RESOLVED FIXED 58976
[GTK] fast/events/overflow-viewport-renderer-deleted.html crashes 
https://bugs.webkit.org/show_bug.cgi?id=58976
Summary [GTK] fast/events/overflow-viewport-renderer-deleted.html crashes
Philippe Normand
Reported 2011-04-20 02:57:30 PDT
Test added in http://trac.webkit.org/changeset/84300 (no bug associated btw) crashes on GTK: #0 0x00002b484b15d9b0 in WebCore::Node::document (this=0x0) at ../../Source/WebCore/dom/Node.h:361 361 ASSERT(this); Thread 1 (Thread 22481): #0 0x00002b484b15d9b0 in WebCore::Node::document (this=0x0) at ../../Source/WebCore/dom/Node.h:361 #1 0x00002b484b55090a in WebCore::Element::innerText (this=0x0) at ../../Source/WebCore/dom/Element.cpp:1610 #2 0x00002b484b1f4c53 in DumpRenderTreeSupportGtk::getInnerText (frame=0x1796b60) at ../../Source/WebKit/gtk/WebCoreSupport/DumpRenderTreeSupportGtk.cpp:191 #3 0x0000000000420029 in dumpFramesAsText (frame=0x1796b60) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:271 #4 0x0000000000420dec in dump () at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:534 #5 0x00000000004218a7 in webViewLoadFinished (view=0x178c030, frame=0x1796b60) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:785 #6 0x00002b484f78333e in g_closure_invoke (closure=0x17f1190, return_value=0x0, n_param_values=2, param_values=0x8ef3cf0, invocation_hint=0x7ffff81544c0) at /tmp/buildd/glib2.0-2.27.91/./gobject/gclosure.c:767 #7 0x00002b484f79c3b9 in signal_emit_unlocked_R (node=0x1729bf0, detail=<value optimized out>, instance=<value optimized out>, emission_return=<value optimized out>, instance_and_params=<value optimized out>) at /tmp/buildd/glib2.0-2.27.91/./gobject/gsignal.c:3252 #8 0x00002b484f79db36 in g_signal_emit_valist (instance=0x178c030, signal_id=<value optimized out>, detail=0, var_args=0x7ffff81546e0) at /tmp/buildd/glib2.0-2.27.91/./gobject/gsignal.c:2983 #9 0x00002b484f79de32 in g_signal_emit_by_name (instance=0x178c030, detailed_signal=<value optimized out>) at /tmp/buildd/glib2.0-2.27.91/./gobject/gsignal.c:3077 #10 0x00002b484b205a96 in WebKit::FrameLoaderClient::postProgressFinishedNotification (this=0x178e3c0) at ../../Source/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:443 #11 0x00002b484b88e6e6 in WebCore::ProgressTracker::finalProgressComplete (this=0x1795220) at ../../Source/WebCore/loader/ProgressTracker.cpp:155 #12 0x00002b484b88e593 in WebCore::ProgressTracker::progressCompleted (this=0x1795220, frame=0x179cc00) at ../../Source/WebCore/loader/ProgressTracker.cpp:134 #13 0x00002b484b8581a7 in WebCore::FrameLoader::checkLoadCompleteForThisFrame (this=0x179cca0) at ../../Source/WebCore/loader/FrameLoader.cpp:2472 #14 0x00002b484b858842 in WebCore::FrameLoader::recursiveCheckLoadComplete (this=0x179cca0) at ../../Source/WebCore/loader/FrameLoader.cpp:2580 #15 0x00002b484b8588f9 in WebCore::FrameLoader::checkLoadComplete (this=0x179cca0) at ../../Source/WebCore/loader/FrameLoader.cpp:2593 #16 0x00002b484b85751e in WebCore::FrameLoader::finishedLoading (this=0x179cca0) at ../../Source/WebCore/loader/FrameLoader.cpp:2240 #17 0x00002b484b889a0a in WebCore::MainResourceLoader::didFinishLoading (this=0x9601a40, finishTime=0) at ../../Source/WebCore/loader/MainResourceLoader.cpp:475 #18 0x00002b484b895cf9 in WebCore::ResourceLoader::didFinishLoading (this=0x9601a40, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:436 #19 0x00002b484b1c9b3c in WebCore::readCallback (source=0x2b485c1131e0, asyncResult=0x2b485c01cb00, data=0x0) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:779 #20 0x00002b484f49df65 in async_ready_callback_wrapper (source_object=0x2b485c1131e0, res=0x2b485c01cb00, user_data=0x0) at /tmp/buildd/glib2.0-2.27.91/./gio/ginputstream.c:470 #21 0x00002b484f4af628 in complete_in_idle_cb_for_thread (_data=<value optimized out>) at /tmp/buildd/glib2.0-2.27.91/./gio/gsimpleasyncresult.c:812 #22 0x00002b4850016362 in g_main_dispatch (context=0x1721a30) at /tmp/buildd/glib2.0-2.27.91/./glib/gmain.c:2440 #23 g_main_context_dispatch (context=0x1721a30) at /tmp/buildd/glib2.0-2.27.91/./glib/gmain.c:3013 #24 0x00002b485001aa28 in g_main_context_iterate (context=0x1721a30, block=<value optimized out>, dispatch=<value optimized out>, self=<value optimized out>) at /tmp/buildd/glib2.0-2.27.91/./glib/gmain.c:3091 #25 0x00002b485001af35 in g_main_loop_run (loop=0x991f7e0) at /tmp/buildd/glib2.0-2.27.91/./glib/gmain.c:3299 #26 0x00002b484df89657 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #27 0x0000000000421560 in runTest (testPathOrURL=...) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:702 #28 0x0000000000420bfd in runTestingServerLoop () at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:494 #29 0x0000000000422ebf in main (argc=2, argv=0x7ffff81558a8) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:1179
Attachments
Patch (2.83 KB, patch)
2011-04-20 13:23 PDT, Martin Robinson 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Philippe Normand
Comment 1 2011-04-20 03:02:57 PDT
Skipped in r84354
Martin Robinson
Comment 2 2011-04-20 13:23:08 PDT
I think we just need to return the empty string when the documentElement is null. Uploading a patch which I've confirmed fixes the crash locally.
Martin Robinson
Comment 3 2011-04-20 13:23:34 PDT
Created attachment 90396 [details] Patch
Xan Lopez
Comment 4 2011-04-22 17:28:20 PDT
Comment on attachment 90396 [details] Patch r=me
Martin Robinson
Comment 5 2011-04-22 17:31:03 PDT
Comment on attachment 90396 [details] Patch Clearing flags on attachment: 90396 Committed r84713: <http://trac.webkit.org/changeset/84713>
Martin Robinson
Comment 6 2011-04-22 17:31:06 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.