126998 – ASSERTION FAILED: e in WebCore::Element::isFocusable

Bug 126998 - ASSERTION FAILED: e in WebCore::Element::isFocusable

Summary: ASSERTION FAILED: e in WebCore::Element::isFocusable

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	DOM (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Linux

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:	116980
	Show dependency tree / graph

Reported:	2014-01-14 11:16 PST by Renata Hodovan
Modified:	2016-08-03 13:34 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Test case (92 bytes, text/html) 2014-01-14 11:16 PST, Renata Hodovan	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Renata Hodovan 2014-01-14 11:16:50 PST

Created attachment 221182 [details]
Test case

The following test causes the assertion:

<b>
	<canvas>
		<header>
			<button autofocus></button>
			<object data="foo"></object>
</b>


Its backtrace:

ASSERTION FAILED: e
/home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Element.cpp(461) : virtual bool WebCore::Element::isFocusable() const
1   0x7ffff5c35e44 WTFCrash
2   0x7ffff0f66748 WebCore::Element::isFocusable() const
3   0x7ffff111ec81 WebCore::HTMLFormControlElement::isFocusable() const
4   0x7ffff0f6bc00 WebCore::Element::focus(bool, WebCore::FocusDirection)
5   0x7ffff111e83d
6   0x7ffff0ef56f5 WebCore::ContainerNode::dispatchPostAttachCallbacks()
7   0x7ffff0ef554f WebCore::ContainerNode::resumePostAttachCallbacks(WebCore::Document&)
8   0x7ffff0f2319f WebCore::PostAttachCallbackDisabler::~PostAttachCallbackDisabler()
9   0x7ffff0f125df WebCore::Document::recalcStyle(WebCore::Style::Change)
10  0x7ffff0f12814 WebCore::Document::updateStyleIfNeeded()
11  0x7ffff0f1bd5f WebCore::Document::finishedParsing()
12  0x7ffff121452f WebCore::HTMLConstructionSite::finishedParsing()
13  0x7ffff124d882 WebCore::HTMLTreeBuilder::finished()
14  0x7ffff121b836 WebCore::HTMLDocumentParser::end()
15  0x7ffff121b921 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd()
16  0x7ffff121a569 WebCore::HTMLDocumentParser::prepareToStopParsing()
17  0x7ffff121b966 WebCore::HTMLDocumentParser::attemptToEnd()
18  0x7ffff121ba1f WebCore::HTMLDocumentParser::finish()
19  0x7ffff1398122 WebCore::DocumentWriter::end()
20  0x7ffff138383e WebCore::DocumentLoader::finishedLoading(double)
21  0x7ffff13835ac WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*)
22  0x7ffff142849c WebCore::CachedResource::checkNotify()
23  0x7ffff142857e WebCore::CachedResource::finishLoading(WebCore::ResourceBuffer*)
24  0x7ffff1425092 WebCore::CachedRawResource::finishLoading(WebCore::ResourceBuffer*)
25  0x7ffff13e0f31 WebCore::SubresourceLoader::didFinishLoading(double)
26  0x7ffff13dd241 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double)
27  0x7ffff215e414
28  0x7fffe80e8bc9
29  0x7fffe810accb
30  0x7fffed805473 g_main_context_dispatch
31  0x7ffff758aaee

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5c35e49 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
333	    *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff5c35e49 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:333
#1  0x00007ffff0f66748 in WebCore::Element::isFocusable (this=0x88fdf0) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Element.cpp:461
#2  0x00007ffff111ec81 in WebCore::HTMLFormControlElement::isFocusable (this=0x88fdf0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/HTMLFormControlElement.cpp:317
#3  0x00007ffff0f6bc00 in WebCore::Element::focus (this=0x88fdf0, restorePreviousSelection=true, direction=WebCore::FocusDirectionNone)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Element.cpp:1947
#4  0x00007ffff111e83d in WebCore::focusPostAttach (element=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/HTMLFormControlElement.cpp:207
#5  0x00007ffff0ef56f5 in WebCore::ContainerNode::dispatchPostAttachCallbacks () at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/ContainerNode.cpp:813
#6  0x00007ffff0ef554f in WebCore::ContainerNode::resumePostAttachCallbacks (document=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/ContainerNode.cpp:780
#7  0x00007ffff0f2319f in WebCore::PostAttachCallbackDisabler::~PostAttachCallbackDisabler (this=0x7fffffffc250, __in_chrg=<optimized out>)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Element.h:825
#8  0x00007ffff0f125df in WebCore::Document::recalcStyle (this=0x11c8340, change=WebCore::Style::NoChange)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:1766
#9  0x00007ffff0f12814 in WebCore::Document::updateStyleIfNeeded (this=0x11c8340) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:1802
#10 0x00007ffff0f1bd5f in WebCore::Document::finishedParsing (this=0x11c8340) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Document.cpp:4447
#11 0x00007ffff121452f in WebCore::HTMLConstructionSite::finishedParsing (this=0x725208)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLConstructionSite.cpp:337
#12 0x00007ffff124d882 in WebCore::HTMLTreeBuilder::finished (this=0x7251f0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:3046
#13 0x00007ffff121b836 in WebCore::HTMLDocumentParser::end (this=0x109eda0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:749
#14 0x00007ffff121b921 in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x109eda0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:760
#15 0x00007ffff121a569 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x109eda0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:203
#16 0x00007ffff121b966 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x109eda0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:772
#17 0x00007ffff121ba1f in WebCore::HTMLDocumentParser::finish (this=0x109eda0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/html/parser/HTMLDocumentParser.cpp:821
#18 0x00007ffff1398122 in WebCore::DocumentWriter::end (this=0x1136590) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:252
#19 0x00007ffff138383e in WebCore::DocumentLoader::finishedLoading (this=0x11364f0, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:441
#20 0x00007ffff13835ac in WebCore::DocumentLoader::notifyFinished (this=0x11364f0, resource=0x114d450)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentLoader.cpp:375
#21 0x00007ffff142849c in WebCore::CachedResource::checkNotify (this=0x114d450)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:336
#22 0x00007ffff142857e in WebCore::CachedResource::finishLoading (this=0x114d450)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedResource.cpp:352
#23 0x00007ffff1425092 in WebCore::CachedRawResource::finishLoading (this=0x114d450, data=0x9093d0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/cache/CachedRawResource.cpp:94
#24 0x00007ffff13e0f31 in WebCore::SubresourceLoader::didFinishLoading (this=0x114d9b0, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/SubresourceLoader.cpp:309
#25 0x00007ffff13dd241 in WebCore::ResourceLoader::didFinishLoading (this=0x114d9b0, finishTime=0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/ResourceLoader.cpp:517
#26 0x00007ffff215e414 in WebCore::readCallback (asyncResult=0x11511c0, data=0x73f4e0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1336
#27 0x00007fffe80e8bc9 in async_ready_callback_wrapper (source_object=0x877c00, res=0x11511c0, user_data=0x73f4e0) at ginputstream.c:530
#28 0x00007fffe810accb in g_task_return_now (task=0x11511c0) at gtask.c:1105
#29 complete_in_idle_cb (task=<optimized out>) at gtask.c:1114
#30 0x00007fffed805473 in g_main_dispatch (context=0x1151800) at gmain.c:3054
#31 g_main_context_dispatch (context=0x1151800) at gmain.c:3630
#32 0x00007ffff758aaee in _ecore_glib_select__locked (ecore_timeout=0x1151800, efds=<optimized out>, wfds=<optimized out>, rfds=<optimized out>, ecore_fds=1, 
    ctx=<optimized out>) at ecore_glib.c:171
---Type <return> to continue, or q <return> to quit---
#33 _ecore_glib_select (ecore_fds=1, rfds=<optimized out>, wfds=<optimized out>, efds=<optimized out>, ecore_timeout=0x1151800) at ecore_glib.c:205
#34 0x00007ffff7584cb9 in _ecore_main_select (timeout=<optimized out>) at ecore_main.c:1466
#35 0x00007ffff7585789 in _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1860
#36 0x00007ffff7585b47 in ecore_main_loop_begin () at ecore_main.c:956
#37 0x0000000000406d21 in main (argc=2, argv=0x7fffffffdd58) at /home/reni/Data/REPOS/webkit_sec/Tools/EWebLauncher/main.c:1032

Comment 1 Brent Fulgham 2016-08-03 13:34:27 PDT

This issue no longer occurs under GuardMalloc or ASAN as of r204037. If you believe there is still a bug, please reopen this issue with a revised test case.