60808 – Crash (preceded by assertion failure in Document::updateStyleIfNeeded) on http://javatester.org/enabled.html

RESOLVED WONTFIX 60808

Crash (preceded by assertion failure in Document::updateStyleIfNeeded) on http://javatester.org/enabled.html

https://bugs.webkit.org/show_bug.cgi?id=60808

Summary Crash (preceded by assertion failure in Document::updateStyleIfNeeded) on htt...

Adam Roben (:aroben)

Reported 2011-05-13 14:59:29 PDT

To reproduce: 1. Install Java 6 Update 3 from http://java.sun.com/products/archive/j2se/6u3/index.html 2. Go to http://javatester.org/enabled.html You'll first hit an assertion failure in Document::updateStyleIfNeeded, then sometime later you'll crash. It looks like Java is spinning a nested message loop which is causing WebCore Timers to fire at unexpected times. Here's the backtrace of the asertion failure: > WebKit.dll!WebCore::Document::updateStyleIfNeeded() Line 1576 C++ WebKit.dll!WebCore::RenderView::selectionBounds(bool clipToVisibleContent=true) Line 345 + 0x26 bytes C++ WebKit.dll!WebCore::FrameSelection::bounds(bool clipToVisibleContent=true) Line 1805 C++ WebKit.dll!WebCore::FrameSelection::focusedOrActiveStateChanged() Line 1560 + 0x12 bytes C++ WebKit.dll!WebCore::FrameSelection::setFocused(bool flag=false) Line 1611 C++ WebKit.dll!WebCore::FocusController::setFocused(bool focused=false) Line 143 C++ WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd=0x00030bd4, unsigned int message=8, unsigned int wParam=0, long lParam=0) Line 2250 C++ user32.dll!_InternalCallWinProc@20() + 0x28 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_CallWindowProcAorW@24() + 0x51 bytes user32.dll!_CallWindowProcW@20() + 0x1b bytes comctl32.dll!_CallOriginalWndProc@24() + 0x1a bytes comctl32.dll!_CallNextSubclassProc@20() + 0x3c bytes comctl32.dll!_DefSubclassProc@16() + 0x46 bytes comctl32.dll!TTSubclassProc() + 0x59 bytes comctl32.dll!_CallNextSubclassProc@20() + 0x3c bytes comctl32.dll!_MasterSubclassProc@16() + 0x54 bytes user32.dll!_InternalCallWinProc@20() + 0x28 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_DispatchClientMessage@20() + 0x4d bytes user32.dll!___fnDWORD@4() + 0x24 bytes ntdll.dll!_KiUserCallbackDispatcher@12() + 0x13 bytes user32.dll!_NtUserMessageCall@28() + 0xc bytes user32.dll!_SendMessageW@16() + 0x49 bytes awt.dll!6d110d12() [Frames below may be incorrect and/or missing, no symbols loaded for awt.dll] jvm.dll!135d02ec() jvm.dll!135d067d() jvm.dll!1365f4f1() jvm.dll!135f7988() jvm.dll!135d9aa3() jvm.dll!135d070e() jvm.dll!135d9a7b() jvm.dll!1365197a() jvm.dll!13529125() msvcr71.dll!7c34218f() jvm.dll!1365197a() jvm.dll!1365197a() msvcr71.dll!7c34218f() jvm.dll!135280f6() jvm.dll!135dc933() jpinscp.dll!6d4c6f03() jpinscp.dll!6d4c74e0() jpinscp.dll!6d4c39a4() jpinscp.dll!6d4c3c41() jpioji.dll!6d4e3215() npJavaPlugin.dll!JavaPlugin::windowCreated() + 0x25 bytes C++ npJavaPlugin.dll!NP::Plugin::setwindow() + 0x31 bytes C++ WebKit.dll!WebCore::PluginView::setNPWindowRect(const WebCore::IntRect & rect={...}) Line 811 + 0x2d bytes C++ WebKit.dll!WebCore::PluginView::platformStart() Line 1000 C++ WebKit.dll!WebCore::PluginView::start() Line 268 + 0x8 bytes C++ WebKit.dll!WebCore::PluginView::startOrAddToUnstartedList() Line 224 C++ WebKit.dll!WebCore::PluginView::init() Line 201 + 0x8 bytes C++ WebKit.dll!WebCore::PluginView::setParent(WebCore::ScrollView * parent=0x10809548) Line 750 C++ WebKit.dll!WebCore::ScrollView::addChild(WTF::PassRefPtr<WebCore::Widget> prpChild={...}) Line 74 + 0x13 bytes C++ WebKit.dll!WebCore::moveWidgetToParentSoon(WebCore::Widget * child=0x106000f8, WebCore::FrameView * parent=0x10809548) Line 91 C++ WebKit.dll!WebCore::RenderWidget::setWidget(WTF::PassRefPtr<WebCore::Widget> widget={...}) Line 215 + 0x18 bytes C++ WebKit.dll!WebCore::RenderApplet::createWidgetIfNecessary() Line 81 C++ WebKit.dll!WebCore::RenderApplet::layout() Line 92 C++ WebKit.dll!WebCore::RenderObject::layoutIfNeeded() Line 537 + 0x30 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutInlineChildren(bool relayoutChildren=true, int & repaintLogicalTop=0, int & repaintLogicalBottom=0) Line 1149 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true, int pageLogicalHeight=0) Line 1236 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 1133 + 0x16 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x1059169c, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatLogicalBottom=0, int & maxFloatLogicalBottom=0) Line 1975 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatLogicalBottom=0) Line 1914 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true, int pageLogicalHeight=0) Line 1240 C++ WebKit.dll!WebCore::RenderTableCell::layout() Line 162 + 0x1d bytes C++ WebKit.dll!WebCore::RenderTableRow::layout() Line 150 + 0x12 bytes C++ WebKit.dll!WebCore::RenderObject::layoutIfNeeded() Line 537 + 0x30 bytes C++ WebKit.dll!WebCore::RenderTableSection::layout() Line 404 C++ WebKit.dll!WebCore::RenderObject::layoutIfNeeded() Line 537 + 0x30 bytes C++ WebKit.dll!WebCore::RenderTable::layout() Line 307 C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x1038b424, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatLogicalBottom=0, int & maxFloatLogicalBottom=0) Line 1975 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatLogicalBottom=0) Line 1914 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true, int pageLogicalHeight=0) Line 1240 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 1133 + 0x16 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x1046dddc, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatLogicalBottom=0, int & maxFloatLogicalBottom=0) Line 1975 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatLogicalBottom=0) Line 1914 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true, int pageLogicalHeight=0) Line 1240 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 1133 + 0x16 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x0af4105c, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatLogicalBottom=0, int & maxFloatLogicalBottom=0) Line 1975 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatLogicalBottom=0) Line 1914 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true, int pageLogicalHeight=0) Line 1240 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 1133 + 0x16 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x106a7d14, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatLogicalBottom=0, int & maxFloatLogicalBottom=0) Line 1975 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatLogicalBottom=0) Line 1914 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true, int pageLogicalHeight=0) Line 1240 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 1133 + 0x16 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x1072268c, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatLogicalBottom=0, int & maxFloatLogicalBottom=0) Line 1975 + 0x12 bytes C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatLogicalBottom=0) Line 1914 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true, int pageLogicalHeight=0) Line 1240 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 1133 + 0x16 bytes C++ WebKit.dll!WebCore::RenderView::layout() Line 132 C++ WebKit.dll!WebCore::FrameView::layout(bool allowSubtree=true) Line 964 + 0x12 bytes C++ WebKit.dll!WebCore::FrameView::layoutTimerFired(WebCore::Timer<WebCore::FrameView> * __formal=0x10809660) Line 1685 C++ WebKit.dll!WebCore::Timer<WebCore::FrameView>::fired() Line 100 + 0x29 bytes C++ WebKit.dll!WebCore::ThreadTimers::sharedTimerFiredInternal() Line 112 + 0xf bytes C++ WebKit.dll!WebCore::ThreadTimers::sharedTimerFired() Line 91 C++ WebKit.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x002207cc, unsigned int message=49574, unsigned int wParam=0, long lParam=0) Line 103 + 0x8 bytes C++ user32.dll!_InternalCallWinProc@20() + 0x28 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_DispatchMessageWorker@8() + 0xdc bytes user32.dll!_DispatchMessageW@4() + 0xf bytes

Attachments
Add attachment proposed patch, testcase, etc.

Adam Roben (:aroben)

Comment 1 2011-05-13 15:02:17 PDT

This bug does not occur with the latest version of Java, Java 6 Update 25.

Adam Roben (:aroben)

Comment 2 2011-05-13 15:02:41 PDT

<rdar://problem/9436998>

Alexey Proskuryakov

Comment 3 2022-07-01 11:35:50 PDT

Mass closing plug-in bugs, as plug-in support has been removed from WebKit. Please comment and/or reopen if this still affects WebKit in some way.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution WONTFIX

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS Windows 7

Product WebKit

Component Plug-ins

Assignee

Nobody

Reported

2011-05-13 14:59 PDT

Modified

2022-07-01 11:35 PDT History

CC List

1 user Show

URL

http://javatester.org/enabled.html

Keywords InRadar, PlatformOnly

Depends on

Blocks