Bug 119073 - Segfault in WebCore::FrameLoader::dispatchDidCommitLoad
Summary: Segfault in WebCore::FrameLoader::dispatchDidCommitLoad
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-07-24 22:15 PDT by Ben Boeckel
Modified: 2014-03-03 11:28 PST (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Ben Boeckel 2013-07-24 22:15:07 PDT
Okay, so I'm seeing this backtrace way too often. It usually occurs when causing navigation events (clicking on slideshare's "expand" button, clicking links on pretty much any of the "new" Google sites (trends, plus, groups) which aren't just JS rewrites of some content, and more). I don't know what it means when a page for a frame is NULL, so maybe the obvious "check page for NULL" isn't sufficient).

webkitgtk3-2.1.3-1.fc20.x86_64

(gdb) list
<snip>
3305	    if (m_frame->page()->mainFrame() == m_frame)
3306	        m_frame->page()->featureObserver()->didCommitLoad();
<snip>
(gdb) p m_frame->m_page
$3 = (WebCore::Page *) 0x0
(gdb) bt
#0  WebCore::FrameLoader::dispatchDidCommitLoad (this=0x7fff88188bf0) at Source/WebCore/loader/FrameLoader.cpp:3305
#1  0x00007ffff68ea770 in WebCore::FrameLoader::receivedFirstData (this=0x7fff88188bf0) at Source/WebCore/loader/FrameLoader.cpp:614
#2  0x00007ffff68d6208 in WebCore::DocumentLoader::commitData (this=this@entry=0x7fff88183000, 
    bytes=bytes@entry=0x7fff909dce00 "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"\n\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n\n<html xmlns=\"http://www.w3.org/1999/xhtml\" style=\"height:100%;\">\n  <head>\n    \n      <lin"..., length=length@entry=512)
    at Source/WebCore/loader/DocumentLoader.cpp:783
#3  0x00007ffff61efcf6 in WebKit::FrameLoaderClient::committedLoad (this=0x147d910, loader=0x7fff88183000, 
    data=0x7fff909dce00 "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"\n\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n\n<html xmlns=\"http://www.w3.org/1999/xhtml\" style=\"height:100%;\">\n  <head>\n    \n      <lin"..., length=512)
    at Source/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:165
#4  0x00007ffff68d67c7 in WebCore::DocumentLoader::commitLoad (this=0x7fff88183000, 
    data=0x7fff909dce00 "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"\n\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n\n<html xmlns=\"http://www.w3.org/1999/xhtml\" style=\"height:100%;\">\n  <head>\n    \n      <lin"..., length=512) at Source/WebCore/loader/DocumentLoader.cpp:740
#5  0x00007ffff68bace3 in WebCore::CachedRawResource::notifyClientsDataWasReceived (this=this@entry=0x7fff881af800, 
    data=data@entry=0x7fff909dce00 "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"\n\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n\n<html xmlns=\"http://www.w3.org/1999/xhtml\" style=\"height:100%;\">\n  <head>\n    \n      <lin"..., length=512)
    at Source/WebCore/loader/cache/CachedRawResource.cpp:110
#6  0x00007ffff68bae99 in WebCore::CachedRawResource::addDataBuffer (this=0x7fff881af800, data=0x7fff8a7e5618)
    at Source/WebCore/loader/cache/CachedRawResource.cpp:66
#7  0x00007ffff692a7e3 in WebCore::SubresourceLoader::didReceiveDataOrBuffer (this=0x7fff881af400, 
    data=0x14a9fb0 "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"\n\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n\n<html xmlns=\"http://www.w3.org/1999/xhtml\" style=\"height:100%;\">\n  <head>\n    \n      <lin"..., length=512, prpBuffer=..., encodedDataLength=<optimized out>, 
    dataPayloadType=<optimized out>) at Source/WebCore/loader/SubresourceLoader.cpp:250
#8  0x00007ffff692a93b in WebCore::SubresourceLoader::didReceiveData (this=<optimized out>, data=<optimized out>, length=<optimized out>, 
    encodedDataLength=<optimized out>, dataPayloadType=<optimized out>) at Source/WebCore/loader/SubresourceLoader.cpp:226
#9  0x00007ffff691fdcc in WebCore::ResourceLoader::didReceiveData (this=0x7fff881af400, 
    data=0x14a9fb0 "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"\n\"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\n\n<html xmlns=\"http://www.w3.org/1999/xhtml\" style=\"height:100%;\">\n  <head>\n    \n      <lin"..., length=512, encodedDataLength=512)
    at Source/WebCore/loader/ResourceLoader.cpp:475
#10 0x00007ffff703f9f2 in WebCore::readCallback (asyncResult=<optimized out>, data=0x7fff87fcf1f8)
    at Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1343
#11 0x00007ffff3891a16 in async_ready_callback_wrapper (source_object=0x109fe00, res=0x1275ba0, user_data=0x7fff87fcf1f8) at ginputstream.c:519
#12 0x00007ffff38b3bf5 in g_task_return_now (task=0x1275ba0) at gtask.c:1108
#13 0x00007ffff38b3c19 in complete_in_idle_cb (task=0x1275ba0) at gtask.c:1117
#14 0x00007ffff30f9f26 in g_main_dispatch (context=0x67a680) at gmain.c:3064
#15 g_main_context_dispatch (context=context@entry=0x67a680) at gmain.c:3640
#16 0x00007ffff30fa2a8 in g_main_context_iterate (context=0x67a680, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3711
#17 0x00007ffff30fa6ba in g_main_loop_run (loop=0xd5eb20) at gmain.c:3905
#18 0x00007ffff509a46d in gtk_main () at gtkmain.c:1157
#19 0x0000000000409ba7 in main (argc=5, argv=0x7fffffffcfc8) at src/uzbl-core.c:297
Comment 1 Ben Boeckel 2014-03-03 11:28:15 PST
I'm pretty sure this was uzbl's bug[1] (though it would still be nice to not crash if the API is used improperly and instead send out an error of some kind).

[1]https://github.com/uzbl/uzbl/commit/47ec23d0ea929af2f98e07658f2ea949548dcec7