[Webkit-unassigned] [Bug 18551] REGRESSION (r31801?): Crash in ContainerNode::removedFromDocument on many SVG tests on Windows

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Apr 17 12:41:40 PDT 2008 

http://bugs.webkit.org/show_bug.cgi?id=18551





------- Comment #2 from aroben at apple.com  2008-04-17 12:41 PDT -------
This test:

svg/W3C-SVG-1.1/animate-elem-63-t.svg

crashes with a similar but different backtrace. It also seems that `this` has
been deleted.

WebKit_debug.dll!WebCore::ContainerNode::removedFromDocument()  Line 672
WebKit_debug.dll!WebCore::Element::removedFromDocument()  Line 714
WebKit_debug.dll!WebCore::ContainerNode::addChildNodesToDeletionQueue(WebCore::Node
* & head=0x020c7398, WebCore::Node * & tail=0x020c8078, WebCore::ContainerNode
* container=0x020c7448)  Line 82
WebKit_debug.dll!WebCore::ContainerNode::removeAllChildren()  Line 94
WebKit_debug.dll!WebCore::ContainerNode::~ContainerNode()  Line 118
WebKit_debug.dll!WebCore::Element::~Element()  Line 119
WebKit_debug.dll!WebCore::StyledElement::~StyledElement()  Line 111
WebKit_debug.dll!WebCore::SVGElement::~SVGElement()  Line 58
WebKit_debug.dll!WebCore::SVGStyledElement::~SVGStyledElement()  Line 55
WebKit_debug.dll!WebCore::SVGStyledLocatableElement::~SVGStyledLocatableElement()
 Line 43
WebKit_debug.dll!WebCore::SVGStyledTransformableElement::~SVGStyledTransformableElement()
 Line 47
WebKit_debug.dll!WebCore::SVGGElement::~SVGGElement()  Line 42
WebKit_debug.dll!WebCore::SVGGElement::`vbase destructor'()  + 0x16 bytes      
C++
WebKit_debug.dll!WebCore::SVGGElement::`scalar deleting destructor'()  + 0x16
bytes     C++
WebKit_debug.dll!WebCore::TreeShared<WebCore::Node>::removedLastRef()  Line 99
WebKit_debug.dll!WebCore::TreeShared<WebCore::Node>::deref()  Line 69
WebKit_debug.dll!WTF::RefPtr<WebCore::SVGElement>::operator=(WebCore::SVGElement
* optr=0x00000000)  Line 112
WebKit_debug.dll!WebCore::SVGSMILElement::removedFromDocument()  Line 128
WebKit_debug.dll!WebCore::ContainerNode::removedFromDocument()  Line 672
WebKit_debug.dll!WebCore::Element::removedFromDocument()  Line 714
WebKit_debug.dll!WebCore::ContainerNode::addChildNodesToDeletionQueue(WebCore::Node
* & head=0x020cf3c0, WebCore::Node * & tail=0x020c7298, WebCore::ContainerNode
* container=0x020b8600)  Line 82
WebKit_debug.dll!WebCore::ContainerNode::removeAllChildren()  Line 109
WebKit_debug.dll!WebCore::Document::removedLastRef()  Line 381
WebKit_debug.dll!WebCore::TreeShared<WebCore::Node>::deref()  Line 69
WebKit_debug.dll!WTF::RefPtr<WebCore::Document>::operator=(const
WTF::PassRefPtr<WebCore::Document> & o={...})  Line 121
WebKit_debug.dll!WebCore::Frame::setDocument(WTF::PassRefPtr<WebCore::Document>
newDoc={...})  Line 257
WebKit_debug.dll!WebCore::FrameLoader::clear(bool clearWindowProperties=true,
bool clearScriptObjects=true)  Line 840
WebKit_debug.dll!WebCore::FrameLoader::begin(const WebCore::KURL & url={...},
bool dispatch=false, WebCore::SecurityOrigin * origin=0x00000000)  Line 913
WebKit_debug.dll!WebCore::FrameLoader::receivedFirstData()  Line 864
WebKit_debug.dll!WebCore::FrameLoader::setEncoding(const WebCore::String &
name={...}, bool userChosen=false)  Line 1833
WebKit_debug.dll!WebFrameLoaderClient::receivedData(const char *
data=0x02121350, int length=8919, const WebCore::String & textEncoding={...}) 
Line 411
WebKit_debug.dll!WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader *
loader=0x01fccca8, const char * data=0x02121350, int length=8919)  Line 383
WebKit_debug.dll!WebCore::FrameLoader::committedLoad(WebCore::DocumentLoader *
loader=0x01fccca8, const char * data=0x02121350, int length=8919)  Line 3332
WebKit_debug.dll!WebCore::DocumentLoader::commitLoad(const char *
data=0x02121350, int length=8919)  Line 343
WebKit_debug.dll!WebCore::DocumentLoader::receivedData(const char *
data=0x02121350, int length=8919)  Line 355
WebKit_debug.dll!WebCore::FrameLoader::receivedData(const char *
data=0x02121350, int length=8919)  Line 2287
WebKit_debug.dll!WebCore::MainResourceLoader::addData(const char *
data=0x02121350, int length=8919, bool allAtOnce=false)  Line 139
WebKit_debug.dll!WebCore::ResourceLoader::didReceiveData(const char *
data=0x02121350, int length=8919, __int64 lengthReceived=8919, bool
allAtOnce=false)  Line 244
WebKit_debug.dll!WebCore::MainResourceLoader::didReceiveData(const char *
data=0x02121350, int length=8919, __int64 lengthReceived=8919, bool
allAtOnce=false)  Line 297
WebKit_debug.dll!WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle
* __formal=0x01fb2440, const char * data=0x02121350, int length=8919, int
lengthReceived=8919)  Line 375
WebKit_debug.dll!WebCore::didReceiveData(_CFURLConnection * conn=0x01fbd7e8,
const __CFData * data=0x02121330, long originalLength=8919, const void *
clientInfo=0x01fb2440)  Line 107


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list