WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
50095
Assertion failure by resetting <output> twice
https://bugs.webkit.org/show_bug.cgi?id=50095
Summary
Assertion failure by resetting <output> twice
Kent Tamura
Reported
2010-11-25 15:51:35 PST
<form action="output.html"> <output value=foo></output> <input type=reset> </form> Load the above HTML on debug build WebKit, and click the reset button twice. ASSERTION FAILED: !m_isSetTextContentInProgress (..../WebKit/WebCore/html/HTMLOutputElement.cpp:125 void WebCore::HTMLOutputElement::setTextContentInternal(const WTF::String&))
Attachments
Patch
(4.39 KB, patch)
2010-11-25 18:21 PST
,
Kenichi Ishibashi
no flags
Details
Formatted Diff
Diff
Patch V1
(5.05 KB, patch)
2010-11-25 19:15 PST
,
Kenichi Ishibashi
no flags
Details
Formatted Diff
Diff
Patch V2
(7.08 KB, patch)
2010-11-25 20:14 PST
,
Kenichi Ishibashi
no flags
Details
Formatted Diff
Diff
Show Obsolete
(2)
View All
Add attachment
proposed patch, testcase, etc.
Kenichi Ishibashi
Comment 1
2010-11-25 18:21:34 PST
Created
attachment 74898
[details]
Patch
Kent Tamura
Comment 2
2010-11-25 18:36:58 PST
Comment on
attachment 74898
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=74898&action=review
> LayoutTests/fast/forms/script-tests/output-reset-assertion-failed.js:10 > +form.reset(); > +
We had better have testPassed('Not crashed'); or something.
> WebCore/html/HTMLOutputElement.cpp:91 > + if (m_isSetTextContentInProgress) > + return;
Really? Does an HTML page have a change to call reset() before clearing m_isSetTextContentInProgress?
Kenichi Ishibashi
Comment 3
2010-11-25 19:10:17 PST
Comment on
attachment 74898
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=74898&action=review
Thank you for prompt review. I'll revise the patch soon.
>> LayoutTests/fast/forms/script-tests/output-reset-assertion-failed.js:10 >> + > > We had better have > testPassed('Not crashed'); > or something.
Done.
>> WebCore/html/HTMLOutputElement.cpp:91 >> + return; > > Really? > Does an HTML page have a change to call reset() before clearing m_isSetTextContentInProgress?
I completely misunderstood the cause. The cause is there is no chance to clear the flag when the value and the default value are the same. Thank you for letting me aware of that.
Kenichi Ishibashi
Comment 4
2010-11-25 19:15:36 PST
Created
attachment 74899
[details]
Patch V1
Kent Tamura
Comment 5
2010-11-25 19:20:57 PST
Probably the same reason, <output value=foo></output> var o = document.getElementsByTagName('output')[0] o.value = ""; o.value = ""; causes an assertion failure.
Kent Tamura
Comment 6
2010-11-25 19:24:12 PST
(In reply to
comment #5
)
> Probably the same reason, > > <output value=foo></output> > > var o = document.getElementsByTagName('output')[0] > o.value = ""; > o.value = "";
o.value = ""; o.value = "foo"; also fails.
Kenichi Ishibashi
Comment 7
2010-11-25 20:14:51 PST
Created
attachment 74900
[details]
Patch V2
Kenichi Ishibashi
Comment 8
2010-11-25 20:16:14 PST
Kent-san, Thanks a lot for another cases. I've revised the patch. (In reply to
comment #6
)
> (In reply to
comment #5
) > > Probably the same reason, > > > > <output value=foo></output> > > > > var o = document.getElementsByTagName('output')[0] > > o.value = ""; > > o.value = ""; > > o.value = ""; > o.value = "foo"; > > also fails.
Kent Tamura
Comment 9
2010-11-25 20:24:54 PST
Comment on
attachment 74900
[details]
Patch V2 Looks ok. Thanks.
WebKit Commit Bot
Comment 10
2010-11-25 20:52:40 PST
The commit-queue encountered the following flaky tests while processing
attachment 74900
[details]
: fast/profiler/throw-exception-from-eval.html Please file bugs against the tests. These tests were authored by
kmccullough@apple.com
,
oliver@apple.com
, and
timothy@apple.com
. The commit-queue is continuing to process your patch.
WebKit Commit Bot
Comment 11
2010-11-25 20:57:48 PST
Comment on
attachment 74900
[details]
Patch V2 Clearing flags on attachment: 74900 Committed
r72750
: <
http://trac.webkit.org/changeset/72750
>
WebKit Commit Bot
Comment 12
2010-11-25 20:57:53 PST
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug