks (this=0x76b0b0) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/page/FrameView.cpp:2752 #7 0x00007ffff4644018 in WebCore::FrameView::layout (this=0x76b0b0, allowSubtree=true) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/page/FrameView.cpp:1379 #8 0x00007ffff4186316 in WebCore::Document::updateLayout (this=0x7fcb10) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/dom/Document.cpp:1912 #9 0x00007ffff41863e7 in WebCore::Document::updateLayoutIgnorePendingStylesheets (this=0x7fcb10) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/dom/Document.cpp:1944 #10 0x00007ffff4368070 in WebCore::HTMLEmbedElement::renderWidgetForJSBindings (this=0x84e440) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/html/HTMLEmbedElement.cpp:73 #11 0x00007ffff43930ca in WebCore::HTMLPlugInElement::pluginWidget (this=0x84e440) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/html/HTMLPlugInElement.cpp:161 #12 0x00007ffff3f5d46a in WebCore::pluginScriptObjectFromPluginViewBase (pluginElement=0x84e440, globalObject=0x7fffe405f470) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/bindings/js/JSPluginElementFunctions.cpp:60 #13 0x00007ffff3f5d594 in WebCore::pluginScriptObject (exec=0x7fffe405f678, jsHTMLElement=0x7fff9c08fe90) ---Type <return> to continue, or q <return> to quit--- at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/bindings/js/JSPluginElementFunctions.cpp:90 #14 0x00007ffff3f5d6ad in WebCore::runtimeObjectCustomGetOwnPropertySlot (exec=0x7fffe405f678, propertyName=..., slot=..., element=0x7fff9c08fe90) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/bindings/js/JSPluginElementFunctions.cpp:115 #15 0x00007ffff3f499ed in WebCore::pluginElementCustomGetOwnPropertySlot<WebCore::JSHTMLEmbedElement, WebCore::JSHTMLElement> (exec=0x7fffe405f678, propertyName=..., slot=..., element=0x7fff9c08fe90) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/bindings/js/JSPluginElementFunctions.h:58 #16 0x00007ffff3f49864 in WebCore::JSHTMLEmbedElement::getOwnPropertySlotDelegate (this=0x7fff9c08fe90, exec=0x7fffe405f678, propertyName=..., slot=...) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/bindings/js/JSHTMLEmbedElementCustom.cpp:38 #17 0x00007ffff4fadd68 in WebCore::JSHTMLEmbedElement::getOwnPropertySlot (cell=0x7fff9c08fe90, exec=0x7fffe405f678, propertyName=..., slot=...) at generated/JSHTMLEmbedElement.cpp:138 #18 0x00007ffff3d809ab in JSC::JSCell::fastGetOwnPropertySlot (this=0x7fff9c08fe90, exec=0x7fffe405f678, propertyName=..., slot=...) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/JavaScriptCore/runtime/JSCellInlines.h:169 #19 0x00007ffff3d80766 in JSC::JSObject::getPropertySlot (this=0x7fff9c08fe90, exec=0x7fffe405f678, propertyName=..., slot=...) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/JavaScriptCore/runtime/JSObject.h:1186 #20 0x00007ffff3d80890 in JSC::JSObject::get (this=0x7fff9c08fe90, exec=0x7fffe405f678, propertyName=...) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/JavaScriptCore/runtime/JSObject.h:1211 #21 0x00007ffff3fa0056 in _NPN_GetProperty (o=0x9f15f0, propertyName=0x9d6d90, variant=0x7fffffffc6d0) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/bridge/NP_jsobject.cpp:295 #22 0x00007fff9638ebd0 in totemPlugin::Init(char*, unsigned short, short, char**, char**, _NPSavedData*) () from /usr/lib/mozilla/plugins/libtotem-cone-plugin.so #23 0x00007fff9638c0f7 in ?? () from /usr/lib/mozilla/plugins/libtotem-cone-plugin.so #24 0x00007ffff478ad09 in WebCore::PluginView::start (this=0x7fd730) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/plugins/PluginView.cpp:251 #25 0x00007ffff478ab21 in WebCore::PluginView::startOrAddToUnstartedList (this=0x7fd730) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/plugins/PluginView.cpp:231 #26 0x00007ffff478aa28 in WebCore::PluginView::init (this=0x7fd730) ---Type <return> to continue, or q <return> to quit--- at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/plugins/PluginView.cpp:209 #27 0x00007ffff4a7a43a in WebCore::PluginView::setParent (this=0x7fd730, parent=0x76b0b0) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/plugins/qt/PluginViewQt.cpp:499 #28 0x00007ffff47555ab in WebCore::ScrollView::addChild (this=0x76b0b0, prpChild=...) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/platform/ScrollView.cpp:72 #29 0x00007ffff49a2c15 in WebCore::moveWidgetToParentSoon (child=0x7fd730, parent=0x76b0b0) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/rendering/RenderWidget.cpp:81 #30 0x00007ffff49a3693 in WebCore::RenderWidget::setWidget (this=0x9bb518, widget=...) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/rendering/RenderWidget.cpp:213 #31 0x00007ffff4943acc in WebCore::RenderPart::setWidget (this=0x9bb518, widget=...) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/rendering/RenderPart.cpp:57 #32 0x00007ffff45b3607 in WebCore::SubframeLoader::loadPlugin (this=0x76a970, pluginElement=0x84e440, url=..., mimeType=..., paramNames=..., paramValues=..., useFallback=false) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/loader/SubframeLoader.cpp:465 #33 0x00007ffff45b1e7b in WebCore::SubframeLoader::requestPlugin (this=0x76a970, ownerElement=0x84e440, url=..., mimeType=..., paramNames=..., paramValues=..., useFallback=false) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/loader/SubframeLoader.cpp:160 #34 0x00007ffff45b24f6 in WebCore::SubframeLoader::requestObject (this=0x76a970, ownerElement=0x84e440, url=..., frameName=..., mimeType=..., paramNames=..., paramValues=...) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/loader/SubframeLoader.cpp:235 #35 0x00007ffff4368782 in WebCore::HTMLEmbedElement::updateWidget (this=0x84e440, pluginCreationOption=WebCore::CreateAnyWidgetType) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/html/HTMLEmbedElement.cpp:173 #36 0x00007ffff464895e in WebCore::FrameView::updateWidget (this=0x76b0b0, object=0x9bb518) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/page/FrameView.cpp:2637 #37 0x00007ffff4648bb5 in WebCore::FrameView::updateWidgets (this=0x76b0b0) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/page/FrameView.cpp:2677 #38 0x00007ffff4648fa6 in WebCore::FrameView::performPostLayoutTasks (this=0x76b0b0) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/page/FrameView.cpp:2752 #39 0x00007ffff4649570 in WebCore::FrameView::postLayoutTimerFired (this=0x76b0b0) ---Type <return> to continue, or q <return> to quit--- at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/page/FrameView.cpp:2831 #40 0x00007ffff4654068 in WebCore::Timer<WebCore::FrameView>::fired (this=0x76b258) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/platform/Timer.h:113 #41 0x00007ffff4774767 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x6c3440) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/platform/ThreadTimers.cpp:129 #42 0x00007ffff477467b in WebCore::ThreadTimers::sharedTimerFired () at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/platform/ThreadTimers.cpp:105 #43 0x00007ffff4a63ffc in WebCore::SharedTimerQt::timerEvent (this=0x6c3470, ev=0x7fffffffd790) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Source/WebCore/platform/qt/SharedTimerQt.cpp:113 #44 0x00007ffff20ec459 in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #45 0x00007ffff2f421f4 in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5 #46 0x00007ffff2f455d1 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Widgets.so.5 #47 0x00007ffff20c5a24 in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #48 0x00007ffff210c6bc in QTimerInfoList::activateTimers() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #49 0x00007ffff210cf4d in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #50 0x00007fffeee34d53 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #51 0x00007fffeee350a0 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #52 0x00007fffeee35164 in g_main_context_iteration () from /lib/x86_64-linux-gnu/libglib-2.0.so.0 #53 0x00007ffff210d634 in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #54 0x00007ffff20c48fb in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #55 0x00007ffff20c7e9e in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.1/lib/libQt5Core.so.5 #56 0x0000000000421e4c in launcherMain (app=...) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Tools/QtTestBrowser/qttestbrowser.cpp:49 #57 0x0000000000423b93 in main (argc=2, argv=0x7fffffffdd98) at /media/1582f533-8346-4e9f-9cab-f0916240c446/REPOS/webkit/Tools/QtTestBrowser/qttestbrowser.cpp:318
Attachments
Test case
(138 bytes, text/html)
2013-05-30 04:41 PDT
,
Renata Hodovan
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Renata Hodovan
Comment 1
2013-05-30 04:41:41 PDT
Created
attachment 203343
[details]
Test case
Rob Buis
Comment 2
2013-08-15 09:42:33 PDT
Can't reproduce in trunk.
Renata Hodovan
Comment 3
2014-09-08 02:44:00 PDT
I cannot reproduce this issue anymore.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug