RESOLVED FIXED 98001
[chromium] crash when running accessibility/canvas-fallback-content-2.html 
https://bugs.webkit.org/show_bug.cgi?id=98001
Summary [chromium] crash when running accessibility/canvas-fallback-content-2.html
jochen
Reported 2012-10-01 01:44:42 PDT
When trying to run the test accessibility/canvas-fallback-content-2.html in content_shell like this: echo file://$(pwd)/LayoutTests/accessibility/canvas-fallback-content-2.html | out/Debug/content_shell --no-sandbox --dump-render-tree I get the following crash: [20467:20467:1001/103914:9811384406:ERROR:process_util_posix.cc(144)] Received signal 11 base::debug::StackTrace::StackTrace() [0x50cf7e] base::(anonymous namespace)::StackDumpSignalHandler() [0x524df4] 0x7f602d4eb4c0 WTF::StringImpl::rawHash() [0xc7520a] WTF::StringImpl::hasHash() [0xc751e5] WTF::StringImpl::existingHash() [0xc75169] WTF::AtomicStringHash::hash() [0xc7513d] WTF::HashMapTranslator<>::hash<>() [0x3042bf5] WTF::HashTable<>::add<>() [0x30427cd] WTF::HashMap<>::inlineAdd() [0x30426cc] WTF::HashMap<>::add() [0x30424a4] WebCore::Document::getCachedLocalizer() [0x303b928] WebCore::Element::localizer() [0x308d50d] WebCore::NumberInputType::localizeValue() [0x2ddc975] WebCore::NumberInputType::visibleValue() [0x2ddca31] WebCore::TextFieldInputType::updateInnerTextValue() [0x2de7e46] WebCore::HTMLInputElement::updateType() [0x2d75e1c] WebCore::HTMLInputElement::parseAttribute() [0x2d7710f] WebCore::Element::attributeChanged() [0x30888e9] WebCore::StyledElement::attributeChanged() [0x311a349] WebCore::Element::parserSetAttributes() [0x308943a] WebCore::HTMLConstructionSite::createHTMLElement() [0x2eb6856] WebCore::HTMLConstructionSite::insertSelfClosingHTMLElement() [0x2eb6dcf] WebCore::HTMLTreeBuilder::processStartTagForInBody() [0x2e4c85f] WebCore::HTMLTreeBuilder::processStartTag() [0x2e46426] WebCore::HTMLTreeBuilder::processToken() [0x2e45ae1] WebCore::HTMLTreeBuilder::constructTreeFromAtomicToken() [0x2e44e1b] WebCore::HTMLTreeBuilder::constructTreeFromToken() [0x2e44d1a] WebCore::HTMLDocumentParser::pumpTokenizer() [0x2e2ab66] WebCore::HTMLDocumentParser::pumpTokenizerIfPossible() [0x2e2a5f5] WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() [0x2e2ba21] WebCore::HTMLDocumentParser::notifyFinished() [0x2e2bdc7] WebCore::HTMLDocumentParser::notifyFinished() [0x2e2be2f] WebCore::CachedResource::checkNotify() [0x28e97dd] WebCore::CachedScript::data() [0x2904118] WebCore::SubresourceLoader::didFinishLoading() [0x28cb94a] WebCore::ResourceLoader::didFinishLoading() [0x28c5705] WebCore::ResourceHandleInternal::didFinishLoading() [0x39a2624] webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest() [0x1d40e54] content::ResourceDispatcher::OnRequestComplete() [0xbeb4bd] DispatchToMethod<>() [0xbecde8] ResourceMsg_RequestComplete::Dispatch<>() [0xbec846] content::ResourceDispatcher::DispatchMessage() [0xbea227] content::ResourceDispatcher::OnMessageReceived() [0xbe962a] ChildThread::OnMessageReceived() [0xacca3b] IPC::ChannelProxy::Context::OnDispatchMessage() [0x2091b59] base::internal::RunnableAdapter<>::Run() [0x2095c7a] base::internal::InvokeHelper<>::MakeItSo() [0x2095be1] base::internal::Invoker<>::Run() [0x2095b8c] base::Callback<>::Run() [0x42be1e] MessageLoop::RunTask() [0x49bcbc] MessageLoop::DeferOrRunPendingTask() [0x49c0ab] MessageLoop::DoWork() [0x49c255] base::MessagePumpDefault::Run() [0x4a6168] MessageLoop::RunInternal() [0x49b6e6] MessageLoop::RunHandler() [0x49b595] base::RunLoop::Run() [0x4bd5c2] MessageLoop::Run() [0x49ae31] RendererMain() [0xd16610] content::RunZygote() [0xca6297] content::RunNamedProcessTypeMain() [0xca6594] content::ContentMainRunnerImpl::Run() [0xca738d] Also tracked in https://code.google.com/p/chromium/issues/detail?id=153248
Attachments
Patch (1.64 KB, patch)
2012-10-01 07:20 PDT, jochen 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
jochen
Comment 1 2012-10-01 07:20:01 PDT
Created attachment 166471 [details] Patch
WebKit Review Bot
Comment 2 2012-10-01 12:07:46 PDT
Comment on attachment 166471 [details] Patch Clearing flags on attachment: 166471 Committed r130062: <http://trac.webkit.org/changeset/130062>
WebKit Review Bot
Comment 3 2012-10-01 12:07:50 PDT
All reviewed patches have been landed. Closing bug.
Ojan Vafai
Comment 4 2012-10-01 17:13:59 PDT
Reverted r130062 for reason: Causes a ton of gtest failures on the chromium bots Committed r130101: <http://trac.webkit.org/changeset/130101>
Ojan Vafai
Comment 5 2012-10-01 17:15:08 PDT
See http://build.chromium.org/p/chromium.webkit/builders/Win%20%28dbg%29/builds/7893 for the failures.
Ojan Vafai
Comment 6 2012-10-01 17:15:46 PDT
It wasn't clear to me whether this assert was showing places where the code is wrong or whether the assert is wrong. Either way, it would be good to fix the gtest failures first.
jochen
Comment 7 2012-10-02 00:45:30 PDT
(In reply to comment #6) > It wasn't clear to me whether this assert was showing places where the code is wrong or whether the assert is wrong. Either way, it would be good to fix the gtest failures first. sorry for the mess. It's indeed a failure in the tests. I'm fixing this.
jochen
Comment 8 2012-10-02 04:41:23 PDT
Landed again http://trac.webkit.org/changeset/130152
Note You need to log in before you can comment on or make changes to this bug.