Bug 62427 - Crash in FrameLoader::clear
Summary: Crash in FrameLoader::clear
Status: RESOLVED WORKSFORME
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-06-09 22:01 PDT by Ryosuke Niwa
Modified: 2022-12-01 04:55 PST (History)
6 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Ryosuke Niwa 2011-06-09 22:01:38 PDT 
Thread 0 *CRASHED* ( SIGSEGV @ 0x64646d54 )
0x08e653ea 	[chrome 	- third_party/WebKit/Source/JavaScriptCore/wtf/RefPtr.h:133] 	WebCore::Editor::clear
0x08f1f4f9 	[chrome 	- third_party/WebKit/Source/WebCore/loader/FrameLoader.cpp:610] 	WebCore::FrameLoader::clear
0x08f1ac98 	[chrome 	- third_party/WebKit/Source/WebCore/loader/DocumentWriter.cpp:127] 	WebCore::DocumentWriter::begin
0x08f1b1ae 	[chrome 	- third_party/WebKit/Source/WebCore/loader/DocumentWriter.cpp:70] 	WebCore::DocumentWriter::replaceDocument
0x08d4fc7e 	[chrome 	- third_party/WebKit/Source/WebCore/bindings/ScriptControllerBase.cpp:121] 	WebCore::ScriptController::executeIfJavaScriptURL
0x08f4fb01 	[chrome 	- third_party/WebKit/Source/WebCore/loader/SubframeLoader.cpp:88] 	WebCore::SubframeLoader::requestFrame
0x09e10e3a 	[chrome 	- third_party/WebKit/Source/WebCore/html/HTMLFrameElementBase.cpp:102] 	WebCore::HTMLFrameElementBase::openURL
0x09e11349 	[chrome 	- third_party/WebKit/Source/WebCore/html/HTMLFrameElementBase.cpp:153] 	WebCore::HTMLFrameElementBase::setNameAndOpenURL
0x08dea582 	[chrome 	- third_party/WebKit/Source/WebCore/dom/ContainerNode.cpp:774] 	WebCore::ContainerNode::insertedIntoDocument
0x08e16313 	[chrome 	- third_party/WebKit/Source/WebCore/dom/Element.cpp:957] 	WebCore::Element::insertedIntoDocument
0x08dea7ea 	[chrome 	- third_party/WebKit/Source/WebCore/dom/ContainerNode.cpp:1069] 	WebCore::notifyChildInserted
0x08dec9a3 	[chrome 	- third_party/WebKit/Source/WebCore/dom/ContainerNode.cpp:645] 	WebCore::ContainerNode::appendChild
0x08e2a59c 	[chrome 	- third_party/WebKit/Source/WebCore/dom/Node.cpp:668] 	WebCore::Node::appendChild
0x08d7220f 	[chrome 	- third_party/WebKit/Source/WebCore/bindings/v8/custom/V8NodeCustom.cpp:124]
Comment 1 Ryosuke Niwa 2011-06-09 22:02:09 PDT 
http://trac.webkit.org/browser/branches/chromium/782/Source/WebCore/loader/FrameLoader.cpp?rev=88129#L610
    m_frame->editor()->clear();

We're missing a null pointer check here.
Comment 2 Ryosuke Niwa 2011-06-10 11:27:25 PDT 
Mn... on my second thought, this crash isn't as simple as I initially thought.  The stack trace indicates that m_frame is not null in DocumentWriter::begin but it is in FrameLoader::clear, which doesn't make much sense.  We'll need a reduction for this.

http://crbug.com/85452.
Comment 3 Ahmad Saleem 2022-11-29 16:08:04 PST 
Is this crash still happening, if not, can we close this since equivalent chrome bug is also closed without any resolution? If someone can point me to crash data like Mozilla has available openly, I can try to see if it is happening else appreciate if someone can mark it close or WONTFIX. Thanks!
Comment 4 Darin Adler 2022-12-01 04:55:47 PST 
I think we should close this. Unless Ryosuke can remember how he was reproducing the crash there is nothing valuable in this bug; we aren’t currently seeing this crash.