117408 – REGRESSION(r149007): Assertion failure m_logicalRightSelectionOffset == m_block->logicalRightSelectionOffset(rootBlock, position, *m_cache) in WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::logicalRightSelectionOffset

Bug 117408 - REGRESSION(r149007): Assertion failure m_logicalRightSelectionOffset == m_block->logicalRightSelectionOffset(rootBlock, position, *m_cache) in WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::logicalRightSelectionOffset

Summary: REGRESSION(r149007): Assertion failure m_logicalRightSelectionOffset == m_blo...

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:	113479
Blocks:	116980
	Show dependency tree / graph

Reported:	2013-06-10 07:45 PDT by Renata Hodovan
Modified:	2015-06-26 09:36 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Repro (245 bytes, text/html) 2014-09-08 04:21 PDT, Renata Hodovan	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Renata Hodovan 2013-06-10 07:45:00 PDT

The following malformed html test fails an assertion in debug build:

<html>
	<div>
		<body contenteditable="plaintext-only"></body>
		<div></div>
		<img alt="dummy">
	</div>
	<keygen style="float: right;"></keygen>
	<iframe onload="document.execCommand('SelectAll')"></iframe>
</html>


Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff574cc01 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:339
339	    *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff574cc01 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:339
#1  0x00007ffff4887e77 in WebCore::LogicalSelectionOffsetCaches::ContainingBlockInfo::logicalRightSelectionOffset (this=0x7fffffff91a0, rootBlock=0x791d48, 
    position=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/LogicalSelectionOffsetCaches.h:121
#2  0x00007ffff489ac89 in WebCore::RenderBlock::logicalRightSelectionOffset (this=0x8cdfd8, rootBlock=0x791d48, position=..., cache=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:3810
#3  0x00007ffff489a81d in WebCore::RenderBlock::logicalRightSelectionGap (this=0x8cdfd8, rootBlock=0x791d48, rootBlockPhysicalPosition=..., 
    offsetFromRootBlock=..., selObj=0x8cdfd8, logicalRight=..., logicalTop=..., logicalHeight=..., cache=..., paintInfo=0x0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:3761
#4  0x00007ffff4a51547 in WebCore::RootInlineBox::lineSelectionGap (this=0x8a6008, rootBlock=0x791d48, rootBlockPhysicalPosition=..., 
    offsetFromRootBlock=..., selTop=..., selHeight=..., cache=..., paintInfo=0x0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RootInlineBox.cpp:494
#5  0x00007ffff48997cd in WebCore::RenderBlock::inlineSelectionGaps (this=0x8cdfd8, rootBlock=0x791d48, rootBlockPhysicalPosition=..., 
    offsetFromRootBlock=..., lastLogicalTop=..., lastLogicalLeft=..., lastLogicalRight=..., cache=..., paintInfo=0x0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:3630
#6  0x00007ffff4898ffd in WebCore::RenderBlock::selectionGaps (this=0x8cdfd8, rootBlock=0x791d48, rootBlockPhysicalPosition=..., offsetFromRootBlock=..., 
    lastLogicalTop=..., lastLogicalLeft=..., lastLogicalRight=..., cache=..., paintInfo=0x0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:3581
#7  0x00007ffff489a095 in WebCore::RenderBlock::blockSelectionGaps (this=0x791f48, rootBlock=0x791d48, rootBlockPhysicalPosition=..., 
    offsetFromRootBlock=..., lastLogicalTop=..., lastLogicalLeft=..., lastLogicalRight=..., cache=..., paintInfo=0x0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:3711
#8  0x00007ffff489909f in WebCore::RenderBlock::selectionGaps (this=0x791f48, rootBlock=0x791d48, rootBlockPhysicalPosition=..., offsetFromRootBlock=..., 
    lastLogicalTop=..., lastLogicalLeft=..., lastLogicalRight=..., cache=..., paintInfo=0x0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:3583
#9  0x00007ffff489a095 in WebCore::RenderBlock::blockSelectionGaps (this=0x791d48, rootBlock=0x791d48, rootBlockPhysicalPosition=..., 
    offsetFromRootBlock=..., lastLogicalTop=..., lastLogicalLeft=..., lastLogicalRight=..., cache=..., paintInfo=0x0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:3711
#10 0x00007ffff489909f in WebCore::RenderBlock::selectionGaps (this=0x791d48, rootBlock=0x791d48, rootBlockPhysicalPosition=..., offsetFromRootBlock=..., 
    lastLogicalTop=..., lastLogicalLeft=..., lastLogicalRight=..., cache=..., paintInfo=0x0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:3583
#11 0x00007ffff4898218 in WebCore::RenderBlock::selectionGapRectsForRepaint (this=0x791d48, repaintContainer=0x0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderBlock.cpp:3474
#12 0x00007ffff4a3cde4 in WebCore::RenderBlockSelectionInfo::RenderBlockSelectionInfo (this=0x8fa6d0, b=0x791d48)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderSelectionInfo.h:86
#13 0x00007ffff4a407d5 in WebCore::RenderView::setSelection (this=0x786d78, start=0x8cdf18, startPos=0, end=0x8c8b38, endPos=1, 
    blockRepaintMode=WebCore::RenderView::RepaintNewXOROld) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/rendering/RenderView.cpp:784
#14 0x00007ffff4367c2d in WebCore::FrameSelection::updateAppearance (this=0x78aee0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/FrameSelection.cpp:1822
#15 0x00007ffff4360f82 in WebCore::FrameSelection::setSelection (this=0x78aee0, newSelection=..., options=6, 
    align=WebCore::FrameSelection::AlignCursorOnScrollIfNeeded, granularity=WebCore::CharacterGranularity)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/FrameSelection.cpp:322
#16 0x00007ffff436709d in WebCore::FrameSelection::selectAll (this=0x78aee0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/FrameSelection.cpp:1670
#17 0x00007ffff435ac56 in WebCore::executeSelectAll (frame=0x788b60) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/EditorCommand.cpp:1008
#18 0x00007ffff435c654 in WebCore::Editor::Command::execute (this=0x7fffffff9e40, parameter=..., triggeringEvent=0x0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/editing/EditorCommand.cpp:1706
#19 0x00007ffff422d97c in WebCore::Document::execCommand (this=0x8b0a40, commandName=..., userInterface=false, value=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4186
#20 0x00007ffff4f1e2b6 in WebCore::jsDocumentPrototypeFunctionExecCommand (exec=0x7fffe415f0a8) at generated/JSDocument.cpp:2738
#21 0x00007fff9ffff0e5 in ?? ()
#22 0x00007fffffff9fe0 in ?? ()
#23 0x00007ffff55fd988 in llint_op_call () from /home/reni/Data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libQt5WebKit.so.5
#24 0x00007fffe415f060 in ?? ()
---Type <return> to continue, or q <return> to quit---
#25 0x0000000000748040 in ?? ()
#26 0x00007fffffff9fa0 in ?? ()
#27 0x00007ffff55a7169 in JSC::JSStack::installTrapsAfterFrame (this=0x0, frame=0x0)
    at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/interpreter/JSStackInlines.h:212
#28 0x00007ffff55a60c8 in JSC::JITCode::execute (this=0x7fff7c54fe90, stack=0x748040, callFrame=0x7fffe415f060, vm=0x7d2b00)
    at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/jit/JITCode.h:135
#29 0x00007ffff55a3d95 in JSC::Interpreter::executeCall (this=0x748030, callFrame=0x7fff9c10f678, function=0x7fff9c06f2b0, callType=JSC::CallTypeJS, 
    callData=..., thisValue=..., args=...) at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/interpreter/Interpreter.cpp:1052
#30 0x00007ffff5679f9f in JSC::call (exec=0x7fff9c10f678, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/runtime/CallData.cpp:40
#31 0x00007ffff3fb27f5 in WebCore::JSMainThreadExecState::call (exec=0x7fff9c10f678, functionObject=..., callType=JSC::CallTypeJS, callData=..., 
    thisValue=..., args=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/bindings/js/JSMainThreadExecState.h:56
#32 0x00007ffff3fe119f in WebCore::JSEventListener::handleEvent (this=0x8c36a0, scriptExecutionContext=0x8b0af0, event=0x8dcad0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/bindings/js/JSEventListener.cpp:130
#33 0x00007ffff42994b4 in WebCore::EventTarget::fireEventListeners (this=0x8cd060, event=0x8dcad0, d=0x8c3740, entry=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/EventTarget.cpp:248
#34 0x00007ffff4299121 in WebCore::EventTarget::fireEventListeners (this=0x8cd060, event=0x8dcad0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/EventTarget.cpp:190
#35 0x00007ffff42c4593 in WebCore::Node::handleLocalEvents (this=0x8cd060, event=0x8dcad0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Node.cpp:2210
#36 0x00007ffff428bd8a in WebCore::EventContext::handleLocalEvents (this=0x8e3e30, event=0x8dcad0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/EventContext.cpp:58
#37 0x00007ffff428db4b in WebCore::EventDispatcher::dispatchEventAtTarget (this=0x7fffffffa640)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/EventDispatcher.cpp:162
#38 0x00007ffff428d808 in WebCore::EventDispatcher::dispatch (this=0x7fffffffa640)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/EventDispatcher.cpp:119
#39 0x00007ffff428c705 in WebCore::EventDispatchMediator::dispatchEvent (this=0x8dc8b0, dispatcher=0x7fffffffa640)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/EventDispatchMediator.cpp:54
#40 0x00007ffff428cdb5 in WebCore::EventDispatcher::dispatchEvent (node=0x8cd060, mediator=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/EventDispatcher.cpp:53
#41 0x00007ffff42c47a8 in WebCore::Node::dispatchEvent (this=0x8cd060, event=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Node.cpp:2231
#42 0x00007ffff46a7483 in WebCore::DOMWindow::dispatchLoadEvent (this=0x8e3bc0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/page/DOMWindow.cpp:1698
#43 0x00007ffff422be68 in WebCore::Document::dispatchWindowLoadEvent (this=0x8e2fa0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:3653
#44 0x00007ffff4227611 in WebCore::Document::implicitClose (this=0x8e2fa0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:2438
#45 0x00007ffff461e87b in WebCore::FrameLoader::checkCallImplicitClose (this=0x8da5d8)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:842
#46 0x00007ffff461e5ec in WebCore::FrameLoader::checkCompleted (this=0x8da5d8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:785
#47 0x00007ffff461e321 in WebCore::FrameLoader::finishedParsing (this=0x8da5d8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:718
#48 0x00007ffff422e68b in WebCore::Document::finishedParsing (this=0x8e2fa0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4432
#49 0x00007ffff447c859 in WebCore::HTMLConstructionSite::finishedParsing (this=0x8dd4d8)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:344
#50 0x00007ffff44ae167 in WebCore::HTMLTreeBuilder::finished (this=0x8dd4c0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2923
#51 0x00007ffff4483dd2 in WebCore::HTMLDocumentParser::end (this=0x8e0b90)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:756
#52 0x00007ffff4483ebd in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x8e0b90)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:767
#53 0x00007ffff4482af8 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x8e0b90)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:211
#54 0x00007ffff4483f02 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x8e0b90)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:779
#55 0x00007ffff4483fbb in WebCore::HTMLDocumentParser::finish (this=0x8e0b90)
---Type <return> to continue, or q <return> to quit---
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:828
#56 0x00007ffff4616285 in WebCore::DocumentWriter::end (this=0x8ddad0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:248
#57 0x00007ffff4608e5a in WebCore::DocumentLoader::finishedLoading (this=0x8dda30, finishTime=23504.344386187)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:402
#58 0x00007ffff460ca0c in WebCore::DocumentLoader::maybeLoadEmpty (this=0x8dda30)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:1329
#59 0x00007ffff460cb2b in WebCore::DocumentLoader::startLoadingMainResource (this=0x8dda30)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:1341
#60 0x00007ffff4624c7a in WebCore::FrameLoader::continueLoadAfterWillSubmitForm (this=0x8da5d8)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:2234
#61 0x00007ffff462761e in WebCore::FrameLoader::continueLoadAfterNavigationPolicy (this=0x8da5d8, formState=..., shouldContinue=true)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:2842
#62 0x00007ffff4626dbb in WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy (argument=0x8da5d8, request=..., formState=..., shouldContinue=true)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:2711
#63 0x00007ffff464004f in WebCore::PolicyCallback::call (this=0x7fffffffb2a0, shouldContinue=true)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/PolicyCallback.cpp:103
#64 0x00007ffff4641118 in WebCore::PolicyChecker::continueAfterNavigationPolicy (this=0x8d3290, policy=WebCore::PolicyUse)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/PolicyChecker.cpp:180
#65 0x00007ffff3c1423c in WebCore::FrameLoaderClientQt::callPolicyFunction (this=0x8cf4a0, function=
    (void (WebCore::PolicyChecker::*)(WebCore::PolicyChecker * const, WebCore::PolicyAction)) 0x7ffff4640eae <WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction)>, action=WebCore::PolicyUse) at /home/reni/Data/REPOS/webkit_sec/Source/WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:246
#66 0x00007ffff3c1a524 in WebCore::FrameLoaderClientQt::dispatchDecidePolicyForNavigationAction (this=0x8cf4a0, function=
    (void (WebCore::PolicyChecker::*)(WebCore::PolicyChecker * const, WebCore::PolicyAction)) 0x7ffff4640eae <WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction)>, action=..., request=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:1283
#67 0x00007ffff46409f3 in WebCore::PolicyChecker::checkNavigationPolicy (this=0x8d3290, request=..., loader=0x8dda30, formState=..., 
    function=0x7ffff4626d6c <WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>, argument=0x8da5d8) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/PolicyChecker.cpp:99
#68 0x00007ffff46215f4 in WebCore::FrameLoader::loadWithDocumentLoader (this=0x8da5d8, loader=0x8dda30, 
    type=WebCore::FrameLoadTypeRedirectWithLockedBackForwardList, prpFormState=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:1411
#69 0x00007ffff4620e75 in WebCore::FrameLoader::loadWithNavigationAction (this=0x8da5d8, request=..., action=..., lockHistory=false, 
    type=WebCore::FrameLoadTypeRedirectWithLockedBackForwardList, formState=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:1315
#70 0x00007ffff4620443 in WebCore::FrameLoader::loadURL (this=0x8da5d8, newURL=..., referrer=..., frameName=..., lockHistory=false, 
    newLoadType=WebCore::FrameLoadTypeRedirectWithLockedBackForwardList, event=..., prpFormState=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:1250
#71 0x00007ffff461eae8 in WebCore::FrameLoader::loadURLIntoChildFrame (this=0x788be8, url=..., referer=..., childFrame=0x8da550)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:869
#72 0x00007ffff3c1a992 in WebCore::FrameLoaderClientQt::createFrame (this=0x753cf0, url=..., name=..., ownerElement=0x8cd060, referrer=..., 
    allowsScrolling=true, marginWidth=-1, marginHeight=-1) at /home/reni/Data/REPOS/webkit_sec/Source/WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:1328
#73 0x00007ffff4650bf5 in WebCore::SubframeLoader::loadSubframe (this=0x788c10, ownerElement=0x8cd060, url=..., name=..., referrer=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubframeLoader.cpp:368
#74 0x00007ffff46509b1 in WebCore::SubframeLoader::loadOrRedirectSubframe (this=0x788c10, ownerElement=0x8cd060, url=..., frameName=..., lockHistory=true, 
    lockBackForwardList=true) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubframeLoader.cpp:342
#75 0x00007ffff464f5ee in WebCore::SubframeLoader::requestFrame (this=0x788c10, ownerElement=0x8cd060, urlString=..., frameName=..., lockHistory=true, 
    lockBackForwardList=true) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubframeLoader.cpp:89
#76 0x00007ffff4413c3a in WebCore::HTMLFrameElementBase::openURL (this=0x8cd060, lockHistory=true, lockBackForwardList=true)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/HTMLFrameElementBase.cpp:88
#77 0x00007ffff4414134 in WebCore::HTMLFrameElementBase::setNameAndOpenURL (this=0x8cd060)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/HTMLFrameElementBase.cpp:141
#78 0x00007ffff44141ff in WebCore::HTMLFrameElementBase::didNotifySubtreeInsertions (this=0x8cd060)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/HTMLFrameElementBase.cpp:172
---Type <return> to continue, or q <return> to quit---
#79 0x00007ffff42108ce in WebCore::ChildNodeInsertionNotifier::notify (this=0x7fffffffc2e0, node=0x8cd060)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/ContainerNodeAlgorithms.h:231
#80 0x00007ffff42137b7 in WebCore::ContainerNode::parserAppendChild (this=0x78ac60, newChild=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/ContainerNode.cpp:713
#81 0x00007ffff447b44f in WebCore::executeTask (task=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:93
#82 0x00007ffff447b82f in WebCore::HTMLConstructionSite::executeQueuedTasks (this=0x786ba8)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:142
#83 0x00007ffff44a1e90 in WebCore::HTMLTreeBuilder::constructTree (this=0x786b90, token=0x7fffffffc420)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:379
#84 0x00007ffff44837c0 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken (this=0x7874e0, rawToken=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:594
#85 0x00007ffff4483457 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x7874e0, mode=WebCore::HTMLDocumentParser::AllowYield)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:551
#86 0x00007ffff4482c1f in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x7874e0, mode=WebCore::HTMLDocumentParser::AllowYield)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:235
#87 0x00007ffff4483cf2 in WebCore::HTMLDocumentParser::append (this=0x7874e0, inputSource=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:740
#88 0x00007ffff4219cc3 in WebCore::DecodedDataDocumentParser::flush (this=0x7874e0, writer=0x7e74c0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/DecodedDataDocumentParser.cpp:60
#89 0x00007ffff461624b in WebCore::DocumentWriter::end (this=0x7e74c0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:245
#90 0x00007ffff4608e5a in WebCore::DocumentLoader::finishedLoading (this=0x7e7420, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:402
#91 0x00007ffff4608bc8 in WebCore::DocumentLoader::notifyFinished (this=0x7e7420, resource=0x721640)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:344
#92 0x00007ffff45f00f8 in WebCore::CachedResource::checkNotify (this=0x721640)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:362
#93 0x00007ffff45f0152 in WebCore::CachedResource::data (this=0x721640, allDataReceived=true)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:371
#94 0x00007ffff45ec927 in WebCore::CachedRawResource::data (this=0x721640, data=..., allDataReceived=true)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:71
#95 0x00007ffff46526be in WebCore::SubresourceLoader::didFinishLoading (this=0x720db0, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:282
#96 0x00007ffff4649093 in WebCore::ResourceLoader::didFinishLoading (this=0x720db0, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:493
#97 0x00007ffff4ae67f2 in WebCore::QNetworkReplyHandler::finish (this=0x718d20)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:516
#98 0x00007ffff4ae5506 in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x718d58)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:250
#99 0x00007ffff4ae5256 in WebCore::QNetworkReplyHandlerCallQueue::unlock (this=0x718d58)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:230
#100 0x00007ffff4ae559f in WebCore::QueueLocker::~QueueLocker (this=0x7fffffffca10, __in_chrg=<optimized out>)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:258
#101 0x00007ffff4ae6094 in WebCore::QNetworkReplyWrapper::emitMetaDataChanged (this=0x818ca0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:395
#102 0x00007ffff4ae5e40 in WebCore::QNetworkReplyWrapper::receiveSniffedMIMEType (this=0x818ca0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:359
#103 0x00007ffff4ae8b0a in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x818ca0, _c=QMetaObject::InvokeMetaMethod, _id=3, _a=0x7fffffffcb90)
    at .moc/release-shared/moc_QNetworkReplyHandler.cpp:178
#104 0x00007ffff22795cb in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#105 0x00007ffff5316fc9 in QtMIMETypeSniffer::finished (this=0x88e160) at .moc/release-shared/moc_QtMIMETypeSniffer.cpp:131
#106 0x00007ffff4ae4596 in QtMIMETypeSniffer::trySniffing (this=0x88e160)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/qt/QtMIMETypeSniffer.cpp:65
---Type <return> to continue, or q <return> to quit---
#107 0x00007ffff5316e2c in QtMIMETypeSniffer::qt_static_metacall (_o=0x88e160, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffcd90)
    at .moc/release-shared/moc_QtMIMETypeSniffer.cpp:76
#108 0x00007ffff22795cb in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#109 0x00007ffff2cc5f81 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Network.so.5
#110 0x00007ffff2d3fa4d in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Network.so.5
#111 0x00007ffff227a84e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#112 0x00007ffff30c0dbc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#113 0x00007ffff30c4075 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#114 0x00007ffff2254dbe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#115 0x00007ffff2256a76 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#116 0x00007ffff229c333 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#117 0x00007fffee3eaf05 in g_main_dispatch (context=0x6632f0) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3054
#118 g_main_context_dispatch (context=context@entry=0x6632f0) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3630
#119 0x00007fffee3eb248 in g_main_context_iterate (context=context@entry=0x6632f0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>)
    at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3701
#120 0x00007fffee3eb304 in g_main_context_iteration (context=0x6632f0, may_block=1) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3762
#121 0x00007ffff229c4bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#122 0x00007ffff2253d3b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#123 0x00007ffff2257120 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#124 0x0000000000421ba0 in launcherMain (app=...) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:49
#125 0x0000000000423680 in main (argc=2, argv=0x7fffffffdba8) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:318

Comment 1 Radar WebKit Bug Importer 2013-06-20 21:53:14 PDT

<rdar://problem/14225685>

Comment 2 Renata Hodovan 2014-09-08 04:21:36 PDT

Created attachment 237778 [details]
Repro

Add the test case as attachment.

Comment 3 Renata Hodovan 2015-06-26 09:36:02 PDT

Cannot repro this anymore.