Bug 12904 - REGRESSION: Failed assertion when trying to start iExploder
Summary: REGRESSION: Failed assertion when trying to start iExploder
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 523.x (Safari 3)
Hardware: Mac OS X 10.4
: P1 Major
Assignee: Dave Hyatt
URL: http://toadstool.se/software/iexploder/
Keywords: Regression
Depends on:
Blocks:
 
Reported: 2007-02-26 22:54 PST by Adam Roben (:aroben)
Modified: 2007-02-27 12:03 PST (History)
2 users (show)

See Also:


Attachments
Band-aid fix (384 bytes, patch)
2007-02-27 03:32 PST, Dave Hyatt
mitz: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Roben (:aroben) 2007-02-26 22:54:11 PST
We are failing an assertion when starting iExploder.

Steps:
1. Go to http://toadstool.se/software/iexploder/
2. Click "Start test sequence from the beginning!"
3. ASSERT

Here's the backtrace:
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0xbbadbeef
0x0112e506 in WebCore::RenderBlock::layoutBlock (this=0x1722989c, relayoutChildren=false) at /Volumes/Data/Users/adamroben/dev/WebKit/OpenSource/WebCore/rendering/RenderBlock.cpp:455
455         ASSERT(minMaxKnown());
(gdb) bt
#0  0x0112e506 in WebCore::RenderBlock::layoutBlock (this=0x1722989c, relayoutChildren=false) at /Volumes/Data/Users/adamroben/dev/WebKit/OpenSource/WebCore/rendering/RenderBlock.cpp:455
#1  0x0111fc0c in WebCore::RenderBlock::layout (this=0x1722989c) at /Volumes/Data/Users/adamroben/dev/WebKit/OpenSource/WebCore/rendering/RenderBlock.cpp:440
#2  0x01139215 in WebCore::RenderView::layout (this=0x1722989c) at /Volumes/Data/Users/adamroben/dev/WebKit/OpenSource/WebCore/rendering/RenderView.cpp:105
#3  0x010bb849 in WebCore::FrameView::layout (this=0x172591a0, allowSubtree=true) at /Volumes/Data/Users/adamroben/dev/WebKit/OpenSource/WebCore/page/FrameView.cpp:425
#4  0x010c2e51 in WebCore::Document::implicitClose (this=0x218dc00) at /Volumes/Data/Users/adamroben/dev/WebKit/OpenSource/WebCore/dom/Document.cpp:1398
#5  0x013661d7 in WebCore::FrameLoader::checkEmitLoadEvent (this=0x2015800) at /Volumes/Data/Users/adamroben/dev/WebKit/OpenSource/WebCore/loader/FrameLoader.cpp:1092
#6  0x0136fa6f in WebCore::FrameLoader::checkCompleted (this=0x2015800) at /Volumes/Data/Users/adamroben/dev/WebKit/OpenSource/WebCore/loader/FrameLoader.cpp:1060
#7  0x013709d2 in WebCore::FrameLoader::finishedParsing (this=0x2015800) at /Volumes/Data/Users/adamroben/dev/WebKit/OpenSource/WebCore/loader/FrameLoader.cpp:1017
#8  0x010beabc in WebCore::Document::finishedParsing (this=0x218dc00) at /Volumes/Data/Users/adamroben/dev/WebKit/OpenSource/WebCore/dom/Document.cpp:3365
#9  0x01256f9c in WebCore::TextTokenizer::finish (this=0x1722af70) at /Volumes/Data/Users/adamroben/dev/WebKit/OpenSource/WebCore/loader/TextDocument.cpp:142
#10 0x010bd3c8 in WebCore::Document::finishParsing (this=0x218dc00) at /Volumes/Data/Users/adamroben/dev/WebKit/OpenSource/WebCore/dom/Document.cpp:1501
#11 0x0137207e in WebCore::FrameLoader::endIfNotLoading (this=0x2015800) at /Volumes/Data/Users/adamroben/dev/WebKit/OpenSource/WebCore/loader/FrameLoader.cpp:915
#12 0x013720bf in WebCore::FrameLoader::end (this=0x2015800) at /Volumes/Data/Users/adamroben/dev/WebKit/OpenSource/WebCore/loader/FrameLoader.cpp:899
#13 0x01374ef9 in WebCore::DocumentLoader::finishedLoading (this=0x2172200) at /Volumes/Data/Users/adamroben/dev/WebKit/OpenSource/WebCore/loader/DocumentLoader.cpp:304
#14 0x0136cd0c in WebCore::FrameLoader::finishedLoading (this=0x2015800) at /Volumes/Data/Users/adamroben/dev/WebKit/OpenSource/WebCore/loader/FrameLoader.cpp:2456
#15 0x01376bdd in WebCore::MainResourceLoader::didFinishLoading (this=0x2177a00) at /Volumes/Data/Users/adamroben/dev/WebKit/OpenSource/WebCore/loader/MainResourceLoader.cpp:302
#16 0x01378380 in WebCore::ResourceLoader::didFinishLoading (this=0x2177a00) at /Volumes/Data/Users/adamroben/dev/WebKit/OpenSource/WebCore/loader/ResourceLoader.cpp:323
#17 0x01357ef5 in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] (self=0x172587a0, _cmd=0x90a9d160, con=0x172587b0) at /Volumes/Data/Users/adamroben/dev/WebKit/OpenSource/WebCore/platform/network/mac/ResourceHandleMac.mm:369
#18 0x9265be00 in -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] ()
#19 0x92659ea5 in -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] ()
#20 0x92659b41 in _sendCallbacks ()
#21 0x90829379 in CFRunLoopRunSpecific ()
#22 0x90828eb5 in CFRunLoopRunInMode ()
#23 0x92dcdb90 in RunCurrentEventLoopInMode ()
#24 0x92dcd297 in ReceiveNextEventCommon ()
#25 0x92dcd0ee in BlockUntilNextEventMatchingListInMode ()
#26 0x9326f465 in _DPSNextEvent ()
#27 0x9326f056 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#28 0x00026641 in -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] (self=0x2921f70, _cmd=0x90ab4b5c, mask=4294967295, expiration=0x294ede0, mode=0xa080b448, dequeue=1 '\001') at /Volumes/Data/Users/adamroben/dev/WebKit/Internal/WebBrowser/BrowserApplication.m:161
#29 0x93268ddb in -[NSApplication run] ()
#30 0x9325cd2f in NSApplicationMain ()
#31 0x000bdb6b in main (argc=1, argv=0xbffff4ec) at /Volumes/Data/Users/adamroben/dev/WebKit/Internal/WebBrowser/main.m:26
Current language:  auto; currently c++
Comment 1 mitz 2007-02-27 00:38:08 PST
Reduction: open <data:text/plain,>.
Comment 2 Dave Hyatt 2007-02-27 03:30:44 PST
So I have a simple patch for this, but Mitz's reduction reveals what is IMHO a bug in the TextDocument/TextTokenizer code.  A plaintext document with no text should still make all of the scaffolding necessary to display text, i.e., a root element at the very least.  Right now there's a blank RenderView with no kids and so nobody ever dirties the RenderView for min max recalc.

A band-aid patch is to just throw setMinMaxKnown(false) into RenderView's constructor.  I also think text documents should not be allowed to be empty though.  Mitz, is an empty text document what is occurring on iExploder?
Comment 3 Dave Hyatt 2007-02-27 03:32:48 PST
Created attachment 13392 [details]
Band-aid fix
Comment 4 mitz 2007-02-27 04:27:04 PST
Comment on attachment 13392 [details]
Band-aid fix

(In reply to comment #2)
> Mitz, is an empty text document what is occurring on iExploder?

Yeah, it is currently returning a 500 error page with empty text content.

r=me
Comment 5 Dave Hyatt 2007-02-27 12:03:11 PST
Fixed