[Webkit-unassigned] [Bug 18551] REGRESSION (r31801?): Crash in ContainerNode::removedFromDocument on many SVG tests on Windows

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Apr 17 12:41:06 PDT 2008 

http://bugs.webkit.org/show_bug.cgi?id=18551





------- Comment #1 from aroben at apple.com  2008-04-17 12:41 PDT -------
One set of failing tests:

svg/W3C-SVG-1.1/animate-elem-03-t.svg
svg/W3C-SVG-1.1/animate-elem-05-t.svg
svg/W3C-SVG-1.1/animate-elem-09-t.svg
svg/W3C-SVG-1.1/animate-elem-11-t.svg
svg/W3C-SVG-1.1/animate-elem-13-t.svg
svg/W3C-SVG-1.1/animate-elem-15-t.svg
svg/W3C-SVG-1.1/animate-elem-17-t.svg
svg/W3C-SVG-1.1/animate-elem-19-t.svg
svg/W3C-SVG-1.1/animate-elem-23-t.svg
svg/W3C-SVG-1.1/animate-elem-29-b.svg
svg/W3C-SVG-1.1/animate-elem-31-t.svg
svg/W3C-SVG-1.1/animate-elem-33-t.svg
svg/W3C-SVG-1.1/animate-elem-36-t.svg
svg/W3C-SVG-1.1/animate-elem-40-t.svg
svg/W3C-SVG-1.1/animate-elem-44-t.svg
svg/W3C-SVG-1.1/animate-elem-52-t.svg
svg/W3C-SVG-1.1/animate-elem-61-t.svg
svg/W3C-SVG-1.1/animate-elem-65-t.svg
svg/W3C-SVG-1.1/animate-elem-67-t.svg
svg/W3C-SVG-1.1/animate-elem-69-t.svg
svg/W3C-SVG-1.1/animate-elem-77-t.svg
svg/W3C-SVG-1.1/animate-elem-80-t.svg
svg/W3C-SVG-1.1/animate-elem-82-t.svg
svg/W3C-SVG-1.1/color-prof-01-f.svg
svg/W3C-SVG-1.1/pservers-pattern-01-b.svg

These all crash with the following backtrace. It seems that `this` has been
deleted.

WebKit_debug.dll!WebCore::ContainerNode::removedFromDocument()  Line 672
WebKit_debug.dll!WebCore::Element::removedFromDocument()  Line 714
WebKit_debug.dll!WebCore::ContainerNode::addChildNodesToDeletionQueue(WebCore::Node
* & head=0x06f99b28, WebCore::Node * & tail=0x01fa16a8, WebCore::ContainerNode
* container=0x06f66650)  Line 82
WebKit_debug.dll!WebCore::ContainerNode::removeAllChildren()  Line 109
WebKit_debug.dll!WebCore::Document::removedLastRef()  Line 381
WebKit_debug.dll!WebCore::TreeShared<WebCore::Node>::deref()  Line 69
WebKit_debug.dll!WTF::RefPtr<WebCore::Document>::operator=(const
WTF::PassRefPtr<WebCore::Document> & o={...})  Line 121
WebKit_debug.dll!WebCore::Frame::setDocument(WTF::PassRefPtr<WebCore::Document>
newDoc={...})  Line 257
WebKit_debug.dll!WebCore::FrameLoader::clear(bool clearWindowProperties=true,
bool clearScriptObjects=true)  Line 840
WebKit_debug.dll!WebCore::FrameLoader::begin(const WebCore::KURL & url={...},
bool dispatch=false, WebCore::SecurityOrigin * origin=0x00000000)  Line 913
WebKit_debug.dll!WebCore::FrameLoader::receivedFirstData()  Line 864
WebKit_debug.dll!WebCore::FrameLoader::setEncoding(const WebCore::String &
name={...}, bool userChosen=false)  Line 1833
WebKit_debug.dll!WebFrameLoaderClient::receivedData(const char *
data=0x07037e50, int length=8526, const WebCore::String & textEncoding={...}) 
Line 411
WebKit_debug.dll!WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader *
loader=0x06eeb188, const char * data=0x07037e50, int length=8526)  Line 383
WebKit_debug.dll!WebCore::FrameLoader::committedLoad(WebCore::DocumentLoader *
loader=0x06eeb188, const char * data=0x07037e50, int length=8526)  Line 3332
WebKit_debug.dll!WebCore::DocumentLoader::commitLoad(const char *
data=0x07037e50, int length=8526)  Line 343
WebKit_debug.dll!WebCore::DocumentLoader::receivedData(const char *
data=0x07037e50, int length=8526)  Line 355
WebKit_debug.dll!WebCore::FrameLoader::receivedData(const char *
data=0x07037e50, int length=8526)  Line 2287
WebKit_debug.dll!WebCore::MainResourceLoader::addData(const char *
data=0x07037e50, int length=8526, bool allAtOnce=false)  Line 139
WebKit_debug.dll!WebCore::ResourceLoader::didReceiveData(const char *
data=0x07037e50, int length=8526, __int64 lengthReceived=8526, bool
allAtOnce=false)  Line 244
WebKit_debug.dll!WebCore::MainResourceLoader::didReceiveData(const char *
data=0x07037e50, int length=8526, __int64 lengthReceived=8526, bool
allAtOnce=false)  Line 297
WebKit_debug.dll!WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle
* __formal=0x06faaa78, const char * data=0x07037e50, int length=8526, int
lengthReceived=8526)  Line 375
WebKit_debug.dll!WebCore::didReceiveData(_CFURLConnection * conn=0x01fd9a98,
const __CFData * data=0x07037e38, long originalLength=8526, const void *
clientInfo=0x06faaa78)  Line 107


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list