RESOLVED FIXED Bug 143519
ASSERTION FAILED: m_templateInsertionModes.isEmpty() in WebCore::HTMLTreeBuilder::finished
https://bugs.webkit.org/show_bug.cgi?id=143519
Summary ASSERTION FAILED: m_templateInsertionModes.isEmpty() in WebCore::HTMLTreeBuil...
Renata Hodovan
Reported 2015-04-08 05:26:52 PDT
Created attachment 250345 [details] Test case Load this test with debug WebKit: <!DOCTYPE html> <ins></ins> <template> <frameset></frameset> </template> Note: the issue is present, reported but isn't fixed yet in Blink either: http://crbug.com/475002 Backtrace: ASSERTION FAILED: m_templateInsertionModes.isEmpty() ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp(2937) : void WebCore::HTMLTreeBuilder::finished() Program received signal SIGSEGV, Segmentation fault. [Switching to Thread 0x7fff8f53b700 (LWP 11681)] 0x00007fffed3987a4 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 321 *(int *)(uintptr_t)0xbbadbeef = 0; #0 0x00007fffed3987a4 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321 #1 0x00007ffff30f2050 in WebCore::HTMLTreeBuilder::finished (this=0x7fffd57e7480) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2937 #2 0x00007ffff30bdfee in WebCore::HTMLDocumentParser::end (this=0x7fffd4017cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:402 #3 0x00007ffff30be0bc in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7fffd4017cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:411 #4 0x00007ffff30bcd6c in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7fffd4017cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:132 #5 0x00007ffff30be0f3 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7fffd4017cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:423 #6 0x00007ffff30be1a1 in WebCore::HTMLDocumentParser::finish (this=0x7fffd4017cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:451 #7 0x00007ffff3227b5b in WebCore::DocumentWriter::end (this=0x7fffd401aca0) at ../../Source/WebCore/loader/DocumentWriter.cpp:247 #8 0x00007ffff321320b in WebCore::DocumentLoader::finishedLoading (this=0x7fffd401ac00, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:429 #9 0x00007ffff3212f74 in WebCore::DocumentLoader::notifyFinished (this=0x7fffd401ac00, resource=0x7fffd403e000) at ../../Source/WebCore/loader/DocumentLoader.cpp:376 #10 0x00007ffff32c7348 in WebCore::CachedResource::checkNotify (this=0x7fffd403e000) at ../../Source/WebCore/loader/cache/CachedResource.cpp:291 #11 0x00007ffff32c7446 in WebCore::CachedResource::finishLoading (this=0x7fffd403e000) at ../../Source/WebCore/loader/cache/CachedResource.cpp:307 #12 0x00007ffff32c39c5 in WebCore::CachedRawResource::finishLoading (this=0x7fffd403e000, data=0x7fffd5fcf750) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:104 #13 0x00007ffff3276c45 in WebCore::SubresourceLoader::didFinishLoading (this=0x7fffd40b0000, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:371 #14 0x00007ffff3272597 in WebCore::ResourceLoader::didFinishLoading (this=0x7fffd40b0000, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:562 #15 0x00007ffff3c1cd7d in WebCore::readCallback (asyncResult=0x9371a0, data=0x7fffd5fc6da0) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1318 #16 0x00007fffeae7f7d6 in async_ready_callback_wrapper (source_object=0x82f670, res=0x9371a0, user_data=user_data@entry=0x7fffd5fc6da0) at ginputstream.c:523 #17 0x00007fffeaea50d5 in g_task_return_now (task=0x9371a0) at gtask.c:1077 #18 0x00007fffeaea50f9 in complete_in_idle_cb (task=0x9371a0) at gtask.c:1086 #19 0x00007fffea15da2d in g_main_dispatch (context=0x478c20) at gmain.c:3064 #20 g_main_context_dispatch (context=context@entry=0x478c20) at gmain.c:3663 #21 0x00007fffea15dd98 in g_main_context_iterate (context=0x478c20, block=block@entry=1, dispatch=dispatch@entry=1, self=<optimized out>) at gmain.c:3734 #22 0x00007fffea15e05a in g_main_loop_run (loop=0x4f8470) at gmain.c:3928 #23 0x00007ffff431a260 in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59 #24 0x00007ffff27f7192 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd8f8) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61 #25 0x00007ffff27f6ff7 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd8f8) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:77 #26 0x00000000004008d1 in main (argc=2, argv=0x7fffffffd8f8) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44
Attachments
Test case (76 bytes, text/html)
2015-04-08 05:26 PDT, Renata Hodovan
no flags
WIP (1.33 KB, patch)
2016-03-02 23:05 PST, Ryosuke Niwa
no flags
Fixes the bug (15.09 KB, patch)
2016-04-26 00:28 PDT, Ryosuke Niwa
darin: review+
Ryosuke Niwa
Comment 1 2016-03-02 23:05:26 PST
I have a fix but there's a bug in a relevant W3C test :( https://github.com/w3c/web-platform-tests/pull/2653
Ryosuke Niwa
Comment 2 2016-03-02 23:05:56 PST
Ryosuke Niwa
Comment 3 2016-03-03 18:37:30 PST
Two more tests need to be fixed first: https://github.com/w3c/web-platform-tests/pull/2655
Ryosuke Niwa
Comment 4 2016-04-26 00:28:44 PDT
Created attachment 277349 [details] Fixes the bug
Ryosuke Niwa
Comment 5 2016-04-26 00:29:23 PDT
Comment on attachment 277349 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=277349&action=review > LayoutTests/imported/w3c/web-platform-tests/html/semantics/scripting-1/the-template-element/template-element/template-as-a-descendant-expected.txt:7 > -PASS Template element as a descendant of the FRAMESET element. Template element is created by innerHTML > +FAIL Template element as a descendant of the FRAMESET element. Template element is created by innerHTML assert_not_equals: Template element should be a descendant of the FRAMESET element got disallowed value null > PASS Template element as an indirect descendant of the BODY element. Template element is created by innerHTML > PASS Template element as an indirect descendant of the HEAD element. Template element is created by innerHTML > -PASS Template element as an indirect descendant of the FRAMESET element. Template element is created by innerHTML > +FAIL Template element as an indirect descendant of the FRAMESET element. Template element is created by innerHTML assert_not_equals: Template element should be a descendant of the FRAMESET element got disallowed value null These FAIL will be PASS instead once the reimportation of tests completes in the bug 157026.
Ryosuke Niwa
Comment 6 2016-04-26 15:06:59 PDT
Note You need to log in before you can comment on or make changes to this bug.