RESOLVED FIXED 46169
media/video-controls-with-mutation-event-handler.html crashing 
https://bugs.webkit.org/show_bug.cgi?id=46169
Summary media/video-controls-with-mutation-event-handler.html crashing
Philippe Normand
Reported 2010-09-21 01:12:40 PDT
On Debug bots. Bisecting in progress. Program terminated with signal 11, Segmentation fault. #0 0x00007f49a351684f in WebCore::TreeShared<WebCore::ContainerNode>::ref (this=0x7f490953a178) at ../../WebCore/platform/TreeShared.h:63 63 ASSERT(!m_adoptionIsRequired); Thread 1 (Thread 13603): #0 0x00007f49a351684f in WebCore::TreeShared<WebCore::ContainerNode>::ref (this=0x7f490953a178) at ../../WebCore/platform/TreeShared.h:63 #1 0x00007f49a3706f70 in WebCore::Node::refEventTarget (this=0x7f490953a170) at ../../WebCore/dom/Node.h:690 #2 0x00007f49a37370ad in WebCore::EventTarget::ref (this=0x7f490953a170) at ../../WebCore/dom/EventTarget.h:94 #3 0x00007f49a3745e04 in WTF::refIfNotNull<WebCore::EventTarget> (ptr=0x7f490953a170) at ../../JavaScriptCore/wtf/PassRefPtr.h:52 #4 0x00007f49a377795d in WTF::RefPtr<WebCore::EventTarget>::RefPtr (this=0x7fffffffbb10, ptr=0x7f490953a170) at ../../JavaScriptCore/wtf/RefPtr.h:43 #5 0x00007f49a378cfbc in WebCore::Node::dispatchEvent (this=0x7f490953a170, prpEvent=...) at ../../WebCore/dom/Node.cpp:2567 #6 0x00007f49a378dc68 in WebCore::Node::dispatchSubtreeModifiedEvent (this=0x7f490953a170) at ../../WebCore/dom/Node.cpp:2728 #7 0x00007f49a3782d69 in WebCore::NamedNodeMap::addAttribute (this=0x7f490929c500, prpAttribute=...) at ../../WebCore/dom/NamedNodeMap.cpp:265 #8 0x00007f49a376bddf in WebCore::Element::setAttribute (this=0x7f490953a170, name=..., value=...) at ../../WebCore/dom/Element.cpp:609 #9 0x00007f49a376a3aa in WebCore::Element::setAttribute (this=0x7f490953a170, name=..., value=...) at ../../WebCore/dom/Element.cpp:180 #10 0x00007f49a38c2881 in WebCore::HTMLInputElement::setType (this=0x7f490953a170, t=...) at ../../WebCore/html/HTMLInputElement.cpp:852 #11 0x00007f49a3bce47c in WebCore::MediaControlInputElement::MediaControlInputElement (this=0x7f490953a170, mediaElement=0x7f4909215950, pseudo=WebCore::MEDIA_CONTROLS_REWIND_BUTTON, type=...) at ../../WebCore/rendering/MediaControlElements.cpp:353 #12 0x00007f49a3bd0bfb in WebCore::MediaControlRewindButtonElement::MediaControlRewindButtonElement (this=0x7f490953a170, element=0x7f4909215950) at ../../WebCore/rendering/MediaControlElements.cpp:606 #13 0x00007f49a3bcf5a4 in WebCore::MediaControlRewindButtonElement::create (mediaElement=0x7f4909215950) at ../../WebCore/rendering/MediaControlElements.cpp:612 #14 0x00007f49a3c74437 in WebCore::RenderMedia::createRewindButton (this=0x7f4909b75198) at ../../WebCore/rendering/RenderMedia.cpp:220 #15 0x00007f49a3c751fe in WebCore::RenderMedia::updateControls (this=0x7f4909b75198) at ../../WebCore/rendering/RenderMedia.cpp:346 #16 0x00007f49a3c74f2c in WebCore::RenderMedia::updateFromElement (this=0x7f4909b75198) at ../../WebCore/rendering/RenderMedia.cpp:308 #17 0x00007f49a3ceab96 in WebCore::RenderVideo::updateFromElement (this=0x7f4909b75198) at ../../WebCore/rendering/RenderVideo.cpp:222 #18 0x00007f49a38d4e57 in WebCore::HTMLMediaElement::attach (this=0x7f4909215950) at ../../WebCore/html/HTMLMediaElement.cpp:354 #19 0x00007f49a38f5dc7 in WebCore::HTMLVideoElement::attach (this=0x7f4909215950) at ../../WebCore/html/HTMLVideoElement.cpp:73 #20 0x00007f49a371444d in WebCore::ContainerNode::attach (this=0x7f490946e7d0) at ../../WebCore/dom/ContainerNode.cpp:700 #21 0x00007f49a376cd31 in WebCore::Element::attach (this=0x7f490946e7d0) at ../../WebCore/dom/Element.cpp:836 #22 0x00007f49a376d487 in WebCore::Element::recalcStyle (this=0x7f490946e7d0, change=WebCore::Node::NoChange) at ../../WebCore/dom/Element.cpp:926 #23 0x00007f49a376dae9 in WebCore::Element::recalcStyle (this=0x7f4909431bd0, change=WebCore::Node::NoChange) at ../../WebCore/dom/Element.cpp:989 #24 0x00007f49a376dae9 in WebCore::Element::recalcStyle (this=0x7f49094902f0, change=WebCore::Node::NoChange) at ../../WebCore/dom/Element.cpp:989 #25 0x00007f49a372aeb0 in WebCore::Document::recalcStyle (this=0x7f4909aba0e0, change=WebCore::Node::NoChange) at ../../WebCore/dom/Document.cpp:1492 #26 0x00007f49a372b0ae in WebCore::Document::updateStyleIfNeeded (this=0x7f4909aba0e0) at ../../WebCore/dom/Document.cpp:1536 #27 0x00007f49a372cbed in WebCore::Document::implicitClose (this=0x7f4909aba0e0) at ../../WebCore/dom/Document.cpp:2047 #28 0x00007f49a3a03583 in WebCore::FrameLoader::checkCallImplicitClose (this=0x506250) at ../../WebCore/loader/FrameLoader.cpp:900 #29 0x00007f49a3a03356 in WebCore::FrameLoader::checkCompleted (this=0x506250) at ../../WebCore/loader/FrameLoader.cpp:848 #30 0x00007f49a3a030d5 in WebCore::FrameLoader::finishedParsing (this=0x506250) at ../../WebCore/loader/FrameLoader.cpp:782 #31 0x00007f49a3734c5e in WebCore::Document::finishedParsing (this=0x7f4909aba0e0) at ../../WebCore/dom/Document.cpp:4121 #32 0x00007f49a392a40d in WebCore::HTMLTreeBuilder::finished (this=0x7f49091d90c0) at ../../WebCore/html/parser/HTMLTreeBuilder.cpp:2755 #33 0x00007f49a39032d8 in WebCore::HTMLDocumentParser::end (this=0x7f4909c5eff0) at ../../WebCore/html/parser/HTMLDocumentParser.cpp:342 #34 0x00007f49a39033cb in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7f4909c5eff0) at ../../WebCore/html/parser/HTMLDocumentParser.cpp:351 #35 0x00007f49a3902868 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7f4909c5eff0) at ../../WebCore/html/parser/HTMLDocumentParser.cpp:153 #36 0x00007f49a3903410 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7f4909c5eff0) at ../../WebCore/html/parser/HTMLDocumentParser.cpp:363 #37 0x00007f49a39034c9 in WebCore::HTMLDocumentParser::finish (this=0x7f4909c5eff0) at ../../WebCore/html/parser/HTMLDocumentParser.cpp:391 #38 0x00007f49a372d036 in WebCore::Document::finishParsing (this=0x7f4909aba0e0) at ../../WebCore/dom/Document.cpp:2164 #39 0x00007f49a39fd0b7 in WebCore::DocumentWriter::endIfNotLoadingMainResource (this=0x5063d0) at ../../WebCore/loader/DocumentWriter.cpp:221 #40 0x00007f49a39fd00d in WebCore::DocumentWriter::end (this=0x5063d0) at ../../WebCore/loader/DocumentWriter.cpp:206 #41 0x00007f49a39f22f1 in WebCore::DocumentLoader::finishedLoading (this=0x7f49092573f0) at ../../WebCore/loader/DocumentLoader.cpp:271 #42 0x00007f49a3a096ad in WebCore::FrameLoader::finishedLoading (this=0x506250) at ../../WebCore/loader/FrameLoader.cpp:2156 #43 0x00007f49a3a434bd in WebCore::MainResourceLoader::didFinishLoading (this=0x7f49093694a0, finishTime=0) at ../../WebCore/loader/MainResourceLoader.cpp:441 #44 0x00007f49a3a4eba7 in WebCore::ResourceLoader::didFinishLoading (this=0x7f49093694a0, finishTime=0) at ../../WebCore/loader/ResourceLoader.cpp:446 #45 0x00007f49a3f00bb8 in WebCore::closeCallback (source=0x1348e40, res=0x1348de0) at ../../WebCore/platform/network/soup/ResourceHandleSoup.cpp:720 #46 0x00007f499f9cf620 in async_ready_close_callback_wrapper (source_object=0x1348e40, res=0x1348de0, user_data=0x0) at /tmp/buildd/glib2.0-2.24.1/gio/ginputstream.c:485 #47 0x00007f499f9ddac8 in complete_in_idle_cb_for_thread (_data=<value optimized out>) at /tmp/buildd/glib2.0-2.24.1/gio/gsimpleasyncresult.c:653 #48 0x00007f499ee966c2 in g_main_dispatch (context=0x46aa00) at /tmp/buildd/glib2.0-2.24.1/glib/gmain.c:1960 #49 IA__g_main_context_dispatch (context=0x46aa00) at /tmp/buildd/glib2.0-2.24.1/glib/gmain.c:2513 #50 0x00007f499ee9a538 in g_main_context_iterate (context=0x46aa00, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at /tmp/buildd/glib2.0-2.24.1/glib/gmain.c:2591 #51 0x00007f499ee9aa45 in IA__g_main_loop_run (loop=0x7f49098e7030) at /tmp/buildd/glib2.0-2.24.1/glib/gmain.c:2799 #52 0x00007f49a0d3a657 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #53 0x00000000004190fe in runTest (testPathOrURL=...) at ../../WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp:573 #54 0x00000000004187ff in runTestingServerLoop () at ../../WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp:383 #55 0x000000000041a6ae in main (argc=2, argv=0x7fffffffd218) at ../../WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp:1013
Attachments
Patch (11.46 KB, patch)
2010-09-21 09:43 PDT, Darin Adler 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alejandro G. Castro
Comment 1 2010-09-21 01:30:52 PDT
Test skipped http://trac.webkit.org/changeset/67932
Philippe Normand
Comment 2 2010-09-21 02:03:18 PDT
Kenneth, I did a git bisection to find out the commit that introduced this regression and it is http://trac.webkit.org/changeset/67903 ... Could you please have a look? Meanwhile I'll investigate too ;)
Philippe Normand
Comment 3 2010-09-21 02:04:47 PDT
Sorry, I meant asking you Darin ^^
Darin Adler
Comment 4 2010-09-21 09:29:55 PDT
The call to setType in the MediaControlInputElement constructor is new, and needs to be moved. There is a simple fix by putting it into the create function.
Darin Adler
Comment 5 2010-09-21 09:43:12 PDT
Created attachment 68250 [details] Patch
Philippe Normand
Comment 6 2010-09-21 23:41:22 PDT
Thanks! I confirm this patch fixes the crashing test on gtk. Can you please unskip the test when landing?
Philippe Normand
Comment 7 2010-09-22 00:37:39 PDT
*** Bug 46163 has been marked as a duplicate of this bug. ***
chris fleizach
Comment 8 2010-09-22 00:40:50 PDT
Comment on attachment 68250 [details] Patch looks ok r=me
Adam Barth
Comment 9 2010-09-23 01:16:30 PDT
Comment on attachment 68250 [details] Patch I can haz test not crash?
WebKit Commit Bot
Comment 10 2010-09-23 01:39:01 PDT
Comment on attachment 68250 [details] Patch Clearing flags on attachment: 68250 Committed r68126: <http://trac.webkit.org/changeset/68126>
WebKit Commit Bot
Comment 11 2010-09-23 01:39:05 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.