152225 – ASSERTION FAILED: m_imageElements.find(e) == notFound in WebCore::HTMLFormElement::registerImgElement

Bug 152225 - ASSERTION FAILED: m_imageElements.find(e) == notFound in WebCore::HTMLFormElement::registerImgElement

Summary: ASSERTION FAILED: m_imageElements.find(e) == notFound in WebCore::HTMLFormEle...

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	DOM (show other bugs)
Version:	WebKit Local Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:	116980
	Show dependency tree / graph

Reported:	2015-12-13 03:18 PST by Renata Hodovan
Modified:	2016-08-05 09:24 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
Test (119 bytes, text/html) 2015-12-13 03:18 PST, Renata Hodovan	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Renata Hodovan 2015-12-13 03:18:30 PST

Created attachment 267259 [details]
Test

Load the attached test with debug MiniBrowser:

<!DOCTYPE html>
<template>
    <form>
        <code>
            <p><img></img>
        </code>
    </form>
</template>


OS: Ubuntu 15.10 x86_64
Checked build: debug EFL
Checked version: 37be9b0


Backtrace:

ASSERTION FAILED: m_imageElements.find(e) == notFound
../../Source/WebCore/html/HTMLFormElement.cpp(626) : void WebCore::HTMLFormElement::registerImgElement(WebCore::HTMLImageElement*)
1   0x7fa014cbcecc WTFCrash
2   0x7fa013487948 WebCore::HTMLFormElement::registerImgElement(WebCore::HTMLImageElement*)
3   0x7fa0134910a2 WebCore::HTMLImageElement::insertedInto(WebCore::ContainerNode&)
4   0x7fa01322a1d6 WebCore::notifyNodeInsertedIntoTree(WebCore::ContainerNode&, WebCore::ContainerNode&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&)
5   0x7fa01322a349 WebCore::notifyChildNodeInserted(WebCore::ContainerNode&, WebCore::Node&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&)
6   0x7fa01321b479 WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource)
7   0x7fa01321d142 WebCore::ContainerNode::parserAppendChild(WTF::Ref<WebCore::Node>&&)
8   0x7fa01321a60a WebCore::ContainerNode::takeAllChildrenFrom(WebCore::ContainerNode*)
9   0x7fa0145ee4ac
10  0x7fa0145ee518
11  0x7fa0145ee87e WebCore::HTMLConstructionSite::executeQueuedTasks()
12  0x7fa0135a6b41 WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken&)
13  0x7fa0135839a4 WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&)
14  0x7fa013583683 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode)
15  0x7fa013582f61 WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode)
16  0x7fa013583f07 WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl>&&)
17  0x7fa014547dab WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&)
18  0x7fa0136a2546 WebCore::DocumentWriter::end()
19  0x7fa01368b9be WebCore::DocumentLoader::finishedLoading(double)
20  0x7fa01368b718 WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*)
21  0x7fa013731ca3 WebCore::CachedResource::checkNotify()
22  0x7fa013731db8 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*)
23  0x7fa01372dfe6 WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*)
24  0x7fa0136f60e5 WebCore::SubresourceLoader::didFinishLoading(double)
25  0x7fa012da731e WebKit::WebResourceLoader::didFinishResourceLoad(double)
26  0x7fa01304141b void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::tuple<double>&&, std::index_sequence<0ul>)
27  0x7fa013040d5a void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::tuple<double>, std::make_index_sequence<1ul> >(std::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double))
28  0x7fa0130408b4 void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double))
29  0x7fa013040132 WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&)
30  0x7fa012d9d4c3 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&)
31  0x7fa012a9c7ce IPC::Connection::dispatchMessage(IPC::MessageDecoder&)
Aborted (core dumped)

Program terminated with signal SIGSEGV, Segmentation fault.
#0  0x00007fa014cbced1 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321	    *(int *)(uintptr_t)0xbbadbeef = 0;
[Current thread is 1 (Thread 0x7fa0187f7a80 (LWP 29377))]
#0  0x00007fa014cbced1 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007fa013487948 in WebCore::HTMLFormElement::registerImgElement(WebCore::HTMLImageElement*) () at ../../Source/WebCore/html/HTMLFormElement.cpp:626
#2  0x00007fa0134910a2 in WebCore::HTMLImageElement::insertedInto(WebCore::ContainerNode&) () at ../../Source/WebCore/html/HTMLImageElement.cpp:307
#3  0x00007fa01322a1d6 in WebCore::notifyNodeInsertedIntoTree(WebCore::ContainerNode&, WebCore::ContainerNode&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) () at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:82
#4  0x00007fa01322a349 in WebCore::notifyChildNodeInserted(WebCore::ContainerNode&, WebCore::Node&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) () at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:99
#5  0x00007fa01321b479 in WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) () at ../../Source/WebCore/dom/ContainerNode.cpp:338
#6  0x00007fa01321d142 in WebCore::ContainerNode::parserAppendChild(WTF::Ref<WebCore::Node>&&) () at ../../Source/WebCore/dom/ContainerNode.cpp:730
#7  0x00007fa01321a60a in WebCore::ContainerNode::takeAllChildrenFrom(WebCore::ContainerNode*) () at ../../Source/WebCore/dom/ContainerNode.cpp:132
#8  0x00007fa0145ee4ac in WebCore::executeTakeAllChildrenTask(WebCore::HTMLConstructionSiteTask&) () at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:143
#9  0x00007fa0145ee518 in WebCore::executeTask(WebCore::HTMLConstructionSiteTask&) () at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:162
#10 0x00007fa0145ee87e in WebCore::HTMLConstructionSite::executeQueuedTasks() () at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:202
#11 0x00007fa0135a6b41 in WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken&) () at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:355
#12 0x00007fa0135839a4 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&) () at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:312
#13 0x00007fa013583683 in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) () at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:269
#14 0x00007fa013582f61 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) () at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:166
#15 0x00007fa013583f07 in WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl>&&) () at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:382
#16 0x00007fa014547dab in WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&) () at ../../Source/WebCore/dom/DecodedDataDocumentParser.cpp:60
#17 0x00007fa0136a2546 in WebCore::DocumentWriter::end (this=0x7f9ff442ef20) at ../../Source/WebCore/loader/DocumentWriter.cpp:254
#18 0x00007fa01368b9be in WebCore::DocumentLoader::finishedLoading(double) () at ../../Source/WebCore/loader/DocumentLoader.cpp:434
#19 0x00007fa01368b718 in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*) () at ../../Source/WebCore/loader/DocumentLoader.cpp:381
#20 0x00007fa013731ca3 in WebCore::CachedResource::checkNotify() () at ../../Source/WebCore/loader/cache/CachedResource.cpp:296
#21 0x00007fa013731db8 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) () at ../../Source/WebCore/loader/cache/CachedResource.cpp:312
#22 0x00007fa01372dfe6 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) () at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:103
#23 0x00007fa0136f60e5 in WebCore::SubresourceLoader::didFinishLoading(double) () at ../../Source/WebCore/loader/SubresourceLoader.cpp:372
#24 0x00007fa012da731e in WebKit::WebResourceLoader::didFinishResourceLoad(double) () at ../../Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp:153
#25 0x00007fa01304141b in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::tuple<double>&&, std::index_sequence<0ul>) () at ../../Source/WebKit2/Platform/IPC/HandleMessage.h:16
#26 0x00007fa013040d5a in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::tuple<double>, std::make_index_sequence<1ul> >(std::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) () at ../../Source/WebKit2/Platform/IPC/HandleMessage.h:22
#27 0x00007fa0130408b4 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) () at ../../Source/WebKit2/Platform/IPC/HandleMessage.h:92
#28 0x00007fa013040132 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) () at DerivedSources/WebKit2/WebResourceLoaderMessageReceiver.cpp:65
#29 0x00007fa012d9d4c3 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) () at ../../Source/WebKit2/WebProcess/Network/NetworkProcessConnection.cpp:58
#30 0x00007fa012a9c7ce in IPC::Connection::dispatchMessage(IPC::MessageDecoder&) () at ../../Source/WebKit2/Platform/IPC/Connection.cpp:900
#31 0x00007fa012a9c932 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) () at ../../Source/WebKit2/Platform/IPC/Connection.cpp:931
#32 0x00007fa012a9cb1f in IPC::Connection::dispatchOneMessage() () at ../../Source/WebKit2/Platform/IPC/Connection.cpp:962
#33 0x00007fa012a9c5e1 in IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >)::{lambda()#1}::operator()() const () at ../../Source/WebKit2/Platform/IPC/Connection.cpp:894
#34 0x00007fa012a9e0ef in std::_Function_handler<void (), IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >)::{lambda()#1}>::_M_invoke(std::_Any_data const&) () at /usr/include/c++/5/functional:1871
#35 0x00007fa012a0b4b8 in std::function<void()>::operator()(void) const (this=0x7ffc70bd05d0) at /usr/include/c++/5/functional:2271
#36 0x00007fa014cdadc3 in WTF::RunLoop::performWork (this=0x7f9ff45f9000) at ../../Source/WTF/wtf/RunLoop.cpp:121
#37 0x00007fa014d1b5d9 in WTF::RunLoop::wakeUpEvent (data=0x7f9ff45f9000) at ../../Source/WTF/wtf/efl/RunLoopEfl.cpp:66
#38 0x00007fa00ce8efee in _ecore_pipe_handler_call (p=p@entry=0x22e75b0, buf=0x234d400 "W\323\064\002", len=<optimized out>) at lib/ecore/ecore_pipe.c:533
#39 0x00007fa00ce8f779 in _ecore_pipe_read (data=0x22e75b0, fd_handler=<optimized out>) at lib/ecore/ecore_pipe.c:660
#40 0x00007fa00ce8e441 in _ecore_call_fd_cb (fd_handler=0x22e57c0, data=<optimized out>, func=<optimized out>) at lib/ecore/ecore_private.h:414
#41 _ecore_main_fd_handlers_call () at lib/ecore/ecore_main.c:1684
#42 _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:1940
#43 0x00007fa00ce8e827 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:988
#44 0x00007fa014d1b55b in WTF::RunLoop::run () at ../../Source/WTF/wtf/efl/RunLoopEfl.cpp:49
#45 0x00007fa012fbc456 in int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) () at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#46 0x00007fa012fbc064 in WebProcessMainUnix () at ../../Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:161
#47 0x000000000040089a in main () at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44

Comment 1 Brent Fulgham 2016-08-05 09:24:15 PDT

This problem does not reproduce under r204037. If you believe there is still a problem, please reopen this bug and attach a revised test case.