75143 – Crash in WebFrameProxy::isDescendantOf() running tests on SL

Bug 75143 - Crash in WebFrameProxy::isDescendantOf() running tests on SL

Summary: Crash in WebFrameProxy::isDescendantOf() running tests on SL

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Tools / Tests (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:	75131
	Show dependency tree / graph

Reported:	2011-12-22 15:44 PST by Simon Fraser (smfr)
Modified:	2011-12-22 15:50 PST (History)
CC List:	3 users (show)

See Also:

Attachments
Crash log (30.20 KB, text/plain) 2011-12-22 15:44 PST, Simon Fraser (smfr)	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Simon Fraser (smfr) 2011-12-22 15:44:00 PST

Created attachment 120394 [details]
Crash log

One of these tests crashed on SL running WK2 tests in debug:

  fast/dynamic/crash-paint-no-documentElement-renderer.html -> unexpected DumpRenderTree crash
  fast/events/before-unload-adopt-within-subframes.html -> unexpected DumpRenderTree crash


Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000003f00000078
Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   com.apple.WebKit2             	0x00000001000f078b WebKit::WebFrameProxy::isDescendantOf(WebKit::WebFrameProxy const*) const + 123 (WebFrameProxy.cpp:231)
1   com.apple.WebKit2             	0x000000010012363c WebKit::isDisconnectedFrame(WebKit::WebFrameProxy*) + 124 (WebPageProxy.cpp:1591)
2   com.apple.WebKit2             	0x00000001001234de WebKit::WebPageProxy::didSaveFrameToPageCache(unsigned long long) + 350 (WebPageProxy.cpp:1601)
3   com.apple.WebKit2             	0x0000000100252ada void CoreIPC::callMemberFunction<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long long), unsigned long long>(CoreIPC::Arguments1<unsigned long long> const&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(unsigned long long)) + 138 (HandleMessage.h:20)
4   com.apple.WebKit2             	0x0000000100247353 void CoreIPC::handleMessage<Messages::WebPageProxy::DidSaveFrameToPageCache, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long long)>(CoreIPC::ArgumentDecoder*, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(unsigned long long)) + 115 (HandleMessage.h:278)
5   com.apple.WebKit2             	0x0000000100243da4 WebKit::WebPageProxy::didReceiveWebPageProxyMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) + 2356 (WebPageProxyMessageReceiver.cpp:227)
6   com.apple.WebKit2             	0x0000000100122c0f WebKit::WebPageProxy::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*) + 271 (WebPageProxy.cpp:1536)

Comment 1 Simon Fraser (smfr) 2011-12-22 15:50:45 PST

Also see an assertion:


Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef
Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   com.apple.WebKit2             	0x00000001000f05db WebKit::WebFrameProxy::appendChild(WebKit::WebFrameProxy*) + 475 (WebFrameProxy.cpp:204)
1   com.apple.WebKit2             	0x000000010012336c WebKit::WebPageProxy::didCreateSubframe(unsigned long long, unsigned long long) + 844 (WebPageProxy.cpp:1587)
2   com.apple.WebKit2             	0x000000010024e752 void CoreIPC::callMemberFunction<WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long long, unsigned long long), unsigned long long, unsigned long long>(CoreIPC::Arguments2<unsigned long long, unsigned long long> const&, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(unsigned long long, unsigned long long)) + 146 (HandleMessage.h:26)
3   com.apple.WebKit2             	0x00000001002472d3 void CoreIPC::handleMessage<Messages::WebPageProxy::DidCreateSubframe, WebKit::WebPageProxy, void (WebKit::WebPageProxy::*)(unsigned long long, unsigned long long)>(CoreIPC::ArgumentDecoder*, WebKit::WebPageProxy*, void (WebKit::WebPageProxy::*)(unsigned long long, unsigned long long)) + 115 (HandleMessage.h:278)