Bug 29514 - Web Inspector: Crash When Logging an Element Before Opening Inspector
Summary: Web Inspector: Crash When Logging an Element Before Opening Inspector
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Inspector (Deprecated) (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Pavel Feldman
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-09-18 22:00 PDT by Joseph Pecoraro
Modified: 2009-09-21 14:29 PDT (History)
6 users (show)

See Also:


Attachments
[REDUCTION] Test Page Causing Crash (119 bytes, text/html)
2009-09-18 22:00 PDT, Joseph Pecoraro
no flags Details
[REDUCTION] More Generic Test Page Causing Crash (97 bytes, text/html)
2009-09-18 22:20 PDT, Joseph Pecoraro
no flags Details
patch (1.53 KB, patch)
2009-09-21 11:58 PDT, Pavel Feldman
timothy: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Joseph Pecoraro 2009-09-18 22:00:05 PDT
Created attachment 39811 [details]
[REDUCTION] Test Page Causing Crash

This is a regression.  The attached file crashes WebKit (r48518) but not Safari 4.0.3.  Safari exhibits the expected behavior.

Steps to Reproduce:
1. Open the Attached Reduction
2. Click the button on the screen
3. Open the Web Inspector in any way (this will cause the browser to crash)

Notes:
- The <form> tag is required in order for the x variable in the onclick handler to refer to the <input name="x">
Comment 1 Joseph Pecoraro 2009-09-18 22:20:11 PDT
Created attachment 39812 [details]
[REDUCTION] More Generic Test Page Causing Crash

After further investigation I found its not specific to form elements. Instead, if you attempt to console.log ANY element before opening the inspector, and then you open the inspector, it causes a crash.  With this new test case the only user action required is opening the inspector, which will cause the crash.
Comment 2 Patrick Mueller 2009-09-21 10:35:25 PDT
Built a debug version of WebKit, debugged under XCode.  EXC_BAD_ACCESS signal generated, stack trace below.

in  stack frame #6, the following code is executed:

    m_frontend->setDocument(buildObjectForNode(document, 2, &m_documentNodeToIdMap));
    
at that point, document is 0x0, which causes the eventual signal.  

Implies that also at stack frame #6, the call to mainFrameDocument() returns 0x0.

At this point, I'm lost, assume pfeldman will have a handle on this, not investigating any further.

#0	0x03f55954 in WTF::HashTable<WTF::RefPtr<WebCore::Node>, std::pair<WTF::RefPtr<WebCore::Node>, long>, WTF::PairFirstExtractor<std::pair<WTF::RefPtr<WebCore::Node>, long> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::PairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<long> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> > >::checkKey<WebCore::Node*, WTF::RefPtrHashMapRawKeyTranslator<WebCore::Node*, std::pair<WTF::RefPtr<WebCore::Node>, long>, WTF::PairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<long> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node> > > > at HashTable.h:455
#1	0x03f55a37 in WTF::HashTable<WTF::RefPtr<WebCore::Node>, std::pair<WTF::RefPtr<WebCore::Node>, long>, WTF::PairFirstExtractor<std::pair<WTF::RefPtr<WebCore::Node>, long> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::PairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<long> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> > >::lookup<WebCore::Node*, WTF::RefPtrHashMapRawKeyTranslator<WebCore::Node*, std::pair<WTF::RefPtr<WebCore::Node>, long>, WTF::PairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<long> >, WTF::PtrHash<WTF::RefPtr<WebCore::Node> > > > at HashTable.h:469
#2	0x03f55b08 in WTF::HashMap<WTF::RefPtr<WebCore::Node>, long, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<long> >::inlineGet at RefPtrHashMap.h:270
#3	0x03f55b42 in WTF::HashMap<WTF::RefPtr<WebCore::Node>, long, WTF::PtrHash<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<WTF::RefPtr<WebCore::Node> >, WTF::HashTraits<long> >::get at RefPtrHashMap.h:280
#4	0x03f52411 in WebCore::InspectorDOMAgent::bind at InspectorDOMAgent.cpp:207
#5	0x03f52e3f in WebCore::InspectorDOMAgent::buildObjectForNode at InspectorDOMAgent.cpp:383
#6	0x03f53293 in WebCore::InspectorDOMAgent::pushDocumentToFrontend at InspectorDOMAgent.cpp:245
#7	0x03f53313 in WebCore::InspectorDOMAgent::pushNodePathToFrontend at InspectorDOMAgent.cpp:292
#8	0x03f3968d in WebCore::InspectorBackend::pushNodePathToFrontend at InspectorBackend.cpp:482
#9	0x0408d9d3 in WebCore::JSInspectorBackend::pushNodePathToFrontend at JSInspectorBackendCustom.cpp:328
#10	0x040891b5 in WebCore::jsInspectorBackendPrototypeFunctionPushNodePathToFrontend at JSInspectorBackend.cpp:988
#11	0x189cd166 in ??
#12	0x006e93a5 in JSC::JITCode::execute at JITCode.h:79
#13	0x006d53c1 in JSC::Interpreter::execute at Interpreter.cpp:721
#14	0x0063d815 in JSC::JSFunction::call at JSFunction.cpp:120
#15	0x0063d8f1 in JSC::call at CallData.cpp:39
#16	0x04376103 in WebCore::ScriptFunctionCall::call at ScriptFunctionCall.cpp:126
#17	0x03f3a3bc in WebCore::InspectorBackend::dispatchOnInjectedScript at InspectorBackend.cpp:418
#18	0x04089b13 in WebCore::jsInspectorBackendPrototypeFunctionDispatchOnInjectedScript at JSInspectorBackend.cpp:891
#19	0x189cd166 in ??
#20	0x006e93a5 in JSC::JITCode::execute at JITCode.h:79
#21	0x006d53c1 in JSC::Interpreter::execute at Interpreter.cpp:721
#22	0x0063d815 in JSC::JSFunction::call at JSFunction.cpp:120
#23	0x0063d8f1 in JSC::call at CallData.cpp:39
#24	0x04376103 in WebCore::ScriptFunctionCall::call at ScriptFunctionCall.cpp:126
#25	0x043761d2 in WebCore::ScriptFunctionCall::call at ScriptFunctionCall.cpp:141
#26	0x03f5fe21 in WebCore::InspectorFrontend::addMessageToConsole at InspectorFrontend.cpp:88
#27	0x03baf6ff in WebCore::ConsoleMessage::addToConsole at ConsoleMessage.cpp:93
#28	0x03f3f605 in WebCore::InspectorController::populateScriptObjects at InspectorController.cpp:652
#29	0x03f4167d in WebCore::InspectorController::setWindowVisible at InspectorController.cpp:316
#30	0x003560bd in -[WebInspectorWindowController showWindow:] at WebInspectorClient.mm:354
#31	0x00356284 in WebInspectorClient::showWindow at WebInspectorClient.mm:109
#32	0x03f40ebf in WebCore::InspectorController::showWindow at InspectorController.cpp:624
#33	0x03f43186 in WebCore::InspectorController::scriptObjectReady at InspectorController.cpp:540
#34	0x03f39e3e in WebCore::InspectorBackend::loaded at InspectorBackend.cpp:200
#35	0x0408c59d in WebCore::jsInspectorBackendPrototypeFunctionLoaded at JSInspectorBackend.cpp:260
#36	0x189cd166 in ??
#37	0x006e93a5 in JSC::JITCode::execute at JITCode.h:79
#38	0x006d53c1 in JSC::Interpreter::execute at Interpreter.cpp:721
#39	0x0063d815 in JSC::JSFunction::call at JSFunction.cpp:120
#40	0x0063d8f1 in JSC::call at CallData.cpp:39
#41	0x04008b2a in WebCore::JSEventListener::handleEvent at JSEventListener.cpp:120
#42	0x041e9284 in WebCore::Node::handleLocalEvents at Node.cpp:2463
#43	0x041eb525 in WebCore::Node::dispatchGenericEvent at Node.cpp:2590
#44	0x041ebac1 in WebCore::Node::dispatchEvent at Node.cpp:2517
#45	0x041e934f in WebCore::Node::dispatchEvent at Node.cpp:2905
#46	0x03ed6a9c in WebCore::HTMLScriptElement::dispatchLoadEvent at HTMLScriptElement.cpp:225
#47	0x043704ed in WebCore::ScriptElementData::execute at ScriptElement.cpp:202
#48	0x03cb7007 in WebCore::Document::executeScriptSoonTimerFired at Document.cpp:4324
#49	0x03cca827 in WebCore::Timer<WebCore::Document>::fired at Timer.h:98
#50	0x044aa13f in WebCore::ThreadTimers::sharedTimerFiredInternal at ThreadTimers.cpp:112
#51	0x044aa289 in WebCore::ThreadTimers::sharedTimerFired at ThreadTimers.cpp:90
#52	0x043995ba in WebCore::timerFired at SharedTimerMac.mm:86
#53	0x961308f5 in CFRunLoopRunSpecific
#54	0x96130aa8 in CFRunLoopRunInMode
#55	0x90bd52ac in RunCurrentEventLoopInMode
#56	0x90bd50c5 in ReceiveNextEventCommon
#57	0x90bd4f39 in BlockUntilNextEventMatchingListInMode
#58	0x96cb06d5 in _DPSNextEvent
#59	0x96caff88 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:]
#60	0x0000c303 in ??
#61	0x96ca8f9f in -[NSApplication run]
#62	0x96c761d8 in NSApplicationMain
Comment 3 Pavel Feldman 2009-09-21 11:58:05 PDT
Created attachment 39862 [details]
patch
Comment 4 Pavel Feldman 2009-09-21 14:29:38 PDT
Committing to http://svn.webkit.org/repository/webkit/trunk ...
	M	WebCore/ChangeLog
	M	WebCore/inspector/InspectorController.cpp
Committed r48600