135284 – ASSERTION FAILED: lineageOfType<HTMLCanvasElement>(*this).first() in WebCore::Element::isFocusable

RESOLVED WORKSFORME 135284

ASSERTION FAILED: lineageOfType<HTMLCanvasElement>(*this).first() in WebCore::Element::isFocusable

https://bugs.webkit.org/show_bug.cgi?id=135284

Summary ASSERTION FAILED: lineageOfType<HTMLCanvasElement>(*this).first() in WebCore:...

Renata Hodovan

Reported 2014-07-25 00:49:12 PDT

Created attachment 235506 [details] Test case Test case to reproduce the issue: <s> <canvas> <h3> <svg> <animatemotion onload=""/> <var/> <keygen autofocus/> </s> Backtrace: ASSERTION FAILED: lineageOfType<HTMLCanvasElement>(*this).first() ../../Source/WebCore/dom/Element.cpp(440) : virtual bool WebCore::Element::isFocusable() const 1 0x7ffff3025dd3 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(WTFCrash+0x1e) [0x7ffff3025dd3] 2 0x7ffff35a023a /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZNK7WebCore7Element11isFocusableEv+0xb2) [0x7ffff35a023a] 3 0x7ffff3754fd2 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZNK7WebCore22HTMLFormControlElement11isFocusableEv+0x98) [0x7ffff3754fd2] 4 0x7ffff35a5a13 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore7Element5focusEbNS_14FocusDirectionE+0x9b) [0x7ffff35a5a13] 5 0x7ffff3754a18 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(+0x47cda18) [0x7ffff3754a18] 6 0x7ffff3755ae4 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(+0x47ceae4) [0x7ffff3755ae4] 7 0x7ffff2c0b22a /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZNKSt8functionIFvvEEclEv+0x32) [0x7ffff2c0b22a] 8 0x7ffff4025b3f /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore5Style30PostResolutionCallbackDisablerD1Ev+0x45) [0x7ffff4025b3f] 9 0x7ffff3548421 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore8Document11recalcStyleENS_5Style6ChangeE+0x243) [0x7ffff3548421] 10 0x7ffff3548657 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore8Document19updateStyleIfNeededEv+0x17f) [0x7ffff3548657] 11 0x7ffff3551ff5 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore8Document15finishedParsingEv+0x1b3) [0x7ffff3551ff5] 12 0x7ffff3845215 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore20HTMLConstructionSite15finishedParsingEv+0x1b) [0x7ffff3845215] 13 0x7ffff387f8ad /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore15HTMLTreeBuilder8finishedEv+0xa1) [0x7ffff387f8ad] 14 0x7ffff384cdb0 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore18HTMLDocumentParser3endEv+0x8e) [0x7ffff384cdb0] 15 0x7ffff384ce9b /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore18HTMLDocumentParser33attemptToRunDeferredScriptsAndEndEv+0xe9) [0x7ffff384ce9b] 16 0x7ffff384ba09 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore18HTMLDocumentParser20prepareToStopParsingEv+0xf7) [0x7ffff384ba09] 17 0x7ffff384cede /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore18HTMLDocumentParser12attemptToEndEv+0x40) [0x7ffff384cede] 18 0x7ffff384cf95 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore18HTMLDocumentParser6finishEv+0x3f) [0x7ffff384cf95] 19 0x7ffff399c935 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore14DocumentWriter3endEv+0x119) [0x7ffff399c935] 20 0x7ffff398998b /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore14DocumentLoader15finishedLoadingEd+0x209) [0x7ffff398998b] 21 0x7ffff39896f4 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore14DocumentLoader14notifyFinishedEPNS_14CachedResourceE+0x10e) [0x7ffff39896f4] 22 0x7ffff3a2ff8d /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore14CachedResource11checkNotifyEv+0x93) [0x7ffff3a2ff8d] 23 0x7ffff3a30074 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore14CachedResource13finishLoadingEPNS_14ResourceBufferE+0x3a) [0x7ffff3a30074] 24 0x7ffff3a2d02e /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore17CachedRawResource13finishLoadingEPNS_14ResourceBufferE+0xca) [0x7ffff3a2d02e] 25 0x7ffff39e3cc4 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore17SubresourceLoader16didFinishLoadingEd+0x1de) [0x7ffff39e3cc4] 26 0x7ffff39e01b1 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore14ResourceLoader16didFinishLoadingEPNS_14ResourceHandleEd+0x3b) [0x7ffff39e01b1] 27 0x7ffff42a1205 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(+0x531a205) [0x7ffff42a1205] 28 0x7fffec2862ea /home/reni/data/REPOS/webkit_sec/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0(+0x5a2ea) [0x7fffec2862ea] 29 0x7fffec2a5ceb /home/reni/data/REPOS/webkit_sec/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0(+0x79ceb) [0x7fffec2a5ceb] 30 0x7fffec2a5d09 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0(+0x79d09) [0x7fffec2a5d09] 31 0x7fffeb4fc2e6 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x146) [0x7fffeb4fc2e6] Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff97334700 (LWP 17423)] 0x00007ffff3025dd8 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:329 329 *(int *)(uintptr_t)0xbbadbeef = 0; (gdb) bt #0 0x00007ffff3025dd8 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:329 #1 0x00007ffff35a023a in WebCore::Element::isFocusable (this=0x8e89e0) at ../../Source/WebCore/dom/Element.cpp:440 #2 0x00007ffff3754fd2 in WebCore::HTMLFormControlElement::isFocusable (this=0x8e89e0) at ../../Source/WebCore/html/HTMLFormControlElement.cpp:314 #3 0x00007ffff35a5a13 in WebCore::Element::focus (this=0x8e89e0, restorePreviousSelection=true, direction=WebCore::FocusDirectionNone) at ../../Source/WebCore/dom/Element.cpp:1925 #4 0x00007ffff3754a18 in WebCore::HTMLFormControlElement::__lambda2::operator() (__closure=0x669260) at ../../Source/WebCore/html/HTMLFormControlElement.cpp:224 #5 0x00007ffff3755ae4 in std::_Function_handler<void(), WebCore::HTMLFormControlElement::didAttachRenderers()::__lambda2>::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/4.8/functional:2071 #6 0x00007ffff2c0b22a in std::function<void ()>::operator()() const (this=0x87e840) at /usr/include/c++/4.8/functional:2464 #7 0x00007ffff4025b3f in WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler (this=0x7fffffffd2a6, __in_chrg=<optimized out>) at ../../Source/WebCore/style/StyleResolveTree.cpp:1017 #8 0x00007ffff3548421 in WebCore::Document::recalcStyle (this=0x981e00, change=WebCore::Style::NoChange) at ../../Source/WebCore/dom/Document.cpp:1761 #9 0x00007ffff3548657 in WebCore::Document::updateStyleIfNeeded (this=0x981e00) at ../../Source/WebCore/dom/Document.cpp:1794 #10 0x00007ffff3551ff5 in WebCore::Document::finishedParsing (this=0x981e00) at ../../Source/WebCore/dom/Document.cpp:4510 #11 0x00007ffff3845215 in WebCore::HTMLConstructionSite::finishedParsing (this=0x7d3a18) at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:395 #12 0x00007ffff387f8ad in WebCore::HTMLTreeBuilder::finished (this=0x7d3a00) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2997 #13 0x00007ffff384cdb0 in WebCore::HTMLDocumentParser::end (this=0xa19ac0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:451 #14 0x00007ffff384ce9b in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0xa19ac0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:462 #15 0x00007ffff384ba09 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0xa19ac0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:165 #16 0x00007ffff384cede in WebCore::HTMLDocumentParser::attemptToEnd (this=0xa19ac0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:474 #17 0x00007ffff384cf95 in WebCore::HTMLDocumentParser::finish (this=0xa19ac0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:502 #18 0x00007ffff399c935 in WebCore::DocumentWriter::end (this=0x934570) at ../../Source/WebCore/loader/DocumentWriter.cpp:250 #19 0x00007ffff398998b in WebCore::DocumentLoader::finishedLoading (this=0x9344d0, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:441 #20 0x00007ffff39896f4 in WebCore::DocumentLoader::notifyFinished (this=0x9344d0, resource=0x81a8e0) at ../../Source/WebCore/loader/DocumentLoader.cpp:375 #21 0x00007ffff3a2ff8d in WebCore::CachedResource::checkNotify (this=0x81a8e0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:334 #22 0x00007ffff3a30074 in WebCore::CachedResource::finishLoading (this=0x81a8e0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:350 #23 0x00007ffff3a2d02e in WebCore::CachedRawResource::finishLoading (this=0x81a8e0, data=0x774de0) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:98 #24 0x00007ffff39e3cc4 in WebCore::SubresourceLoader::didFinishLoading (this=0x81ae10, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:310 #25 0x00007ffff39e01b1 in WebCore::ResourceLoader::didFinishLoading (this=0x81ae10, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:517 #26 0x00007ffff42a1205 in WebCore::readCallback (asyncResult=0x8c69d0, data=0x81beb0) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1302 #27 0x00007fffec2862ea in async_ready_callback_wrapper (source_object=0x98cb30, res=0x8c69d0, user_data=0x81beb0) at ginputstream.c:519 #28 0x00007fffec2a5ceb in g_task_return_now (task=0x8c69d0) at gtask.c:1108 #29 0x00007fffec2a5d09 in complete_in_idle_cb (task=0x8c69d0) at gtask.c:1117 #30 0x00007fffeb4fc2e6 in g_main_dispatch (context=0x677bb0) at gmain.c:3065 #31 g_main_context_dispatch (context=context@entry=0x677bb0) at gmain.c:3641 #32 0x00007fffeb4fc638 in g_main_context_iterate (context=0x677bb0, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3712 #33 0x00007fffeb4fca3a in g_main_loop_run (loop=0x70c750) at gmain.c:3906 #34 0x00007ffff3077542 in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59 #35 0x00007ffff2fb063e in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffda38) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #36 0x00007ffff2fb04a3 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffda38) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:73 #37 0x000000000040085d in main (argc=2, argv=0x7fffffffda38) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:32

Attachments
Test case (118 bytes, text/html) 2014-07-25 00:49 PDT, Renata Hodovan	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2016-08-03 14:39:17 PDT

This issue no longer occurs under GuardMalloc or ASAN as of r204037. If you believe there is still a bug, please reopen this issue with a revised test case.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution WORKSFORME

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component DOM

Assignee

Nobody

Reported

2014-07-25 00:49 PDT

Modified

2016-08-03 14:39 PDT History

CC List

4 users Show

URL

Keywords

Depends on

Blocks

116980

Dependencies

tree graph