70841 – Assert failure in WebCore::HistoryItem::addChildItem(WTF::PassRefPtr<WebCore::HistoryItem>)

RESOLVED WORKSFORME 70841

Assert failure in WebCore::HistoryItem::addChildItem(WTF::PassRefPtr<WebCore::HistoryItem>)

https://bugs.webkit.org/show_bug.cgi?id=70841

Summary Assert failure in WebCore::HistoryItem::addChildItem(WTF::PassRefPtr<WebCore:...

Dimitris Apostolou

Reported 2011-10-25 13:08:17 PDT

Created attachment 112382 [details] Crash log. r Reproducibility: once Steps: Go to https://www.facebook.com/people/Julie-Tritaki/1227438852 What happened: Assert failure and crash. ASSERTION FAILED: !childItemWithTarget(child->target()) /Users/rex/WebKit/Source/WebCore/history/HistoryItem.cpp(463) : void WebCore::HistoryItem::addChildItem(PassRefPtr<WebCore::HistoryItem>) 1 0x1113fe4c3 WebCore::HistoryItem::addChildItem(WTF::PassRefPtr<WebCore::HistoryItem>) 2 0x1113fbef2 WebCore::HistoryController::createItemTree(WebCore::Frame*, bool) 3 0x1113fc254 WebCore::HistoryController::pushState(WTF::PassRefPtr<WebCore::SerializedScriptValue>, WTF::String const&, WTF::String const&) 4 0x1113f87aa WebCore::History::stateObjectAdded(WTF::PassRefPtr<WebCore::SerializedScriptValue>, WTF::String const&, WTF::String const&, WebCore::History::StateObjectType, int&) 5 0x1117f2e02 WebCore::JSHistory::pushState(JSC::ExecState*) 6 0x1117f12b9 WebCore::jsHistoryPrototypeFunctionPushState(JSC::ExecState*) 7 0x31fd9f8011f8 8 0x1101d75f9 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) 9 0x1101d3f16 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 10 0x11012b281 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 11 0x1116a5b33 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 12 0x1117c920b WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) 13 0x1112bd3cc WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) 14 0x1112bd224 WebCore::EventTarget::fireEventListeners(WebCore::Event*) 15 0x111c3103b WebCore::Node::handleLocalEvents(WebCore::Event*) 16 0x111291779 WebCore::EventDispatcher::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) 17 0x111c0fe74 WebCore::MouseEventDispatchMediator::dispatchEvent(WebCore::EventDispatcher*) const 18 0x111290b85 WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::EventDispatchMediator>) 19 0x111c31b4f WebCore::Node::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WTF::AtomicString const&, int, WebCore::Node*) 20 0x11129bb02 WebCore::EventHandler::dispatchMouseEvent(WTF::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) 21 0x11129e06b WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&) 22 0x10f37c1ba _ZN6WebKitL16handleMouseEventERKNS_13WebMouseEventEPN7WebCore4PageE 23 0x10f37c02b WebKit::WebPage::mouseEvent(WebKit::WebMouseEvent const&) 24 0x10f48b707 void CoreIPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&), WebKit::WebMouseEvent>(CoreIPC::Arguments1<WebKit::WebMouseEvent> const&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)) 25 0x10f4807c6 void CoreIPC::handleMessage<Messages::WebPage::MouseEvent, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)>(CoreIPC::ArgumentDecoder*, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)) 26 0x10f47e553 WebKit::WebPage::didReceiveWebPageMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) 27 0x10f37fe1d WebKit::WebPage::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) 28 0x10f3f8881 WebKit::WebProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) 29 0x10f2b579c CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) 30 0x10f2b7fb3 CoreIPC::Connection::dispatchMessages() 31 0x10f2bedcb MemberFunctionWorkItem0<CoreIPC::Connection>::execute() Expected result: No assert failure, no crash.

Attachments
Crash log. (49.08 KB, text/plain) 2011-10-25 13:08 PDT, Dimitris Apostolou	no flags	Details
One more crash log. (44.13 KB, text/plain) 2011-10-25 13:37 PDT, Dimitris Apostolou	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Dimitris Apostolou

Comment 1 2011-10-25 13:08:36 PDT

r98372

Dimitris Apostolou

Comment 2 2011-10-25 13:37:15 PDT

Created attachment 112391 [details] One more crash log. Actually happens pretty often on that page. ASSERTION FAILED: !childItemWithTarget(child->target()) /Users/rex/WebKit/Source/WebCore/history/HistoryItem.cpp(463) : void WebCore::HistoryItem::addChildItem(PassRefPtr<WebCore::HistoryItem>) 1 0x1069a54c3 WebCore::HistoryItem::addChildItem(WTF::PassRefPtr<WebCore::HistoryItem>) 2 0x1069a2ef2 WebCore::HistoryController::createItemTree(WebCore::Frame*, bool) 3 0x1069a3254 WebCore::HistoryController::pushState(WTF::PassRefPtr<WebCore::SerializedScriptValue>, WTF::String const&, WTF::String const&) 4 0x10699f7aa WebCore::History::stateObjectAdded(WTF::PassRefPtr<WebCore::SerializedScriptValue>, WTF::String const&, WTF::String const&, WebCore::History::StateObjectType, int&) 5 0x106d99e02 WebCore::JSHistory::pushState(JSC::ExecState*) 6 0x106d982b9 WebCore::jsHistoryPrototypeFunctionPushState(JSC::ExecState*) 7 0x34e859e011f8 8 0x10577e5f9 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*) 9 0x10577af16 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 10 0x1056d2281 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 11 0x106c4cb33 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) 12 0x106d7020b WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) 13 0x1068643cc WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) 14 0x106864224 WebCore::EventTarget::fireEventListeners(WebCore::Event*) 15 0x1071d803b WebCore::Node::handleLocalEvents(WebCore::Event*) 16 0x106838779 WebCore::EventDispatcher::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) 17 0x1071b6e74 WebCore::MouseEventDispatchMediator::dispatchEvent(WebCore::EventDispatcher*) const 18 0x106837b85 WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::EventDispatchMediator>) 19 0x1071d8b4f WebCore::Node::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WTF::AtomicString const&, int, WebCore::Node*) 20 0x106842b02 WebCore::EventHandler::dispatchMouseEvent(WTF::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) 21 0x10684506b WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&) 22 0x1049231ba _ZN6WebKitL16handleMouseEventERKNS_13WebMouseEventEPN7WebCore4PageE 23 0x10492302b WebKit::WebPage::mouseEvent(WebKit::WebMouseEvent const&) 24 0x104a32707 void CoreIPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&), WebKit::WebMouseEvent>(CoreIPC::Arguments1<WebKit::WebMouseEvent> const&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)) 25 0x104a277c6 void CoreIPC::handleMessage<Messages::WebPage::MouseEvent, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)>(CoreIPC::ArgumentDecoder*, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)) 26 0x104a25553 WebKit::WebPage::didReceiveWebPageMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) 27 0x104926e1d WebKit::WebPage::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) 28 0x10499f881 WebKit::WebProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) 29 0x10485c79c CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) 30 0x10485efb3 CoreIPC::Connection::dispatchMessages() 31 0x104865dcb MemberFunctionWorkItem0<CoreIPC::Connection>::execute()

Sergio Villar Senin

Comment 3 2012-01-17 08:58:42 PST

Likely a dup of https://bugs.webkit.org/show_bug.cgi?id=51224

Brent Fulgham

Comment 4 2016-08-03 13:43:18 PDT

I'm not able to reproduce crashes on Facebook using any Safari or WebKit variant. If you are able to reproduce the problem, please reopen this bug with relevant steps to reproduce.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution WORKSFORME

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Mac (Intel)

OS OS X 10.7

Product WebKit

Component WebCore JavaScript

Assignee

Nobody

Reported

2011-10-25 13:08 PDT

Modified

2016-08-03 13:45 PDT History

CC List

2 users Show

URL

https://www.facebook.com/people/Julie-Tritaki/1227438852

Keywords

Depends on

Blocks