RESOLVED FIXED Bug 44743
Crash reloading fast/events/tabindex-focus-blur-all.html test 
https://bugs.webkit.org/show_bug.cgi?id=44743
Summary Crash reloading fast/events/tabindex-focus-blur-all.html test
Simon Fraser (smfr)
Reported 2010-08-26 20:15:33 PDT
I get a crash reloading LayoutTests/fast/events/tabindex-focus-blur-all.html Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010169edf0 WebCore::MediaPlayerPrivate::updateStates() + 1626 (MediaPlayerPrivateQTKit.mm:1049) 1 com.apple.WebCore 0x000000010169f0b5 WebCore::MediaPlayerPrivate::loadStateChanged() + 39 (MediaPlayerPrivateQTKit.mm:1062) 2 com.apple.WebCore 0x000000010169f117 -[WebCoreMovieObserver loadStateChanged:] + 96 (MediaPlayerPrivateQTKit.mm:1548) 3 com.apple.Foundation 0x00007fff8008f6ea _nsnote_callback + 167 4 com.apple.CoreFoundation 0x00007fff80f351f0 __CFXNotificationPost + 1008 5 com.apple.CoreFoundation 0x00007fff80f21768 _CFXNotificationPostNotification + 200 6 com.apple.Foundation 0x00007fff80086652 -[NSNotificationCenter postNotificationName:object:userInfo:] + 101 7 com.apple.QTKit 0x00007fff80aae204 -[QTMovie setMediaHelper:] + 753 8 com.apple.QTKit 0x00007fff80ab2d39 -[QTMovie_AsyncLoadHelper _mediaHelperFinishedLoadingWithError:] + 329 9 com.apple.Foundation 0x00007fff800a70cb __NSThreadPerformPerform + 219 10 com.apple.CoreFoundation 0x00007fff80f2a5f1 __CFRunLoopDoSources0 + 1361 11 com.apple.CoreFoundation 0x00007fff80f287e9 __CFRunLoopRun + 873 12 com.apple.CoreFoundation 0x00007fff80f27faf CFRunLoopRunSpecific + 575 13 com.apple.Foundation 0x00007fff800ca560 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 270 14 DumpRenderTree 0x0000000100010814 runTest(std::string const&) + 1795 (DumpRenderTree.mm:1270) 15 DumpRenderTree 0x0000000100010d01 runTestingServerLoop() + 145 (DumpRenderTree.mm:603) 16 DumpRenderTree 0x0000000100011116 dumpRenderTree(int, char const**) + 309 (DumpRenderTree.mm:659) 17 DumpRenderTree 0x0000000100011338 main + 97 (DumpRenderTree.mm:701) 18 DumpRenderTree 0x0000000100001c48 start + 52
Attachments
Proposed patch (5.00 KB, patch)
2010-08-28 11:32 PDT, Eric Carlson 		simon.fraser: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Simon Fraser (smfr)
Comment 1 2010-08-26 20:56:22 PDT
MediaPlayerPrivate is getting deleted from under itself: #0 WebCore::MediaPlayerPrivate::~MediaPlayerPrivate (this=0x12c1cc500) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/platform/graphics/mac/MediaPlayerPrivateQTKit.mm:235 #1 0x0000000101cd6763 in WTF::deleteOwnedPtr<WebCore::MediaPlayerPrivateInterface> (ptr=0x12c1cc500) at OwnPtrCommon.h:57 #2 0x0000000101cd67ac in WTF::OwnPtr<WebCore::MediaPlayerPrivateInterface*>::~OwnPtr (this=0x109207dd0) at OwnPtr.h:57 #3 0x0000000101cd4fb3 in WebCore::MediaPlayer::~MediaPlayer (this=0x109207dc0) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/platform/graphics/MediaPlayer.cpp:272 #4 0x00000001018dd240 in WTF::deleteOwnedPtr<WebCore::MediaPlayer> (ptr=0x109207dc0) at OwnPtrCommon.h:57 #5 0x00000001018dd26d in WTF::OwnPtr<WebCore::MediaPlayer>::clear (this=0x132337768) at OwnPtr.h:97 #6 0x00000001018d9171 in WebCore::HTMLMediaElement::userCancelledLoad (this=0x132337560) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/html/HTMLMediaElement.cpp:1811 #7 0x00000001018d926d in WebCore::HTMLMediaElement::documentWillBecomeInactive (this=0x132337560) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/html/HTMLMediaElement.cpp:1848 #8 0x000000010167001e in WebCore::Document::documentWillBecomeInactive (this=0x109a4ec00) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/dom/Document.cpp:3747 #9 0x000000010167473b in WebCore::Document::detach (this=0x109a4ec00) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/dom/Document.cpp:1666 #10 0x00000001017f1e17 in WebCore::Frame::setView (this=0x1072b0e00, view=@0x7fff5fbfcb10) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/page/Frame.cpp:239 #11 0x00000001017fa1ee in WebCore::FrameLoader::closeAndRemoveChild (this=0x1078d4050, child=0x1072b0e00) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/loader/FrameLoader.cpp:2504 #12 0x00000001017ff63b in WebCore::FrameLoader::detachFromParent (this=0x1072b0e50) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/loader/FrameLoader.cpp:2592 #13 0x00000001017ff718 in WebCore::FrameLoader::detachChildren (this=0x1078d4050) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/loader/FrameLoader.cpp:2496 #14 0x00000001017ff5c1 in WebCore::FrameLoader::detachFromParent (this=0x1078d4050) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/loader/FrameLoader.cpp:2582 #15 0x00000001017ff6ca in WebCore::FrameLoader::frameDetached (this=0x1078d4050) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/loader/FrameLoader.cpp:2572 #16 0x00000001018c0570 in WebCore::HTMLFrameOwnerElement::willRemove (this=0x108e9d5c0) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/html/HTMLFrameOwnerElement.cpp:46 #17 0x00000001018bf1cc in WebCore::HTMLFrameElementBase::willRemove (this=0x108e9d5c0) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/html/HTMLFrameElementBase.cpp:302 #18 0x00000001015424aa in WebCore::ContainerNode::willRemove (this=0x12bc31ce0) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/dom/ContainerNode.cpp:327 #19 0x00000001015424aa in WebCore::ContainerNode::willRemove (this=0x108eb7100) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/dom/ContainerNode.cpp:327 #20 0x0000000101541f0b in WebCore::willRemoveChildren (container=0x1078d7400) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/dom/ContainerNode.cpp:355 #21 0x0000000101541f8c in WebCore::ContainerNode::removeChildren (this=0x1078d7400) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/dom/ContainerNode.cpp:474 #22 0x00000001016741eb in WebCore::Document::implicitOpen (this=0x1078d7400) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/dom/Document.cpp:1847 #23 0x00000001016743fe in WebCore::Document::open (this=0x1078d7400, ownerDocument=0x1078d7400) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/dom/Document.cpp:1814 #24 0x00000001016744ff in WebCore::Document::write (this=0x1078d7400, text=@0x7fff5fbfcf80, ownerDocument=0x1078d7400) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/dom/Document.cpp:2119 #25 0x0000000101ad281b in WebCore::documentWrite (exec=0x12a6100e0, document=0x1078d7400, addNewline=WebCore::DoNotAddNewline) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/bindings/js/JSHTMLDocumentCustom.cpp:156 #26 0x0000000101ad288e in WebCore::JSHTMLDocument::write (this=0x1091c9840, exec=0x12a6100e0) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/bindings/js/JSHTMLDocumentCustom.cpp:161 #27 0x0000000101ad0e80 in WebCore::jsHTMLDocumentPrototypeFunctionWrite (exec=0x12a6100e0) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebKitBuild/Debug/DerivedSources/WebCore/JSHTMLDocument.cpp:421 #28 0x00004685dfa001aa in ?? () #29 0x00000001007df61c in JSC::JITCode::execute (this=0x12bd6c3e8, registerFile=0x10629d768, callFrame=0x12a610040, globalData=0x10687cc00, exception=0x10687e548) at JITCode.h:77 #30 0x00000001007daef6 in JSC::Interpreter::executeCall (this=0x10629d750, callFrame=0x12bcc5128, function=0x13287a780, callType=JSC::CallTypeJS, callData=@0x7fff5fbfd520, thisValue={m_ptr = 0x1091c2b80}, args=@0x7fff5fbfd4e0, exception=0x10687e548) at /Volumes/Monster/Development/apple/webkit/WebKit.git/JavaScriptCore/interpreter/Interpreter.cpp:780 #31 0x000000010079540f in JSC::call (exec=0x12bcc5128, functionObject={m_ptr = 0x13287a780}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfd520, thisValue={m_ptr = 0x1091c2b80}, args=@0x7fff5fbfd4e0) at /Volumes/Monster/Development/apple/webkit/WebKit.git/JavaScriptCore/runtime/CallData.cpp:38 #32 0x0000000101a10889 in WebCore::JSMainThreadExecState::call (exec=0x12bcc5128, functionObject={m_ptr = 0x13287a780}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfd520, thisValue={m_ptr = 0x1091c2b80}, args=@0x7fff5fbfd4e0) at JSMainThreadExecState.h:48 #33 0x0000000101aaa68c in WebCore::JSEventListener::handleEvent (this=0x12bc77750, scriptExecutionContext=0x1078d7468, event=0x12e117590) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/bindings/js/JSEventListener.cpp:124 #34 0x00000001017ac316 in WebCore::EventTarget::fireEventListeners (this=0x12bc8eb70, event=0x12e117590, d=0x12bc8ec48, entry=@0x12bc20040) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/dom/EventTarget.cpp:339 #35 0x00000001017ac937 in WebCore::EventTarget::fireEventListeners (this=0x12bc8eb70, event=0x12e117590) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/dom/EventTarget.cpp:300 #36 0x0000000101763ab4 in WebCore::DOMWindow::dispatchEvent (this=0x12bc8eb70, prpEvent=@0x7fff5fbfd940, prpTarget=@0x7fff5fbfd930) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/page/DOMWindow.cpp:1522 #37 0x0000000101764d32 in WebCore::DOMWindow::dispatchLoadEvent (this=0x12bc8eb70) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/page/DOMWindow.cpp:1471 #38 0x0000000101671e1f in WebCore::Document::dispatchWindowLoadEvent (this=0x1078d7400) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/dom/Document.cpp:3301 #39 0x0000000101673e40 in WebCore::Document::implicitClose (this=0x1078d7400) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/dom/Document.cpp:2000 #40 0x00000001017fc169 in WebCore::FrameLoader::checkCallImplicitClose (this=0x107885e50) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/loader/FrameLoader.cpp:894 #41 0x00000001017fec2b in WebCore::FrameLoader::checkCompleted (this=0x107885e50) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/loader/FrameLoader.cpp:842 #42 0x00000001017fed1f in WebCore::FrameLoader::completed (this=0x1078d4050) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/loader/FrameLoader.cpp:1203 #43 0x00000001017fec48 in WebCore::FrameLoader::checkCompleted (this=0x1078d4050) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/loader/FrameLoader.cpp:846 #44 0x00000001017fed1f in WebCore::FrameLoader::completed (this=0x1072b0e50) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/loader/FrameLoader.cpp:1203 #45 0x00000001017fec48 in WebCore::FrameLoader::checkCompleted (this=0x1072b0e50) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/loader/FrameLoader.cpp:846 #46 0x000000010166cf79 in WebCore::Document::decrementLoadEventDelayCount (this=0x109a4ec00) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/dom/Document.cpp:4626 #47 0x00000001018d6aee in WebCore::HTMLMediaElement::setShouldDelayLoadEvent (this=0x132337560, delay=false) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/html/HTMLMediaElement.cpp:2095 #48 0x00000001018d9f6c in WebCore::HTMLMediaElement::setReadyState (this=0x132337560, state=WebCore::MediaPlayer::HaveEnoughData) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/html/HTMLMediaElement.cpp:929 #49 0x00000001018da134 in WebCore::HTMLMediaElement::mediaPlayerReadyStateChanged (this=0x132337560) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/html/HTMLMediaElement.cpp:871 #50 0x0000000101cd4d33 in WebCore::MediaPlayer::readyStateChanged (this=0x109207dc0) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/platform/graphics/MediaPlayer.cpp:657 #51 0x0000000101cdade3 in WebCore::MediaPlayerPrivate::updateStates (this=0x12c1cc500) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/platform/graphics/mac/MediaPlayerPrivateQTKit.mm:1048 #52 0x0000000101cdb0c5 in WebCore::MediaPlayerPrivate::loadStateChanged (this=0x12c1cc500) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/platform/graphics/mac/MediaPlayerPrivateQTKit.mm:1063 #53 0x0000000101cdb127 in -[WebCoreMovieObserver loadStateChanged:] (self=0x12c1cbd70, _cmd=0x7fff838e373d, unusedNotification=0x1358085a0) at /Volumes/Monster/Development/apple/webkit/WebKit.git/WebCore/platform/graphics/mac/MediaPlayerPrivateQTKit.mm:1549
Nikolas Zimmermann
Comment 2 2010-08-27 05:12:44 PDT
Skipped test in r66209. :(
Eric Carlson
Comment 3 2010-08-28 11:32:10 PDT
Created attachment 65834 [details] Proposed patch
Eric Carlson
Comment 4 2010-08-28 11:49:49 PDT
http://trac.webkit.org/changeset/66311
Ademar Reis
Comment 5 2011-01-24 12:20:51 PST
Revision r66311 cherry-picked into qtwebkit-2.2 with commit 7f9cf48 <http://gitorious.org/webkit/qtwebkit/commit/7f9cf48>
Note You need to log in before you can comment on or make changes to this bug.