[Webkit-unassigned] [Bug 10366] WebKit asserts on innerHTML insert of embed referencing XML which failed to parse

Thu Dec 28 14:23:26 PST 2006

http://bugs.webkit.org/show_bug.cgi?id=10366

ddkilzer at webkit.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ddkilzer at webkit.org,
                   |                            |ggaren at apple.com

------- Comment #2 from ddkilzer at webkit.org  2006-12-28 14:23 PDT -------
This may also be reproduced using Hixie's Live DOM Viewer by doing the
following:

1. Open Safari.
2. Open Hixie's Live DOM Viewer: 
http://software.hixie.ch/utilities/js/live-dom-viewer/
3. Paste in an <embed src=""></embed> tag referencing a non-existent image: 
<embed src="foo.gif"></embed>
4. Position the cursor at the end of the "</embed>" tag.
5. Hit the delete key faster than the Rendered View is able to reload the
missing image.

In debug builds, this causes the following assertion (using a locally-built
debug build of WebKit r18456 with Safari 2.0.4 (419.3) on Mac OS X 10.4.8
(8N1037)):

ASSERTION FAILED: m_frame == m_frame->page()->mainFrame() ||
m_frame->ownerElement()
(/Users/dkilzer/Projects/WebKit/WebCore/page/mac/WebCoreFrameBridge.mm:576
-[WebCoreFrameBridge installInFrame:])
Segmentation fault

And stack trace:

Thread 0 Crashed:
0   com.apple.WebCore           0x01100e27 -[WebCoreFrameBridge
installInFrame:] + 131 (WebCoreFrameBridge.mm:576)
1   com.apple.WebKit            0x00399c20
WebFrameLoaderClient::makeDocumentView() + 318 (WebFrameLoaderClient.mm:209)
2   com.apple.WebCore           0x013740b3
WebCore::FrameLoader::transitionToCommitted(NSDictionary*) + 707
(FrameLoaderMac.mm:953)
3   com.apple.WebCore           0x0137627a
WebCore::FrameLoader::commitProvisionalLoad(NSDictionary*) + 130
(FrameLoaderMac.mm:527)
4   com.apple.WebCore           0x01370e3d
WebCore::DocumentLoader::commitIfReady() + 73 (DocumentLoaderMac.mm:287)
5   com.apple.WebCore           0x01371609
WebCore::DocumentLoader::commitLoad(char const*, int) + 35
(DocumentLoaderMac.mm:324)
6   com.apple.WebCore           0x0137184c
WebCore::DocumentLoader::receivedData(char const*, int) + 76
(DocumentLoaderMac.mm:338)
7   com.apple.WebCore           0x01372c33
WebCore::FrameLoader::receivedData(char const*, int) + 41
(FrameLoaderMac.mm:568)
8   com.apple.WebCore           0x0137b0d2
WebCore::MainResourceLoader::addData(char const*, int, bool) + 80
(MainResourceLoaderMac.mm:148)
9   com.apple.WebCore           0x013799e7
WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) + 83
(ResourceLoaderMac.mm:282)
10  com.apple.WebCore           0x0137b407
WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool)
+ 281 (MainResourceLoaderMac.mm:312)
11  com.apple.WebCore           0x01379676
WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*,
int, int) + 58 (ResourceLoaderMac.mm:442)
12  com.apple.WebCore           0x013888be -[WebCoreResourceHandleAsDelegate
connection:didReceiveData:lengthReceived:] + 172 (ResourceHandleMac.mm:278)
13  com.apple.Foundation        0x9265eb86
-[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 641
14  com.apple.Foundation        0x9265ce67
-[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 686
15  com.apple.Foundation        0x9265cb41 _sendCallbacks + 201
16  com.apple.CoreFoundation    0x9082afd2 CFRunLoopRunSpecific + 1213
17  com.apple.CoreFoundation    0x9082ab0e CFRunLoopRunInMode + 61
18  com.apple.HIToolbox         0x92ddabef RunCurrentEventLoopInMode + 285
19  com.apple.HIToolbox         0x92dda2fd ReceiveNextEventCommon + 385
20  com.apple.HIToolbox         0x92dda154
BlockUntilNextEventMatchingListInMode + 81
21  com.apple.AppKit            0x9327f465 _DPSNextEvent + 572
22  com.apple.AppKit            0x9327f056 -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] + 137
23  com.apple.Safari            0x00006cea 0x1000 + 23786
24  com.apple.AppKit            0x93278ddb -[NSApplication run] + 512
25  com.apple.AppKit            0x9326cd2f NSApplicationMain + 573
26  com.apple.Safari            0x0005f54a 0x1000 + 386378
27  com.apple.Safari            0x0005f471 0x1000 + 386161

-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.