59793 – ASSERT/crash when dispatching an event

RESOLVED INVALID 59793

ASSERT/crash when dispatching an event

https://bugs.webkit.org/show_bug.cgi?id=59793

Summary ASSERT/crash when dispatching an event

Dean Jackson

Reported 2011-04-29 06:02:04 PDT

I'm triggering an ASSERT, and sometimes a crash when dispatching an event (eg in LayoutTests/animations/animation-drt-api-multiple-keyframes.html but really anything that attaches an event listener) In JSEventListener::jsFunction I'm hitting this ASSERT(!m_jsFunction || static_cast<JSC::JSCell*>(m_jsFunction.get())->isObject()); or crashing here. Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000001010ab209 JSC::asObject(JSC::JSCell*) + 69 (JSObject.h:396) 1 com.apple.WebCore 0x000000010164878f JSC::JSCell::fastGetOwnPropertySlot(JSC::ExecState*, JSC::Identifier const&, JSC::PropertySlot&) + 65 (JSObject.h:511) 2 com.apple.WebCore 0x000000010164880d JSC::JSObject::getPropertySlot(JSC::ExecState*, JSC::Identifier const&, JSC::PropertySlot&) + 53 (JSObject.h:521) 3 com.apple.WebCore 0x0000000101648897 JSC::JSObject::get(JSC::ExecState*, JSC::Identifier const&) const + 67 (JSObject.h:546) 4 com.apple.WebCore 0x0000000101702289 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 517 (JSEventListener.cpp:97) 5 com.apple.WebCore 0x00000001013bc55e WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 296 (EventTarget.cpp:345) 6 com.apple.WebCore 0x00000001013bcb8d WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 333 (EventTarget.cpp:330) 7 com.apple.WebCore 0x000000010198de47 WebCore::Node::handleLocalEvents(WebCore::Event*) + 159 (Node.cpp:2729) 8 com.apple.WebCore 0x00000001013a1cbd WebCore::EventDispatcher::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 1103 (EventDispatcher.cpp:315) 9 com.apple.WebCore 0x00000001013a054d WebCore::EventDispatchMediator::dispatchEvent(WebCore::EventDispatcher*) const + 55 (Event.cpp:313) 10 com.apple.WebCore 0x00000001013a138b WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WebCore::EventDispatchMediator const&) + 117 (EventDispatcher.cpp:59) 11 com.apple.WebCore 0x000000010198dd54 WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 56 (Node.cpp:2738) 12 com.apple.WebCore 0x0000000101034369 WebCore::AnimationControllerPrivate::fireEventsAndUpdateStyle() + 415 (AnimationController.cpp:155) 13 com.apple.WebCore 0x000000010103448c WebCore::AnimationControllerPrivate::animationTimerFired(WebCore::Timer<WebCore::AnimationControllerPrivate>*) + 56 (AnimationController.cpp:210) 14 com.apple.WebCore 0x0000000101035401 WebCore::Timer<WebCore::AnimationControllerPrivate>::fired() + 113 (Timer.h:100) 15 com.apple.WebCore 0x0000000101d707d2 WebCore::ThreadTimers::sharedTimerFiredInternal() + 204 (ThreadTimers.cpp:115) 16 com.apple.WebCore 0x0000000101d709e5 WebCore::ThreadTimers::sharedTimerFired() + 25 (ThreadTimers.cpp:91) When I debug it seems the Node is fine. I'm not sure what caused the function to disappear. Here's another one from fast/events/before-unload-adopt-subframe-to-outside.html Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef Crashed Thread: 0 Dispatch queue: com.apple.main-thread Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x00000001010ab209 JSC::asObject(JSC::JSCell*) + 69 (JSObject.h:396) 1 com.apple.WebCore 0x000000010164878f JSC::JSCell::fastGetOwnPropertySlot(JSC::ExecState*, JSC::Identifier const&, JSC::PropertySlot&) + 65 (JSObject.h:511) 2 com.apple.WebCore 0x000000010164880d JSC::JSObject::getPropertySlot(JSC::ExecState*, JSC::Identifier const&, JSC::PropertySlot&) + 53 (JSObject.h:521) 3 com.apple.WebCore 0x0000000101648897 JSC::JSObject::get(JSC::ExecState*, JSC::Identifier const&) const + 67 (JSObject.h:546) 4 com.apple.WebCore 0x0000000101702289 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 517 (JSEventListener.cpp:97) 5 com.apple.WebCore 0x00000001013bc55e WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 296 (EventTarget.cpp:345) 6 com.apple.WebCore 0x00000001013bcb8d WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 333 (EventTarget.cpp:330) 7 com.apple.WebCore 0x0000000101358b6b WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 245 (DOMWindow.cpp:1592) 8 com.apple.WebCore 0x000000010141e720 WebCore::FrameLoader::fireBeforeUnloadEvent(WebCore::Chrome*) + 242 (FrameLoader.cpp:2964) 9 com.apple.WebCore 0x000000010141e99f WebCore::FrameLoader::shouldClose() + 339 (FrameLoader.cpp:2941) 10 com.apple.WebCore 0x0000000101427f5a WebCore::FrameLoader::continueLoadAfterNavigationPolicy(WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 240 (FrameLoader.cpp:2989) 11 com.apple.WebCore 0x000000010142825e WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool) + 68 (FrameLoader.cpp:2917) 12 com.apple.WebCore 0x00000001019f4d89 WebCore::PolicyCallback::call(bool) + 107 (PolicyCallback.cpp:103) 13 com.apple.WebCore 0x00000001019f5967 WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction) + 445 (PolicyChecker.cpp:160) 14 com.apple.WebKit 0x0000000100a64193 WebFrameLoaderClient::receivedPolicyDecison(WebCore::PolicyAction) + 323 (WebFrameLoaderClient.mm:1340) 15 com.apple.WebKit 0x0000000100a64228 -[WebFramePolicyListener receivedPolicyDecision:] + 147 (WebFrameLoaderClient.mm:2077) 16 com.apple.WebKit 0x0000000100a60590 -[WebFramePolicyListener use] + 37 (WebFrameLoaderClient.mm:2093) 17 com.apple.WebKit 0x0000000100a41db2 -[WebDefaultPolicyDelegate webView:decidePolicyForNavigationAction:request:frame:decisionListener:] + 162 (WebDefaultPolicyDelegate.m:87) 18 com.apple.CoreFoundation 0x00007fff835d196c __invoking___ + 140 19 com.apple.CoreFoundation 0x00007fff835d183d -[NSInvocation invoke] + 141

Attachments
Add attachment proposed patch, testcase, etc.

Dean Jackson

Comment 1 2011-04-29 07:09:34 PDT

Ignore this. Updated and all works fine.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution INVALID

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Mac

OS OS X 10.5

Product WebKit

Component UI Events

Assignee

Nobody

Reported

2011-04-29 06:02 PDT

Modified

2011-04-29 07:09 PDT History

CC List

0 users

URL

Keywords

Depends on

Blocks