Bug 173401 - [Win] Crash in accessibility layout test.
Summary: [Win] Crash in accessibility layout test.
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Tools / Tests (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Per Arne Vollan
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-06-14 23:41 PDT by Per Arne Vollan
Modified: 2017-06-15 10:01 PDT (History)
4 users (show)

See Also:


Attachments
Patch (1.48 KB, patch)
2017-06-14 23:49 PDT, Per Arne Vollan
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Per Arne Vollan 2017-06-14 23:41:51 PDT
STACK_TEXT:  
WARNING: Frame IP not in any known module. Following frames may be wrong.
0040c200 647c441c 08fc7cf0 647b61bd 059a4cd8 0x7005c763
0040c208 647b61bd 059a4cd8 0040c23c 640f5ffa DumpRenderTreeLib!AccessibilityUIElement::~AccessibilityUIElement+0xc
0040c214 640f5ffa 058bb100 0040c254 058bb100 DumpRenderTreeLib!finalize+0x1d
0040c228 644e9d5d 058bb100 00000000 00000310 JavaScriptCore!JSC::JSCallbackObject<JSC::JSDestructibleObject>::~JSCallbackObject<JSC::JSDestructibleObject>+0x4a
0040c23c 644e9669 00000310 0051bab0 00000000 JavaScriptCore!<lambda_07778e20c17479c9d2c845ad43d19255>::operator()+0x2d
0040c2b4 644e9e13 058759d0 00000001 00000001 JavaScriptCore!JSC::MarkedBlock::Handle::specializedSweep<1,1,1,1,0,1,1,JSC::`anonymous namespace'::DestroyFunc>+0x149
0040c2d8 644e94e2 00000000 0051bab0 05771408 JavaScriptCore!<lambda_bd36abf116e3ed85297e973ffafd78a3>::operator()+0x53
0040c330 644e93d3 058759d0 0040c343 057737c8 JavaScriptCore!JSC::MarkedBlock::Handle::finishSweepKnowingSubspace<JSC::`anonymous namespace'::DestroyFunc>+0xe2
0040c344 6432bc0a 0051bab0 058759d0 058759d0 JavaScriptCore!JSC::JSDestructibleObjectSubspace::finishSweep+0x13
0040c3a0 6432b302 058759d0 00000001 00000000 JavaScriptCore!JSC::MarkedBlock::Handle::sweep+0xea
0040c3b4 6432b251 0051bab0 058759d0 05771410 JavaScriptCore!JSC::MarkedAllocator::tryAllocateIn+0x12
0040c3d4 6432b0ec 05771408 00000000 058cb8a0 JavaScriptCore!JSC::MarkedAllocator::tryAllocateWithoutCollecting+0xb1
0040c3e8 6432af6d 00000000 00000001 0040c408 JavaScriptCore!JSC::MarkedAllocator::allocateSlowCaseImpl+0x14c
0040c3f8 6433561a 00000000 05771408 0040c41c JavaScriptCore!JSC::MarkedAllocator::allocateSlowCase+0xd
0040c408 644fc3a5 00000018 05771408 058cb8a0 JavaScriptCore!JSC::Subspace::allocate+0x4a
0040c41c 644f19ec 05771408 05793f20 05771408 JavaScriptCore!JSC::FunctionPrototype::create+0x15
0040d27c 644ee453 05771408 05771408 058cb8a0 JavaScriptCore!JSC::JSGlobalObject::init+0x8c
0040d294 63456513 00000000 058b80a0 058cb8a0 JavaScriptCore!JSC::JSGlobalObject::finishCreation+0x53
0040d2e4 6391fda4 05771408 058b80a0 058cb8a0 WebKit!WebCore::JSDOMWindowBase::finishCreation+0x23
0040d300 6345820a 05771408 058b80a0 0a9271a0 WebKit!WebCore::JSDOMWindow::finishCreation+0x14
0040d338 63459d5c 0040d358 0a9271a0 05758ee8 WebKit!WebCore::JSDOMWindowProxy::setWindow+0x16a
0040d378 6324bf6c 091808c8 00000000 08f75924 WebKit!WebCore::ScriptController::setDOMWindowForWindowProxy+0xdc
0040d390 6365aa3e 0a9271a0 00000000 00000001 WebKit!WebCore::FrameLoader::clear+0x19c
0040d410 6312a834 0040d42c 00000000 00000000 WebKit!WebCore::DocumentWriter::begin+0x17e
0040d46c 6312be48 00000000 00000000 64075350 WebKit!WebCore::DocumentLoader::commitData+0x44
0040d56c 6312c974 08f758d0 08f76030 6bca25a9 WebKit!WebCore::DocumentLoader::finishedLoading+0x118
0040d7d8 63129bf1 05758ee8 08f758d0 00000000 WebKit!WebCore::DocumentLoader::maybeLoadEmpty+0x3a4
0040dd3c 632508f1 056c1d40 08f75d40 08f758d0 WebKit!WebCore::DocumentLoader::startLoadingMainResource+0x141
0040dd60 632545d9 08f75d40 00000000 00000001 WebKit!WebCore::FrameLoader::continueLoadAfterNavigationPolicy+0x291
0040dd78 636baa59 08f75d40 00000000 00000001 WebKit!WTF::Function<void __cdecl(WebCore::ResourceRequest const &,WebCore::FormState *,bool)>::CallableWrapper<<lambda_95aa8f0030eed8483eb052c9ec4a0293> >::call+0x19
0040df60 63251b5b 08f75d40 00000000 08f758d0 WebKit!WebCore::PolicyChecker::checkNavigationPolicy+0x249
0040e14c 63251c5b 08f758d0 00000000 00000000 WebKit!WebCore::FrameLoader::loadWithDocumentLoader+0x35b
0040e170 6324a5dd 08f758d0 05758e98 08e68388 WebKit!WebCore::FrameLoader::load+0xeb
0040e840 63027158 0040e854 08e68388 63cf5d48 WebKit!WebCore::FrameLoader::load+0x1ed
0040ee24 647cdf67 057656b8 08e68388 00000001 WebKit!WebFrame::loadRequest+0x88
0040ef44 647c9c61 0040ef5c 010d6df0 00512328 DumpRenderTreeLib!runTest+0x797
0040f7c8 647c9e2e 00000002 00512328 0040faa0 DumpRenderTreeLib!main+0x491
0040f7d8 010c16c9 00000002 00512328 010d6dec DumpRenderTreeLib!dllLauncherEntryPoint+0xe
0040faa0 010c32ba 00000002 00512328 00518640 DumpRenderTree!main+0x469
0040faec 7619336a 7efde000 0040fb38 77b59902 DumpRenderTree!__scrt_common_main_seh+0xff
0040faf8 77b59902 7efde000 ec72fbff 00000000 KERNEL32!BaseThreadInitThunk+0x12
0040fb38 77b598d5 010c3337 7efde000 00000000 ntdll_77b20000!RtlInitializeExceptionChain+0x63
0040fb50 00000000 010c3337 7efde000 00000000 ntdll_77b20000!RtlInitializeExceptionChain+0x36
Comment 1 Per Arne Vollan 2017-06-14 23:49:06 PDT
Created attachment 312956 [details]
Patch
Comment 2 Brent Fulgham 2017-06-15 09:44:48 PDT
Comment on attachment 312956 [details]
Patch

Weird that this was every done this way. I wonder if there was a Retain() somewhere we removed at some point.
Comment 3 Per Arne Vollan 2017-06-15 09:58:41 PDT
Comment on attachment 312956 [details]
Patch

Thanks for reviewing!
Comment 4 WebKit Commit Bot 2017-06-15 10:01:30 PDT
Comment on attachment 312956 [details]
Patch

Clearing flags on attachment: 312956

Committed r218337: <http://trac.webkit.org/changeset/218337>
Comment 5 WebKit Commit Bot 2017-06-15 10:01:31 PDT
All reviewed patches have been landed.  Closing bug.