RESOLVED CONFIGURATION CHANGED 57495
CRASH in WebCore::Page::scrollableAreaSet 
https://bugs.webkit.org/show_bug.cgi?id=57495
Summary CRASH in WebCore::Page::scrollableAreaSet
Xan Lopez
Reported 2011-03-30 12:18:39 PDT
Steps to reproduce: 1) visit http://www.metafilter.com/101997/Theological-Clusterf 2) Click on "Who Goes to Hell?" link. 3) Wait for http://www.foxnews.com/opinion/2011/03/25/goes-hell/# to load 4) Press back. 5) Trace: Program received signal SIGSEGV, Segmentation fault. 0x00de7a38 in WTF::OwnPtr<WTF::HashSet<WebCore::ScrollableArea*, WTF::PtrHash<WebCore::ScrollableArea*>, WTF::HashTraits<WebCore::ScrollableArea*> > >::get (this=0xa8) at ../../Source/JavaScriptCore/wtf/OwnPtr.h:59 59 PtrType get() const { return m_ptr; } (gdb) bt #0 0x00de7a38 in WTF::OwnPtr<WTF::HashSet<WebCore::ScrollableArea*, WTF::PtrHash<WebCore::ScrollableArea*>, WTF::HashTraits<WebCore::ScrollableArea*> > >::get (this=0xa8) at ../../Source/JavaScriptCore/wtf/OwnPtr.h:59 #1 0x00de7a1c in WebCore::Page::scrollableAreaSet (this=0x0) at ../../Source/WebCore/page/Page.h:289 #2 0x00df924a in WebCore::FrameView::notifyPageThatContentAreaWillPaint (this=0x9e1ca88) at ../../Source/WebCore/page/FrameView.cpp:2078 #3 0x00ea9bc5 in WebCore::ScrollView::paint (this=0x9e1ca88, context=0xbfffb0a0, rect=...) at ../../Source/WebCore/platform/ScrollView.cpp:924 #4 0x0100ffed in WebCore::RenderWidget::paint (this=0x9ffafd4, paintInfo=..., tx=434, ty=448) at ../../Source/WebCore/rendering/RenderWidget.cpp:299 #5 0x00ef64a2 in WebCore::InlineBox::paint (this=0x957bfcc, paintInfo=..., tx=434, ty=448) at ../../Source/WebCore/rendering/InlineBox.cpp:184 #6 0x00efb095 in WebCore::InlineFlowBox::paint (this=0x957c004, paintInfo=..., tx=434, ty=448) at ../../Source/WebCore/rendering/InlineFlowBox.cpp:977 #7 0x0101584e in WebCore::RootInlineBox::paint (this=0x957c004, paintInfo=..., tx=434, ty=448) at ../../Source/WebCore/rendering/RootInlineBox.cpp:183 #8 0x00fab2b2 in WebCore::RenderLineBoxList::paint (this=0xa05cb44, renderer=0xa05cadc, paintInfo=..., tx=434, ty=448) at ../../Source/WebCore/rendering/RenderLineBoxList.cpp:257 #9 0x00f1b7a7 in WebCore::RenderBlock::paintContents (this=0xa05cadc, paintInfo=..., tx=434, ty=448) at ../../Source/WebCore/rendering/RenderBlock.cpp:2368 #10 0x00f1bfef in WebCore::RenderBlock::paintObject (this=0xa05cadc, paintInfo=..., tx=434, ty=448) at ../../Source/WebCore/rendering/RenderBlock.cpp:2478 #11 0x00f1af97 in WebCore::RenderBlock::paint (this=0xa05cadc, paintInfo=..., tx=434, ty=448) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258 #12 0x00fb075e in WebCore::RenderListItem::paint (this=0xa05cadc, paintInfo=..., tx=80, ty=444) at ../../Source/WebCore/rendering/RenderListItem.cpp:349 #13 0x00f1c76e in WebCore::RenderBlock::paintFloats (this=0xa058e14, paintInfo=..., tx=80, ty=444, preservePhase=false) at ../../Source/WebCore/rendering/RenderBlock.cpp:2566 #14 0x00f1c0dc in WebCore::RenderBlock::paintObject (this=0xa058e14, paintInfo=..., tx=80, ty=444) at ../../Source/WebCore/rendering/RenderBlock.cpp:2492 #15 0x00f1af97 in WebCore::RenderBlock::paint (this=0xa058e14, paintInfo=..., tx=80, ty=444) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258 #16 0x00f1bb3e in WebCore::RenderBlock::paintChildren (this=0x956c2c4, paintInfo=..., tx=80, ty=444) at ../../Source/WebCore/rendering/RenderBlock.cpp:2411 #17 0x00f1b7c9 in WebCore::RenderBlock::paintContents (this=0x956c2c4, paintInfo=..., tx=80, ty=444) at ../../Source/WebCore/rendering/RenderBlock.cpp:2370 #18 0x00f1bfef in WebCore::RenderBlock::paintObject (this=0x956c2c4, paintInfo=..., tx=80, ty=444) at ../../Source/WebCore/rendering/RenderBlock.cpp:2478 #19 0x00f1af97 in WebCore::RenderBlock::paint (this=0x956c2c4, paintInfo=..., tx=80, ty=444) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258 #20 0x00f1bb3e in WebCore::RenderBlock::paintChildren (this=0x8ed4a44, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2411 #21 0x00f1b7c9 in WebCore::RenderBlock::paintContents (this=0x8ed4a44, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2370 #22 0x00f1bfef in WebCore::RenderBlock::paintObject (this=0x8ed4a44, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2478 #23 0x00f1af97 in WebCore::RenderBlock::paint (this=0x8ed4a44, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258 #24 0x00f1bb3e in WebCore::RenderBlock::paintChildren (this=0x957e3ac, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2411 #25 0x00f1b7c9 in WebCore::RenderBlock::paintContents (this=0x957e3ac, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2370 #26 0x00f1bfef in WebCore::RenderBlock::paintObject (this=0x957e3ac, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2478 #27 0x00f1af97 in WebCore::RenderBlock::paint (this=0x957e3ac, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258 #28 0x00f1bb3e in WebCore::RenderBlock::paintChildren (this=0x957e00c, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2411 #29 0x00f1b7c9 in WebCore::RenderBlock::paintContents (this=0x957e00c, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2370 #30 0x00f1bfef in WebCore::RenderBlock::paintObject (this=0x957e00c, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2478 #31 0x00f1af97 in WebCore::RenderBlock::paint (this=0x957e00c, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258 #32 0x00f1c728 in WebCore::RenderBlock::paintFloats (this=0x957d634, paintInfo=..., tx=80, ty=326, preservePhase=false) at ../../Source/WebCore/rendering/RenderBlock.cpp:2564 #33 0x00f1c0dc in WebCore::RenderBlock::paintObject (this=0x957d634, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2492 #34 0x00f1af97 in WebCore::RenderBlock::paint (this=0x957d634, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258 #35 0x00f1bb3e in WebCore::RenderBlock::paintChildren (this=0x9577bfc, paintInfo=..., tx=68, ty=224) at ../../Source/WebCore/rendering/RenderBlock.cpp:2411 ---Type <return> to continue, or q <return> to quit--- #36 0x00f1b7c9 in WebCore::RenderBlock::paintContents (this=0x9577bfc, paintInfo=..., tx=68, ty=224) at ../../Source/WebCore/rendering/RenderBlock.cpp:2370 #37 0x00f1bfef in WebCore::RenderBlock::paintObject (this=0x9577bfc, paintInfo=..., tx=68, ty=224) at ../../Source/WebCore/rendering/RenderBlock.cpp:2478 #38 0x00f1af97 in WebCore::RenderBlock::paint (this=0x9577bfc, paintInfo=..., tx=68, ty=224) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258 #39 0x00f1bb3e in WebCore::RenderBlock::paintChildren (this=0x93defe4, paintInfo=..., tx=0, ty=0) at ../../Source/WebCore/rendering/RenderBlock.cpp:2411 #40 0x00f1b7c9 in WebCore::RenderBlock::paintContents (this=0x93defe4, paintInfo=..., tx=0, ty=0) at ../../Source/WebCore/rendering/RenderBlock.cpp:2370 #41 0x00f1bfef in WebCore::RenderBlock::paintObject (this=0x93defe4, paintInfo=..., tx=0, ty=0) at ../../Source/WebCore/rendering/RenderBlock.cpp:2478 #42 0x00f1af97 in WebCore::RenderBlock::paint (this=0x93defe4, paintInfo=..., tx=0, ty=0) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258 #43 0x00f1bb3e in WebCore::RenderBlock::paintChildren (this=0x8fa1b0c, paintInfo=..., tx=0, ty=0) at ../../Source/WebCore/rendering/RenderBlock.cpp:2411 #44 0x00f1b7c9 in WebCore::RenderBlock::paintContents (this=0x8fa1b0c, paintInfo=..., tx=0, ty=0) at ../../Source/WebCore/rendering/RenderBlock.cpp:2370 #45 0x00f1bfef in WebCore::RenderBlock::paintObject (this=0x8fa1b0c, paintInfo=..., tx=0, ty=0) at ../../Source/WebCore/rendering/RenderBlock.cpp:2478 #46 0x00f1af97 in WebCore::RenderBlock::paint (this=0x8fa1b0c, paintInfo=..., tx=0, ty=0) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258 #47 0x00f9eb5b in WebCore::RenderLayer::paintLayer (this=0x90ec014, rootLayer=0x90e83fc, p=0xbfffb0a0, paintDirtyRect=..., paintBehavior=0, paintingRoot= 0x0, overlapTestRequests=0xbfffae98, paintFlags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:2552 #48 0x00f9eff3 in WebCore::RenderLayer::paintList (this=0x90e83fc, list=0x9116230, rootLayer=0x90e83fc, p=0xbfffb0a0, paintDirtyRect=..., paintBehavior=0, paintingRoot=0x0, overlapTestRequests=0xbfffae98, paintFlags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:2614 #49 0x00f9ed7d in WebCore::RenderLayer::paintLayer (this=0x90e83fc, rootLayer=0x90e83fc, p=0xbfffb0a0, paintDirtyRect=..., paintBehavior=0, paintingRoot=0x0, overlapTestRequests=0xbfffae98, paintFlags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:2576 #50 0x00f9df77 in WebCore::RenderLayer::paint (this=0x90e83fc, p=0xbfffb0a0, damageRect=..., paintBehavior=0, paintingRoot=0x0) at ../../Source/WebCore/rendering/RenderLayer.cpp:2349 #51 0x00df9ef1 in WebCore::FrameView::paintContents (this=0x90d64f8, p=0xbfffb0a0, rect=...) at ../../Source/WebCore/page/FrameView.cpp:2303 #52 0x00ea9d68 in WebCore::ScrollView::paint (this=0x90d64f8, context=0xbfffb0a0, rect=...) at ../../Source/WebCore/platform/ScrollView.cpp:941 #53 0x007cf57f in paintWebView (frame=0x8984200, transparent=0, context=..., clipRect=..., rects=WTF::Vector of length 2, capacity 16 = {...}) at ../../Source/WebKit/gtk/webkit/webkitwebview.cpp:684 #54 0x007cf833 in webkit_web_view_draw (widget=0x8972000, cr=0x31ed6e0) at ../../Source/WebKit/gtk/webkit/webkitwebview.cpp:751 #55 0x02deb1e2 in _gtk_marshal_BOOLEAN__BOXED (closure=0x8175360, return_value=0xbfffb2f0, n_param_values=2, param_values=0xaf8025b8, invocation_hint=0xbfffb30c, marshal_data=0x7cf69d) at gtkmarshalers.c:85 #56 0x02f74c36 in gtk_widget_draw_marshaller (closure=0x8175360, return_value=0xbfffb2f0, n_param_values=2, param_values=0xaf8025b8, invocation_hint=0xbfffb30c, marshal_data=0x7cf69d) at gtkwidget.c:797 #57 0x036f8d3e in g_type_class_meta_marshal (closure=0x8175360, return_value=0xbfffb2f0, n_param_values=2, param_values=0xaf8025b8, invocation_hint=0xbfffb30c, marshal_data=0x90) at gclosure.c:878 #58 0x036f8a2d in g_closure_invoke (closure=0x8175360, return_value=0xbfffb2f0, n_param_values=2, param_values=0xaf8025b8, invocation_hint=0xbfffb30c) at gclosure.c:767 #59 0x0371154e in signal_emit_unlocked_R (node=0x81754e8, detail=0, instance=0x8972000, emission_return=0xbfffb42c, instance_and_params=0xaf8025b8) at gsignal.c:3294 #60 0x03710764 in g_signal_emit_valist (instance=0x8972000, signal_id=34, detail=0, var_args=0xbfffb500 "8\265\377\277") at gsignal.c:2997 #61 0x037109c4 in g_signal_emit (instance=0x8972000, signal_id=34, detail=0) at gsignal.c:3044 #62 0x02f7d9f7 in _gtk_widget_draw_internal (widget=0x8972000, cr=0x31ed6e0, clip_to_size=1) at gtkwidget.c:5668 #63 0x02f7e1a0 in gtk_widget_send_expose (widget=0x8972000, event=0xbfffb65c) at gtkwidget.c:5915 #64 0x02de9c85 in gtk_main_do_event (event=0xbfffb65c) at gtkmain.c:1797 #65 0x0031f129 in _gdk_event_emit (event=0xbfffb65c) at gdkevents.c:71 ---Type <return> to continue, or q <return> to quit--- #66 0x0032c7eb in _gdk_window_process_updates_recurse (window=0x8d9c680, expose_region=0x9b64780) at gdkwindow.c:3856 #67 0x0032c70a in _gdk_window_process_updates_recurse (window=0x8d9c5d0, expose_region=0x92affa0) at gdkwindow.c:3829 #68 0x0032c70a in _gdk_window_process_updates_recurse (window=0x8437520, expose_region=0x8fe1990) at gdkwindow.c:3829 #69 0x0036ac01 in gdk_x11_window_process_updates_recurse (window=0x8437520, region=0x8fe1990) at gdkwindow-x11.c:4667 #70 0x0032ca6d in gdk_window_process_updates_internal (window=0x8437520) at gdkwindow.c:4012 #71 0x0032cec5 in gdk_window_process_updates (window=0x8d9c680, update_children=1) at gdkwindow.c:4208 #72 0x00793b83 in WebKit::ChromeClient::invalidateWindow (this=0x81f45a8, immediate=true) at ../../Source/WebKit/gtk/WebCoreSupport/ChromeClientGtk.cpp:384 #73 0x00dbccfb in WebCore::Chrome::invalidateWindow (this=0x897f378, updateRect=..., immediate=true) at ../../Source/WebCore/page/Chrome.cpp:72 #74 0x00ea8ad7 in WebCore::ScrollView::scrollContents (this=0x90d64f8, scrollDelta=...) at ../../Source/WebCore/platform/ScrollView.cpp:654 #75 0x00ea73d9 in WebCore::ScrollView::scrollTo (this=0x90d64f8, newOffset=...) at ../../Source/WebCore/platform/ScrollView.cpp:361 #76 0x00df8f4d in WebCore::FrameView::scrollTo (this=0x90d64f8, newOffset=...) at ../../Source/WebCore/page/FrameView.cpp:2030 #77 0x00ea7331 in WebCore::ScrollView::setScrollOffset (this=0x90d64f8, offset=...) at ../../Source/WebCore/platform/ScrollView.cpp:347 #78 0x00ea2962 in WebCore::ScrollableArea::setScrollOffsetFromAnimation (this=0x90d6520, offset=...) at ../../Source/WebCore/platform/ScrollableArea.cpp:129 #79 0x00ea2517 in WebCore::ScrollAnimator::notityPositionChanged (this=0x90c2ac8) at ../../Source/WebCore/platform/ScrollAnimator.cpp:129 #80 0x00ea20ca in WebCore::ScrollAnimator::scrollToOffsetWithoutAnimation (this=0x90c2ac8, offset=...) at ../../Source/WebCore/platform/ScrollAnimator.cpp:80 #81 0x00ea27f1 in WebCore::ScrollableArea::scrollToOffsetWithoutAnimation (this=0x90d6520, offset=...) at ../../Source/WebCore/platform/ScrollableArea.cpp:93 #82 0x00ea2907 in WebCore::ScrollableArea::scrollToYOffsetWithoutAnimation (this=0x90d6520, y=0) at ../../Source/WebCore/platform/ScrollableArea.cpp:111 #83 0x00ea2832 in WebCore::ScrollableArea::scrollToOffsetWithoutAnimation (this=0x90d6520, orientation=WebCore::VerticalScrollbar, offset=0) at ../../Source/WebCore/platform/ScrollableArea.cpp:101 #84 0x00749eb6 in WebCore::MainFrameScrollbarGtk::gtkValueChanged (that=0x924b500) at ../../Source/WebCore/platform/gtk/MainFrameScrollbarGtk.cpp:124 #85 0x03711b88 in g_cclosure_marshal_VOID__VOID (closure=0x9562188, return_value=0x0, n_param_values=1, param_values=0xb1005138, invocation_hint=0xbfffbd0c, marshal_data=0x0) at gmarshal.c:79 #86 0x036f8a2d in g_closure_invoke (closure=0x9562188, return_value=0x0, n_param_values=1, param_values=0xb1005138, invocation_hint=0xbfffbd0c) at gclosure.c:767 #87 0x03711389 in signal_emit_unlocked_R (node=0x83b9590, detail=0, instance=0x8445ed8, emission_return=0x0, instance_and_params=0xb1005138) at gsignal.c:3256 #88 0x037106d8 in g_signal_emit_valist (instance=0x8445ed8, signal_id=309, detail=0, var_args=0xbfffbefc "(\277\377\277P!E\t\330^D\b\300 \030\b\001") at gsignal.c:2987 #89 0x037109c4 in g_signal_emit (instance=0x8445ed8, signal_id=309, detail=0) at gsignal.c:3044 #90 0x02cc5641 in gtk_adjustment_value_changed (adjustment=0x8445ed8) at gtkadjustment.c:764 #91 0x02cc54de in gtk_adjustment_configure (adjustment=0x8445ed8, value=0, lower=0, upper=0, step_increment=40, page_increment=552, page_size=631) at gtkadjustment.c:732 #92 0x00749e01 in WebCore::MainFrameScrollbarGtk::updateThumbProportion (this=0x8fb1d98) at ../../Source/WebCore/platform/gtk/MainFrameScrollbarGtk.cpp:109 #93 0x00749b4c in WebCore::MainFrameScrollbarGtk::attachAdjustment (this=0x8fb1d98, adjustment=0x8445ed8) at ../../Source/WebCore/platform/gtk/MainFrameScrollbarGtk.cpp:72 #94 0x0075e750 in WebCore::ScrollView::setVerticalAdjustment (this=0x8e12e28, vadj=0x8445ed8, resetValues=false) at ../../Source/WebCore/platform/gtk/ScrollViewGtk.cpp:142 #95 0x0075e9b0 in WebCore::ScrollView::setGtkAdjustments (this=0x8e12e28, hadj=0x8445950, vadj=0x8445ed8, resetValues=false) ---Type <return> to continue, or q <return> to quit--- at ../../Source/WebCore/platform/gtk/ScrollViewGtk.cpp:163 #96 0x007add5e in WebKit::postCommitFrameViewSetup (frame=0x896faf0, view=0x8e12e28, resetValues=false) at ../../Source/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:1361 #97 0x007adeb4 in WebKit::FrameLoaderClient::transitionToCommittedFromCachedFrame (this=0x8981f58, cachedFrame=0x90d5ce8) at ../../Source/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:1386 #98 0x00d57e6c in WebCore::FrameLoader::transitionToCommitted (this=0x8984260, cachedPage=...) at ../../Source/WebCore/loader/FrameLoader.cpp:2039 #99 0x00d574c4 in WebCore::FrameLoader::commitProvisionalLoad (this=0x8984260) at ../../Source/WebCore/loader/FrameLoader.cpp:1905 #100 0x00d5c282 in WebCore::FrameLoader::loadProvisionalItemFromCachedPage (this=0x8984260) at ../../Source/WebCore/loader/FrameLoader.cpp:3160 #101 0x00d5b7ab in WebCore::FrameLoader::continueLoadAfterNavigationPolicy (this=0x8984260, formState=..., shouldContinue=true) at ../../Source/WebCore/loader/FrameLoader.cpp:3031 #102 0x00d5b04a in WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy (argument=0x8984260, request=..., formState=..., shouldContinue=true) at ../../Source/WebCore/loader/FrameLoader.cpp:2911 #103 0x00d88562 in WebCore::PolicyChecker::checkNavigationPolicy (this=0x8984268, request=..., loader=0x8e0da28, formState=..., function=0xd5aff8 <WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>, argument=0x8984260) at ../../Source/WebCore/loader/PolicyChecker.cpp:68 #104 0x00d559fa in WebCore::FrameLoader::loadWithDocumentLoader (this=0x8984260, loader=0x8e0da28, type=WebCore::FrameLoadTypeBack, prpFormState=...) at ../../Source/WebCore/loader/FrameLoader.cpp:1526 #105 0x00d5c692 in WebCore::FrameLoader::loadDifferentDocumentItem (this=0x8984260, item=0x82246b8, loadType=WebCore::FrameLoadTypeBack) at ../../Source/WebCore/loader/FrameLoader.cpp:3218 #106 0x00d5cd10 in WebCore::FrameLoader::loadItem (this=0x8984260, item=0x82246b8, loadType=WebCore::FrameLoadTypeBack) at ../../Source/WebCore/loader/FrameLoader.cpp:3317 #107 0x00d688de in WebCore::HistoryController::recursiveGoToItem (this=0x8984388, item=0x82246b8, fromItem=0x90d63c8, type=WebCore::FrameLoadTypeBack) at ../../Source/WebCore/loader/HistoryController.cpp:694 #108 0x00d66c11 in WebCore::HistoryController::goToItem (this=0x8984388, targetItem=0x82246b8, type=WebCore::FrameLoadTypeBack) at ../../Source/WebCore/loader/HistoryController.cpp:261 #109 0x00e0441e in WebCore::Page::goToItem (this=0x897e4f0, item=0x82246b8, type=WebCore::FrameLoadTypeBack) at ../../Source/WebCore/page/Page.cpp:345 #110 0x00e04122 in WebCore::Page::goBack (this=0x897e4f0) at ../../Source/WebCore/page/Page.cpp:282 #111 0x007d7a97 in webkit_web_view_go_back (webView=0x8972000) at ../../Source/WebKit/gtk/webkit/webkitwebview.cpp:3835 #112 0x08097625 in action_activate (action=0x81fc8e8) at ../../src/ephy-navigation-history-action.c:298 #113 0x03711b88 in g_cclosure_marshal_VOID__VOID (closure=0x81a9378, return_value=0x0, n_param_values=1, param_values=0xb1002a20, invocation_hint=0xbfffcbcc, marshal_data=0x80974d0) at gmarshal.c:79 #114 0x036f8d3e in g_type_class_meta_marshal (closure=0x81a9378, return_value=0x0, n_param_values=1, param_values=0xb1002a20, invocation_hint=0xbfffcbcc, marshal_data=0x44) at gclosure.c:878 #115 0x036f8a2d in g_closure_invoke (closure=0x81a9378, return_value=0x0, n_param_values=1, param_values=0xb1002a20, invocation_hint=0xbfffcbcc) at gclosure.c:767 #116 0x0371100a in signal_emit_unlocked_R (node=0x81a93c0, detail=0, instance=0x81fc8e8, emission_return=0x0, instance_and_params=0xb1002a20) at gsignal.c:3186 #117 0x037106d8 in g_signal_emit_valist (instance=0x81fc8e8, signal_id=183, detail=0, var_args=0xbfffcdbc "") at gsignal.c:2987 #118 0x037109c4 in g_signal_emit (instance=0x81fc8e8, signal_id=183, detail=0) at gsignal.c:3044 #119 0x02cbe81c in _gtk_action_emit_activate (action=0x81fc8e8) at gtkaction.c:799 ---Type <return> to continue, or q <return> to quit--- #120 0x02cbe8fd in gtk_action_activate (action=0x81fc8e8) at gtkaction.c:829 #121 0x02f0b9a3 in button_clicked (widget=0x835a670, button=0x81288e0) at gtktoolbutton.c:781 #122 0x03711b88 in g_cclosure_marshal_VOID__VOID (closure=0x838dc18, return_value=0x0, n_param_values=1, param_values=0xb6606420, invocation_hint=0xbfffcf3c, marshal_data=0x0) at gmarshal.c:79 #123 0x036f8a2d in g_closure_invoke (closure=0x838dc18, return_value=0x0, n_param_values=1, param_values=0xb6606420, invocation_hint=0xbfffcf3c) at gclosure.c:767 #124 0x03711389 in signal_emit_unlocked_R (node=0x817fad8, detail=0, instance=0x835a670, emission_return=0x0, instance_and_params=0xb6606420) at gsignal.c:3256 #125 0x037106d8 in g_signal_emit_valist (instance=0x835a670, signal_id=104, detail=0, var_args=0xbfffd12c "v\262q\003\320\345\023\bp\246\065\b\320\345\023\b\001") at gsignal.c:2987 #126 0x037109c4 in g_signal_emit (instance=0x835a670, signal_id=104, detail=0) at gsignal.c:3044 #127 0x02ce85cb in gtk_button_clicked (button=0x835a670) at gtkbutton.c:1194 #128 0x02ce9aea in gtk_real_button_released (button=0x835a670) at gtkbutton.c:1827 #129 0x03711b88 in g_cclosure_marshal_VOID__VOID (closure=0x817fa28, return_value=0x0, n_param_values=1, param_values=0x90c99b0, invocation_hint=0xbfffd2bc, marshal_data=0x2ce9a91) at gmarshal.c:79 #130 0x036f8d3e in g_type_class_meta_marshal (closure=0x817fa28, return_value=0x0, n_param_values=1, param_values=0x90c99b0, invocation_hint=0xbfffd2bc, marshal_data=0x1fc) at gclosure.c:878 #131 0x036f8a2d in g_closure_invoke (closure=0x817fa28, return_value=0x0, n_param_values=1, param_values=0x90c99b0, invocation_hint=0xbfffd2bc) at gclosure.c:767 #132 0x0371100a in signal_emit_unlocked_R (node=0x817fa68, detail=0, instance=0x835a670, emission_return=0x0, instance_and_params=0x90c99b0) at gsignal.c:3186 #133 0x037106d8 in g_signal_emit_valist (instance=0x835a670, signal_id=103, detail=0, var_args=0xbfffd4ac "v\262q\003\320\345\023\bp\246\065\b\320\345\023\b\001") at gsignal.c:2987 #134 0x037109c4 in g_signal_emit (instance=0x835a670, signal_id=103, detail=0) at gsignal.c:3044 #135 0x02ce851b in gtk_button_released (button=0x835a670) at gtkbutton.c:1180 #136 0x02ce97ff in gtk_button_button_release (widget=0x835a670, event=0xa183170) at gtkbutton.c:1719 #137 0x02deb1e2 in _gtk_marshal_BOOLEAN__BOXED (closure=0x8175868, return_value=0xbfffd630, n_param_values=2, param_values=0x9113828, invocation_hint=0xbfffd64c, marshal_data=0x2ce97c0) at gtkmarshalers.c:85 #138 0x036f8d3e in g_type_class_meta_marshal (closure=0x8175868, return_value=0xbfffd630, n_param_values=2, param_values=0x9113828, invocation_hint=0xbfffd64c, marshal_data=0xc4) at gclosure.c:878 #139 0x036f8a2d in g_closure_invoke (closure=0x8175868, return_value=0xbfffd630, n_param_values=2, param_values=0x9113828, invocation_hint=0xbfffd64c) at gclosure.c:767 #140 0x0371154e in signal_emit_unlocked_R (node=0x8175a80, detail=0, instance=0x835a670, emission_return=0xbfffd76c, instance_and_params=0x9113828) at gsignal.c:3294 #141 0x03710764 in g_signal_emit_valist (instance=0x835a670, signal_id=43, detail=0, var_args=0xbfffd840 "X\330\377\277\320\065\027\b\001") at gsignal.c:2997 #142 0x037109c4 in g_signal_emit (instance=0x835a670, signal_id=43, detail=0) at gsignal.c:3044 #143 0x02f7e4ab in gtk_widget_event_internal (widget=0x835a670, event=0xa183170) at gtkwidget.c:6078 #144 0x02f7dd39 in gtk_widget_event (widget=0x835a670, event=0xa183170) at gtkwidget.c:5794 #145 0x02deb07c in gtk_propagate_event (widget=0x835a670, event=0xa183170) at gtkmain.c:2597 ---Type <return> to continue, or q <return> to quit--- #146 0x02de9e6b in gtk_main_do_event (event=0xa183170) at gtkmain.c:1872 #147 0x0031f129 in _gdk_event_emit (event=0xa183170) at gdkevents.c:71 #148 0x00352254 in gdk_event_source_dispatch (source=0x811cb60, callback=0, user_data=0x0) at gdkeventsource.c:318 #149 0x0379394f in g_main_dispatch (context=0x8133e78) at gmain.c:2440 #150 0x03794cb3 in g_main_context_dispatch (context=0x8133e78) at gmain.c:3013 #151 0x03795108 in g_main_context_iterate (context=0x8133e78, block=1, dispatch=1, self=0x8112388) at gmain.c:3091 #152 0x03795871 in g_main_loop_run (loop=0x8197e58) at gmain.c:3299 #153 0x02de95b5 in gtk_main () at gtkmain.c:1358 #154 0x0806d996 in main (argc=1, argv=0xbfffec34) at ../../src/ephy-main.c:747 (gdb)
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2011-03-30 15:01:30 PDT
I can't reproduce with a (somewhat dated) local build of r82154 (with Safari).
Beth Dakin
Comment 2 2011-03-30 17:14:28 PDT
(In reply to comment #1) > I can't reproduce with a (somewhat dated) local build of r82154 (with Safari). I also could not reproduce this crash. I was using WebKit trunk 82400 with Safari.
Martin Robinson
Comment 3 2011-06-15 18:18:41 PDT
I just saw this crash in the 1.4.x WebKitGTK+ stable branch. Have you seen this crash recently Xan?
Robin Cao
Comment 4 2012-02-02 22:57:54 PST
<http://trac.webkit.org/changeset/104260> adds a null-check, so this crash will not happen again.
Ahmad Saleem
Comment 5 2023-01-07 10:04:31 PST
(In reply to Robin Cao from comment #4) > <http://trac.webkit.org/changeset/104260> adds a null-check, so this crash > will not happen again. After this, do we need to do something more here? Thanks! Since Comment 01 and Comment 02 also mention that it was not reproducible. Thanks!
Ahmad Saleem
Comment 6 2023-02-08 15:47:13 PST
Marking this as "RESOLVED CONFIGURATION CHANGED", please reopen if something else is needed.
Note You need to log in before you can comment on or make changes to this bug.