Created attachment 221182 [details] Test case The following test causes the assertion: <b> <canvas> <header> <button autofocus></button> <object data="foo"></object> </b> Its backtrace: ASSERTION FAILED: e /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Element.cpp(461) : virtual bool WebCore::Element::isFocusable() const 1 0x7ffff5c35e44 WTFCrash 2 0x7ffff0f66748 WebCore::Element::isFocusable() const 3 0x7ffff111ec81 WebCore::HTMLFormControlElement::isFocusable() const 4 0x7ffff0f6bc00 WebCore::Element::focus(bool, WebCore::FocusDirection) 5 0x7ffff111e83d 6 0x7ffff0ef56f5 WebCore::ContainerNode::dispatchPostAttachCallbacks() 7 0x7ffff0ef554f WebCore::ContainerNode::resumePostAttachCallbacks(WebCore::Document&) 8 0x7ffff0f2319f WebCore::PostAttachCallbackDisabler::~PostAttachCallbackDisabler() 9 0x7ffff0f125df WebCore::Document::recalcStyle(WebCore::Style::Change) 10 0x7ffff0f12814 WebCore::Document::updateStyleIfNeeded() 11 0x7ffff0f1bd5f WebCore::Document::finishedParsing() 12 0x7ffff121452f WebCore::HTMLConstructionSite::finishedParsing() 13 0x7ffff124d882 WebCore::HTMLTreeBuilder::finished() 14 0x7ffff121b836 WebCore::HTMLDocumentParser::end() 15 0x7ffff121b921 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() 16 0x7ffff121a569 WebCore::HTMLDocumentParser::prepareToStopParsing() 17 0x7ffff121b966 WebCore::HTMLDocumentParser::attemptToEnd() 18 0x7ffff121ba1f WebCore::HTMLDocumentParser::finish() 19 0x7ffff1398122 WebCore::DocumentWriter::end() 20 0x7ffff138383e WebCore::DocumentLoader::finishedLoading(double) 21 0x7ffff13835ac WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*) 22 0x7ffff142849c WebCore::CachedResource::checkNotify() 23 0x7ffff142857e WebCore::CachedResource::finishLoading(WebCore::ResourceBuffer*) 24 0x7ffff1425092 WebCore::CachedRawResource::finishLoading(WebCore::ResourceBuffer*) 25 0x7ffff13e0f31 WebCore::SubresourceLoader::didFinishLoading(double) 26 0x7ffff13dd241 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) 27 0x7ffff215e414 28 0x7fffe80e8bc9 29 0x7fffe810accb 30 0x7fffed805473 g_main_context_dispatch 31 0x7ffff758aaee Program received signal SIGSEGV, Segmentation fault. 0x00007ffff5c35e49 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333 333 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff5c35e49 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333 #1 0x00007ffff0f66748 in WebCore::Element::isFocusable (this=0x88fdf0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Element.cpp:461 #2 0x00007ffff111ec81 in WebCore::HTMLFormControlElement::isFocusable (this=0x88fdf0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/HTMLFormControlElement.cpp:317 #3 0x00007ffff0f6bc00 in WebCore::Element::focus (this=0x88fdf0, restorePreviousSelection=true, direction=WebCore::FocusDirectionNone) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Element.cpp:1947 #4 0x00007ffff111e83d in WebCore::focusPostAttach (element=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/HTMLFormControlElement.cpp:207 #5 0x00007ffff0ef56f5 in WebCore::ContainerNode::dispatchPostAttachCallbacks () at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/ContainerNode.cpp:813 #6 0x00007ffff0ef554f in WebCore::ContainerNode::resumePostAttachCallbacks (document=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/ContainerNode.cpp:780 #7 0x00007ffff0f2319f in WebCore::PostAttachCallbackDisabler::~PostAttachCallbackDisabler (this=0x7fffffffc250, __in_chrg=<optimized out>) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Element.h:825 #8 0x00007ffff0f125df in WebCore::Document::recalcStyle (this=0x11c8340, change=WebCore::Style::NoChange) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:1766 #9 0x00007ffff0f12814 in WebCore::Document::updateStyleIfNeeded (this=0x11c8340) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:1802 #10 0x00007ffff0f1bd5f in WebCore::Document::finishedParsing (this=0x11c8340) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4447 #11 0x00007ffff121452f in WebCore::HTMLConstructionSite::finishedParsing (this=0x725208) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:337 #12 0x00007ffff124d882 in WebCore::HTMLTreeBuilder::finished (this=0x7251f0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:3046 #13 0x00007ffff121b836 in WebCore::HTMLDocumentParser::end (this=0x109eda0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:749 #14 0x00007ffff121b921 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x109eda0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:760 #15 0x00007ffff121a569 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x109eda0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:203 #16 0x00007ffff121b966 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x109eda0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:772 #17 0x00007ffff121ba1f in WebCore::HTMLDocumentParser::finish (this=0x109eda0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:821 #18 0x00007ffff1398122 in WebCore::DocumentWriter::end (this=0x1136590) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:252 #19 0x00007ffff138383e in WebCore::DocumentLoader::finishedLoading (this=0x11364f0, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:441 #20 0x00007ffff13835ac in WebCore::DocumentLoader::notifyFinished (this=0x11364f0, resource=0x114d450) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:375 #21 0x00007ffff142849c in WebCore::CachedResource::checkNotify (this=0x114d450) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:336 #22 0x00007ffff142857e in WebCore::CachedResource::finishLoading (this=0x114d450) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:352 #23 0x00007ffff1425092 in WebCore::CachedRawResource::finishLoading (this=0x114d450, data=0x9093d0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94 #24 0x00007ffff13e0f31 in WebCore::SubresourceLoader::didFinishLoading (this=0x114d9b0, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:309 #25 0x00007ffff13dd241 in WebCore::ResourceLoader::didFinishLoading (this=0x114d9b0, finishTime=0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:517 #26 0x00007ffff215e414 in WebCore::readCallback (asyncResult=0x11511c0, data=0x73f4e0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1336 #27 0x00007fffe80e8bc9 in async_ready_callback_wrapper (source_object=0x877c00, res=0x11511c0, user_data=0x73f4e0) at ginputstream.c:530 #28 0x00007fffe810accb in g_task_return_now (task=0x11511c0) at gtask.c:1105 #29 complete_in_idle_cb (task=<optimized out>) at gtask.c:1114 #30 0x00007fffed805473 in g_main_dispatch (context=0x1151800) at gmain.c:3054 #31 g_main_context_dispatch (context=0x1151800) at gmain.c:3630 #32 0x00007ffff758aaee in _ecore_glib_select__locked (ecore_timeout=0x1151800, efds=<optimized out>, wfds=<optimized out>, rfds=<optimized out>, ecore_fds=1, ctx=<optimized out>) at ecore_glib.c:171 ---Type <return> to continue, or q <return> to quit--- #33 _ecore_glib_select (ecore_fds=1, rfds=<optimized out>, wfds=<optimized out>, efds=<optimized out>, ecore_timeout=0x1151800) at ecore_glib.c:205 #34 0x00007ffff7584cb9 in _ecore_main_select (timeout=<optimized out>) at ecore_main.c:1466 #35 0x00007ffff7585789 in _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1860 #36 0x00007ffff7585b47 in ecore_main_loop_begin () at ecore_main.c:956 #37 0x0000000000406d21 in main (argc=2, argv=0x7fffffffdd58) at /home/reni/Data/REPOS/webkit_sec/Tools/EWebLauncher/main.c:1032