NEW 98747
[WK2] plugins/document-open.html is crashing 
https://bugs.webkit.org/show_bug.cgi?id=98747
Summary [WK2] plugins/document-open.html is crashing
KwangYong Choi
Reported 2012-10-09 04:20:52 PDT
plugins/document-open.html [ Crash ]
Attachments
Add attachment proposed patch, testcase, etc.
Jussi Kukkonen (jku)
Comment 1 2012-10-25 01:35:04 PDT
This is not EFL or WTR specific AFAICT. Apparently calling "document.open" from destroyStream in the plugin ends up doing a HashTable.get() on a hashtable that no longer exists (m_npJSObjects in NPRuntimeObjectMap).
Chris Dumez
Comment 2 2012-11-22 06:35:55 PST
Stack trace: Program received signal SIGSEGV, Segmentation fault. 0x00007ffff78d8119 in WTF::IdentityHashTranslator<WTF::PtrHash<JSC::JSObject*> >::equal<JSC::JSObject*> (a=@0xbbadbeff: <error reading variable>, b=@0x7fffffffd218: 0x7fffa455fd80) at /home/chris/unencrypted/WebKit/Source/WTF/wtf/HashTable.h:300 300 template<typename T> static bool equal(const T& a, const T& b) { return HashFunctions::equal(a, b); } (gdb) bt #0 0x00007ffff78d8119 in WTF::IdentityHashTranslator<WTF::PtrHash<JSC::JSObject*> >::equal<JSC::JSObject*> (a=@0xbbadbeff: <error reading variable>, b=@0x7fffffffd218: 0x7fffa455fd80) at /home/chris/unencrypted/WebKit/Source/WTF/wtf/HashTable.h:300 #1 0x00007ffff78d6fa9 in WTF::HashTable<JSC::JSObject*, WTF::KeyValuePair<JSC::JSObject*, WebKit::NPJSObject*>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<JSC::JSObject*, WebKit::NPJSObject*> >, WTF::PtrHash<JSC::JSObject*>, WTF::HashMapValueTraits<WTF::HashTraits<JSC::JSObject*>, WTF::HashTraits<WebKit::NPJSObject*> >, WTF::HashTraits<JSC::JSObject*> >::lookup<WTF::IdentityHashTranslator<WTF::PtrHash<JSC::JSObject*> >, JSC::JSObject*> (this=0x57fca0, key=@0x7fffffffd218: 0x7fffa455fd80) at /home/chris/unencrypted/WebKit/Source/WTF/wtf/HashTable.h:628 #2 0x00007ffff78d59d7 in WTF::HashTable<JSC::JSObject*, WTF::KeyValuePair<JSC::JSObject*, WebKit::NPJSObject*>, WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<JSC::JSObject*, WebKit::NPJSObject*> >, WTF::PtrHash<JSC::JSObject*>, WTF::HashMapValueTraits<WTF::HashTraits<JSC::JSObject*>, WTF::HashTraits<WebKit::NPJSObject*> >, WTF::HashTraits<JSC::JSObject*> >::lookup (this=0x57fca0, key=@0x7fffffffd218: 0x7fffa455fd80) at /home/chris/unencrypted/WebKit/Source/WTF/wtf/HashTable.h:419 #3 0x00007ffff78d4aed in WTF::HashMap<JSC::JSObject*, WebKit::NPJSObject*, WTF::PtrHash<JSC::JSObject*>, WTF::HashTraits<JSC::JSObject*>, WTF::HashTraits<WebKit::NPJSObject*> >::get (this=0x57fca0, key=@0x7fffffffd218: 0x7fffa455fd80) at /home/chris/unencrypted/WebKit/Source/WTF/wtf/HashMap.h:368 ---Type <return> to continue, or q <return> to quit--- #4 0x00007ffff78d202c in WebKit::NPRuntimeObjectMap::getOrCreateNPObject ( this=0x57fc90, globalData=..., jsObject=0x7fffa455fd80) at /home/chris/unencrypted/WebKit/Source/WebKit2/WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:79 #5 0x00007ffff78d2578 in WebKit::NPRuntimeObjectMap::convertJSValueToNPVariant (this=0x57fc90, exec=0x7fffa459f388, value=..., variant=...) at /home/chris/unencrypted/WebKit/Source/WebKit2/WebProcess/Plugins/Netscape/NPRuntimeObjectMap.cpp:173 #6 0x00007ffff78ceeaf in WebKit::NPJSObject::invoke (this=0x576190, exec=0x7fffa459f388, globalObject=0x7fffa459f180, function=..., arguments=0x540130, argumentCount=2, result=0x7fffffffd5a0) at /home/chris/unencrypted/WebKit/Source/WebKit2/WebProcess/Plugins/Netscape/NPJSObject.cpp:300 #7 0x00007ffff78ce1f8 in WebKit::NPJSObject::invoke (this=0x576190, methodName=0x5402c0, arguments=0x540130, argumentCount=2, result=0x7fffffffd5a0) at /home/chris/unencrypted/WebKit/Source/WebKit2/WebProcess/Plugins/Netscape/NPJSObject.cpp:125 #8 0x00007ffff78cf01d in WebKit::NPJSObject::NP_Invoke (npObject=0x576190, methodName=0x5402c0, arguments=0x540130, argumentCount=2, result=0x7fffffffd5a0) at /home/chris/unencrypted/WebKit/Source/WebKit2/WebProcess/Plugins/Netscape/NPJSObject.cpp:347 ---Type <return> to continue, or q <return> to quit--- #9 0x00007ffff776cfa7 in WebKit::NPObjectMessageReceiver::invoke ( this=0x4acf20, methodNameData=..., argumentsData=..., returnValue=@0x7fffffffd670: 112, resultData=...) at /home/chris/unencrypted/WebKit/Source/WebKit2/Shared/Plugins/NPObjectMessageReceiver.cpp:88 #10 0x00007ffff79ccb8b in CoreIPC::callMemberFunction<WebKit::NPObjectMessageReceiver, void (WebKit::NPObjectMessageReceiver::*)(WebKit::NPIdentifierData const&, WTF::Vector<WebKit::NPVariantData, 0ul> const&, bool&, WebKit::NPVariantData&), WebKit::NPIdentifierData, WTF::Vector<WebKit::NPVariantData, 0ul>, bool, WebKit::NPVariantData> (args=..., replyArgs=..., object=0x4acf20, function= (void (WebKit::NPObjectMessageReceiver::*)(WebKit::NPObjectMessageReceiver * const, const WebKit::NPIdentifierData &, const WTF::Vector<WebKit::NPVariantData, 0ul> &, bool &, WebKit::NPVariantData &)) 0x7ffff776ce4e <WebKit::NPObjectMessageReceiver::invoke(WebKit::NPIdentifierData const&, WTF::Vector<WebKit::NPVariantData, 0ul> const&, bool&, WebKit::NPVariantData&)>) at /home/chris/unencrypted/WebKit/Source/WebKit2/Platform/CoreIPC/HandleMessage.h:137 #11 0x00007ffff79cc4ca in CoreIPC::handleMessage<Messages::NPObjectMessageReceiver::Invoke, WebKit::NPObjectMessageReceiver, void (WebKit::NPObjectMessageReceiver::*)(WebKit::NPIdentifierData const&, WTF::Vector<WebKit::NPVariantData, 0ul> const&, bool&, WebKit::NPVariantData&)> (decoder=..., replyEncoder=..., object=0x4acf20, function= (void (WebKit::NPObjectMessageReceiver::*)(WebKit::NPObjectMessageReceiver *---Type <return> to continue, or q <return> to quit--- const, const WebKit::NPIdentifierData &, const WTF::Vector<WebKit::NPVariantData, 0ul> &, bool &, WebKit::NPVariantData &)) 0x7ffff776ce4e <WebKit::NPObjectMessageReceiver::invoke(WebKit::NPIdentifierData const&, WTF::Vector<WebKit::NPVariantData, 0ul> const&, bool&, WebKit::NPVariantData&)>) at /home/chris/unencrypted/WebKit/Source/WebKit2/Platform/CoreIPC/HandleMessage.h:333 #12 0x00007ffff79cbc98 in WebKit::NPObjectMessageReceiver::didReceiveSyncNPObjectMessageReceiverMessage (this=0x4acf20, decoder=..., replyEncoder=...) at /home/chris/unencrypted/WebKit/WebKitBuild/Debug/DerivedSources/WebKit2/NPObjectMessageReceiverMessageReceiver.cpp:53 #13 0x00007ffff777383f in WebKit::NPRemoteObjectMap::didReceiveSyncMessage ( this=0x58aea0, connection=0x5ab820, messageID=..., decoder=..., replyEncoder=...) at /home/chris/unencrypted/WebKit/Source/WebKit2/Shared/Plugins/NPRemoteObjectMap.cpp:236 #14 0x00007ffff78a9d8f in WebKit::PluginProcessConnection::didReceiveSyncMessage (this=0x580c00, connection=0x5ab820, messageID=..., decoder=..., replyEncoder=...) at /home/chris/unencrypted/WebKit/Source/WebKit2/WebProcess/Plugins/PluginProcessConnection.cpp:104 #15 0x00007ffff76fe39f in CoreIPC::Connection::dispatchSyncMessage ( this=0x5ab820, messageID=..., decoder=...) at /home/chris/unencrypted/WebKit/Source/WebKit2/Platform/CoreIPC/Connection---Type <return> to continue, or q <return> to quit--- .cpp:634 #16 0x00007ffff76fe69a in CoreIPC::Connection::dispatchMessage (this=0x5ab820, message=...) at /home/chris/unencrypted/WebKit/Source/WebKit2/Platform/CoreIPC/Connection.cpp:684 #17 0x00007ffff76fe91b in CoreIPC::Connection::dispatchOneMessage ( this=0x5ab820) at /home/chris/unencrypted/WebKit/Source/WebKit2/Platform/CoreIPC/Connection.cpp:712 #18 0x00007ffff7708abc in WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>::operator() (this=0x7fff90000b10, c=0x5ab820) at /home/chris/unencrypted/WebKit/Source/WTF/wtf/Functional.h:174 #19 0x00007ffff77088c2 in WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (CoreIPC::Connection::*)()>, void (CoreIPC::Connection*)>::operator()() ( this=0x7fff90000b00) at /home/chris/unencrypted/WebKit/Source/WTF/wtf/Functional.h:406 #20 0x00007ffff7845500 in WTF::Function<void ()>::operator()() const ( this=0x7fffffffdbd0) at /home/chris/unencrypted/WebKit/Source/WTF/wtf/Functional.h:614 #21 0x00007ffff3c98927 in WebCore::RunLoop::performWork (this=0x43cec0) at /home/chris/unencrypted/WebKit/Source/WebCore/platform/RunLoop.cpp:87 #22 0x00007ffff46b645f in WebCore::RunLoop::wakeUpEvent (data=0x43cec0) at /home/chris/unencrypted/WebKit/Source/WebCore/platform/efl/RunLoopEfl.cpp---Type <return> to continue, or q <return> to quit--- :100 #23 0x00007ffff7ebb751 in _ecore_pipe_read (data=0x40cac0, fd_handler=<optimized out>) at ecore_pipe.c:625 #24 0x00007ffff7eba6a1 in _ecore_call_fd_cb (data=<optimized out>, func=<optimized out>, fd_handler=0x40d1c0) at ecore_private.h:343 #25 _ecore_main_fd_handlers_call () at ecore_main.c:1648 #26 _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1895 #27 0x00007ffff7ebabe7 in ecore_main_loop_begin () at ecore_main.c:934 #28 0x00007ffff46b6429 in WebCore::RunLoop::run () at /home/chris/unencrypted/WebKit/Source/WebCore/platform/efl/RunLoopEfl.cpp:90 #29 0x00007ffff79c0fab in WebKit::WebProcessMainEfl (argc=2, argv=0x7fffffffdea8) at /home/chris/unencrypted/WebKit/Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:126 #30 0x00000000004007c4 in main (argc=2, argv=0x7fffffffdea8) at /home/chris/unencrypted/WebKit/Source/WebKit2/efl/MainEfl.cpp:30
Note You need to log in before you can comment on or make changes to this bug.