Bug 83578 - [Qt][WK2] fast/loader/create-frame-in-DOMContentLoaded.html crashes
Summary: [Qt][WK2] fast/loader/create-frame-in-DOMContentLoaded.html crashes
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Tools / Tests (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P1 Critical
Assignee: Dinu Jacob
URL:
Keywords: Qt, QtTriaged
Depends on:
Blocks: 79668
  Show dependency treegraph
 
Reported: 2012-04-10 06:47 PDT by Csaba Osztrogonác
Modified: 2012-05-15 08:15 PDT (History)
5 users (show)

See Also:


Attachments
Patch (1.64 KB, patch)
2012-05-14 18:27 PDT, Dinu Jacob
no flags Details | Formatted Diff | Diff
Patch (2.38 KB, patch)
2012-05-14 18:34 PDT, Dinu Jacob
no flags Details | Formatted Diff | Diff
Patch (2.91 KB, patch)
2012-05-14 18:55 PDT, Dinu Jacob
hausmann: review-
Details | Formatted Diff | Diff
Patch (3.16 KB, patch)
2012-05-15 06:24 PDT, Dinu Jacob
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Csaba Osztrogonác 2012-04-10 06:47:29 PDT
This test was skipped long long time ago, and was unskipped by 
http://trac.webkit.org/changeset/113427, but unfortunately it
crashes on Qt5-WK2 platform (pass with Qt4.8-WK1 and Qt5-WK2)
crash log for WebProcess (pid <unknown>):

STDOUT: <empty>
STDERR: 1   0x7f8e51a15048 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libWTRInjectedBundle.so(+0x34048) [0x7f8e51a15048]
STDERR: 2   0x7f8e9dde7420 /lib/x86_64-linux-gnu/libc.so.6(+0x36420) [0x7f8e9dde7420]
STDERR: 3   0x7f8ea02c33cd /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::WebFrameNetworkingContext::WebFrameNetworkingContext(WebKit::WebFrame*)+0x5d) [0x7f8ea02c33cd]
STDERR: 4   0x7f8ea02c3491 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::WebFrameNetworkingContext::create(WebKit::WebFrame*)+0x31) [0x7f8ea02c3491]
STDERR: 5   0x7f8ea02b2964 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebKit::WebFrameLoaderClient::createNetworkingContext()+0x14) [0x7f8ea02b2964]
STDERR: 6   0x7f8ea0881df1 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::FrameLoader::init()+0x7f1) [0x7f8ea0881df1]
STDERR: 7   0x7f8ea02cf1a2 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebKit::WebFrame::init(WebKit::WebPage*, WTF::String const&, WebCore::HTMLFrameOwnerElement*)+0xe2) [0x7f8ea02cf1a2]
STDERR: 8   0x7f8ea02cfc2f /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebKit::WebFrame::createSubframe(WebKit::WebPage*, WTF::String const&, WebCore::HTMLFrameOwnerElement*)+0xef) [0x7f8ea02cfc2f]
STDERR: 9   0x7f8ea02b22ee /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebKit::WebFrameLoaderClient::createFrame(WebCore::KURL const&, WTF::String const&, WebCore::HTMLFrameOwnerElement*, WTF::String const&, bool, int, int)+0x4e) [0x7f8ea02b22ee]
STDERR: 10  0x7f8ea08b6171 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::SubframeLoader::loadSubframe(WebCore::HTMLFrameOwnerElement*, WebCore::KURL const&, WTF::String const&, WTF::String const&)+0x181) [0x7f8ea08b6171]
STDERR: 11  0x7f8ea08b648f /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::SubframeLoader::loadOrRedirectSubframe(WebCore::HTMLFrameOwnerElement*, WebCore::KURL const&, WTF::AtomicString const&, bool, bool)+0xff) [0x7f8ea08b648f]
STDERR: 12  0x7f8ea08b69c7 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::SubframeLoader::requestFrame(WebCore::HTMLFrameOwnerElement*, WTF::String const&, WTF::AtomicString const&, bool, bool)+0x207) [0x7f8ea08b69c7]
STDERR: 13  0x7f8ea06e9022 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::HTMLFrameElementBase::openURL(bool, bool)+0xe2) [0x7f8ea06e9022]
STDERR: 14  0x7f8ea0544202 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xfc7202) [0x7f8ea0544202]
STDERR: 15  0x7f8ea05443d9 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xfc73d9) [0x7f8ea05443d9]
STDERR: 16  0x7f8ea05479cc /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::ContainerNode::appendChild(WTF::PassRefPtr<WebCore::Node>, int&, bool)+0x19c) [0x7f8ea05479cc]
STDERR: 17  0x7f8ea059c87c /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::Node::appendChild(WTF::PassRefPtr<WebCore::Node>, int&, bool)+0x3c) [0x7f8ea059c87c]
STDERR: 18  0x7f8ea03fbabb /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::JSNode::appendChild(JSC::ExecState*)+0x4b) [0x7f8ea03fbabb]
STDERR: 19  0x7f8ea0f35a0b /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::jsNodePrototypeFunctionAppendChild(JSC::ExecState*)+0x5b) [0x7f8ea0f35a0b]
STDERR: 20  0x7f8e52431258 [0x7f8e52431258]
Comment 1 Csaba Osztrogonác 2012-04-10 06:53:42 PDT
Skipped by http://trac.webkit.org/changeset/113712
Please unskip it with the proper fix.
Comment 2 Dinu Jacob 2012-05-14 18:19:44 PDT
DOMContentLoaded event handler adds an iframe. loadEvent handler removes this iframe and this causes the page to be detached from the frame. WebFrameNetworkingContext constructor tries to access the page of the frame resulting in the crash.
Comment 3 Dinu Jacob 2012-05-14 18:27:44 PDT
Created attachment 141833 [details]
Patch
Comment 4 Dinu Jacob 2012-05-14 18:34:13 PDT
Created attachment 141834 [details]
Patch
Comment 5 Dinu Jacob 2012-05-14 18:55:51 PDT
Created attachment 141839 [details]
Patch
Comment 6 zalan 2012-05-15 04:25:46 PDT
Comment on attachment 141839 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=141839&action=review

> Source/WebKit2/WebProcess/WebCoreSupport/qt/WebFrameNetworkingContext.cpp:39
> +        m_originatingObject->setProperty("pageID", qulonglong(frame->page()->pageID()));

I think it's better to not to initiate the m_originatingObject, if we can't set the property on it. the caller, QtNetworkAccessManager::obtainOriginatingWebPage(), looks to handle the NULL case properly, while we would be querying an invalid pageID on the webprocess.

Also if you check for frame here (and expecting it to be NULL), you should also be checking it a few lines above, when the parent c'tor is called with WebCore::Frame. However I think it's only the WebKit::WebPage which could be NULL (detached) here and not the WebKit::WebFrame. So if(frame->page()) should just do.
Comment 7 Simon Hausmann 2012-05-15 05:05:02 PDT
Comment on attachment 141839 [details]
Patch

I agree with Zalan, it's better to avoid constructing m_originatingObject. Otherwise it seems like a valid case/situation.
Comment 8 Dinu Jacob 2012-05-15 06:24:51 PDT
Created attachment 141946 [details]
Patch
Comment 9 Dinu Jacob 2012-05-15 06:29:31 PDT
Thanks for the reviews. New patch attached.
Comment 10 Simon Hausmann 2012-05-15 06:51:55 PDT
Comment on attachment 141946 [details]
Patch

Thanks :)
Comment 11 WebKit Review Bot 2012-05-15 08:15:07 PDT
Comment on attachment 141946 [details]
Patch

Clearing flags on attachment: 141946

Committed r117070: <http://trac.webkit.org/changeset/117070>
Comment 12 WebKit Review Bot 2012-05-15 08:15:16 PDT
All reviewed patches have been landed.  Closing bug.