[Webkit-unassigned] [Bug 18803] CRASH: ContainerNode::willRemove() called on deleted node

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Apr 30 11:04:04 PDT 2008 

http://bugs.webkit.org/show_bug.cgi?id=18803





------- Comment #5 from eric at webkit.org  2008-04-30 11:04 PDT -------
Ok, I stopped this in the debugger for DRT.  And have a better stack trace. 
We're re-entering ContainerNode::removeChildren(), this is similar to a bug we
fixed a year ago in ContainerNode::removeAllChildren().

In this case, we're re-entering JS and running a second on-load handler while
we're running the first.  I doubt that's what we intended...  Probably we
should have been in a forbid event dispatch block?

I'd be curious to hear other's thoughts.

#0      0x025fcc55 in WebCore::ContainerNode::removeChildren at
ContainerNode.cpp:466
#1      0x026896ca in WebCore::Document::clear at Document.cpp:1700
#2      0x0268f226 in WebCore::Document::implicitOpen at Document.cpp:1437
#3      0x026924ff in WebCore::Document::open at Document.cpp:1414
#4      0x02858335 in WebCore::JSHTMLDocument::open at
JSHTMLDocumentCustom.cpp:115
#5      0x02856c1c in WebCore::jsHTMLDocumentPrototypeFunctionOpen at
JSHTMLDocument.cpp:276
#6      0x00271d5c in KJS::PrototypeFunction::callAsFunction at
function.cpp:905
#7      0x00293ffa in KJS::JSObject::call at object.cpp:99
#8      0x002f6ad6 in KJS::FunctionCallDotNode::inlineEvaluate at
nodes.cpp:1495
#9      0x002aaa4a in KJS::FunctionCallDotNode::evaluate at nodes.cpp:1500
#10     0x0029b559 in KJS::ExprStatementNode::execute at nodes.cpp:3993
#11     0x0027da5b in statementListExecute at nodes.cpp:3946
#12     0x0027dae8 in KJS::BlockNode::execute at nodes.cpp:3971
#13     0x0028bcb2 in KJS::FunctionBodyNode::execute at nodes.cpp:4890
#14     0x0028c4bc in KJS::FunctionImp::callAsFunction at function.cpp:78
#15     0x00293ffa in KJS::JSObject::call at object.cpp:99
#16     0x002f6ad6 in KJS::FunctionCallDotNode::inlineEvaluate at
nodes.cpp:1495
#17     0x002aaa4a in KJS::FunctionCallDotNode::evaluate at nodes.cpp:1500
#18     0x0029b559 in KJS::ExprStatementNode::execute at nodes.cpp:3993
#19     0x0027da5b in statementListExecute at nodes.cpp:3946
#20     0x0027dae8 in KJS::BlockNode::execute at nodes.cpp:3971
#21     0x0028bcb2 in KJS::FunctionBodyNode::execute at nodes.cpp:4890
#22     0x0028c4bc in KJS::FunctionImp::callAsFunction at function.cpp:78
#23     0x00293ffa in KJS::JSObject::call at object.cpp:99
#24     0x02bd920e in WebCore::JSAbstractEventListener::handleEvent at
kjs_events.cpp:100
#25     0x02689be9 in WebCore::Document::handleWindowEvent at Document.cpp:2616
#26     0x026e9944 in WebCore::EventTargetNode::dispatchWindowEvent at
EventTargetNode.cpp:147
#27     0x0268ef23 in WebCore::Document::implicitClose at Document.cpp:1549
#28     0x02721b3c in WebCore::FrameLoader::checkCallImplicitClose at
FrameLoader.cpp:1329
#29     0x0272da0a in WebCore::FrameLoader::checkCompleted at
FrameLoader.cpp:1281
#30     0x0272d310 in WebCore::FrameLoader::completed at FrameLoader.cpp:1995
#31     0x0272da60 in WebCore::FrameLoader::checkCompleted at
FrameLoader.cpp:1288 // NOW WE'RE IN TROUBLE...
#32     0x0272dade in WebCore::FrameLoader::mainReceivedCompleteError at
FrameLoader.cpp:4583
#33     0x026b2e21 in WebCore::DocumentLoader::mainReceivedError at
DocumentLoader.cpp:261
#34     0x0272e095 in WebCore::FrameLoader::receivedMainResourceError at
FrameLoader.cpp:3506
#35     0x0291ab96 in WebCore::MainResourceLoader::didCancel at
MainResourceLoader.cpp:102
#36     0x02a2f6e6 in WebCore::ResourceLoader::cancel at ResourceLoader.cpp:349
#37     0x02a2f721 in WebCore::ResourceLoader::cancel at ResourceLoader.cpp:339
#38     0x026b2f28 in WebCore::DocumentLoader::stopLoading at
DocumentLoader.cpp:299
#39     0x027281dc in WebCore::FrameLoader::stopAllLoaders at
FrameLoader.cpp:2488
#40     0x0272860d in WebCore::FrameLoader::stopLoadingSubframes at
FrameLoader.cpp:2473
#41     0x027281ae in WebCore::FrameLoader::stopAllLoaders at
FrameLoader.cpp:2486
#42     0x02730e49 in WebCore::FrameLoader::frameDetached at
FrameLoader.cpp:3294
#43     0x02775ebc in WebCore::HTMLFrameOwnerElement::willRemove at
HTMLFrameOwnerElement.cpp:46 // HERE WE GO....
#44     0x025fb4ab in WebCore::ContainerNode::willRemove at
ContainerNode.cpp:347
#45     0x025fb4ab in WebCore::ContainerNode::willRemove at
ContainerNode.cpp:347
#46     0x025fcc0f in willRemoveChild at ContainerNode.cpp:361
#47     0x025fcc68 in WebCore::ContainerNode::removeChildren at
ContainerNode.cpp:467
#48     0x026896ca in WebCore::Document::clear at Document.cpp:1700
#49     0x0268f226 in WebCore::Document::implicitOpen at Document.cpp:1437
#50     0x026924ff in WebCore::Document::open at Document.cpp:1414
#51     0x02858335 in WebCore::JSHTMLDocument::open at
JSHTMLDocumentCustom.cpp:115
#52     0x02856c1c in WebCore::jsHTMLDocumentPrototypeFunctionOpen at
JSHTMLDocument.cpp:276
#53     0x00271d5c in KJS::PrototypeFunction::callAsFunction at
function.cpp:905
#54     0x00293ffa in KJS::JSObject::call at object.cpp:99
#55     0x002f6ad6 in KJS::FunctionCallDotNode::inlineEvaluate at
nodes.cpp:1495
#56     0x002aaa4a in KJS::FunctionCallDotNode::evaluate at nodes.cpp:1500
#57     0x0029b559 in KJS::ExprStatementNode::execute at nodes.cpp:3993
#58     0x0027da5b in statementListExecute at nodes.cpp:3946
#59     0x0027dae8 in KJS::BlockNode::execute at nodes.cpp:3971
#60     0x0028bcb2 in KJS::FunctionBodyNode::execute at nodes.cpp:4890
#61     0x0028c4bc in KJS::FunctionImp::callAsFunction at function.cpp:78
#62     0x00293ffa in KJS::JSObject::call at object.cpp:99
#63     0x002f6ad6 in KJS::FunctionCallDotNode::inlineEvaluate at
nodes.cpp:1495
#64     0x002aaa4a in KJS::FunctionCallDotNode::evaluate at nodes.cpp:1500
#65     0x0029b559 in KJS::ExprStatementNode::execute at nodes.cpp:3993
#66     0x0027da5b in statementListExecute at nodes.cpp:3946
#67     0x0027dae8 in KJS::BlockNode::execute at nodes.cpp:3971
#68     0x0028bcb2 in KJS::FunctionBodyNode::execute at nodes.cpp:4890
#69     0x0028c4bc in KJS::FunctionImp::callAsFunction at function.cpp:78
#70     0x00293ffa in KJS::JSObject::call at object.cpp:99
#71     0x02bd920e in WebCore::JSAbstractEventListener::handleEvent at
kjs_events.cpp:100
#72     0x02689be9 in WebCore::Document::handleWindowEvent at Document.cpp:2616
#73     0x026e9944 in WebCore::EventTargetNode::dispatchWindowEvent at
EventTargetNode.cpp:147
#74     0x0268ef23 in WebCore::Document::implicitClose at Document.cpp:1549
#75     0x02721b3c in WebCore::FrameLoader::checkCallImplicitClose at
FrameLoader.cpp:1329
#76     0x0272da0a in WebCore::FrameLoader::checkCompleted at
FrameLoader.cpp:1281
#77     0x0272d310 in WebCore::FrameLoader::completed at FrameLoader.cpp:1995
#78     0x0272da60 in WebCore::FrameLoader::checkCompleted at
FrameLoader.cpp:1288
#79     0x0273047a in WebCore::FrameLoader::finishedParsing at
FrameLoader.cpp:1231
#80     0x0268cf44 in WebCore::Document::finishedParsing at Document.cpp:3698
#81     0x027e880f in WebCore::ImageTokenizer::finish at ImageDocument.cpp:128
#82     0x02687102 in WebCore::Document::finishParsing at Document.cpp:1692
#83     0x0272dbce in WebCore::FrameLoader::endIfNotLoadingMainResource at
FrameLoader.cpp:1060
#84     0x0272dc03 in WebCore::FrameLoader::end at FrameLoader.cpp:1044
#85     0x026b3468 in WebCore::DocumentLoader::finishedLoading at
DocumentLoader.cpp:335
#86     0x02728d36 in WebCore::FrameLoader::finishedLoading at
FrameLoader.cpp:2892
#87     0x0291aebb in WebCore::MainResourceLoader::didFinishLoading at
MainResourceLoader.cpp:319
#88     0x02a2f270 in WebCore::ResourceLoader::didFinishLoading at
ResourceLoader.cpp:389
#89     0x02a2c9d5 in -[WebCoreResourceHandleAsDelegate
connectionDidFinishLoading:] at ResourceHandleMac.mm:521
#90     0x94c8e8b7 in -[NSURLConnection(NSURLConnectionReallyInternal)
sendDidFinishLoading]
#91     0x94c8e844 in _NSURLConnectionDidFinishLoading
#92     0x9059a7f3 in sendDidFinishLoadingCallback
#93     0x90597920 in _CFURLConnectionSendCallbacks
#94     0x905970d9 in muxerSourcePerform
#95     0x90b2562e in CFRunLoopRunSpecific
#96     0x90b25d18 in CFRunLoopRunInMode
#97     0x94c5db15 in -[NSRunLoop(NSRunLoop) runMode:beforeDate:]
#98     0x0000598a in runTest at DumpRenderTree.mm:896
#99     0x0000604c in dumpRenderTree (100 of 101 frames) (100 of 101 frames)
(100 of 101 frames) (100 of 101 frames) (100 of 101 frames) (100 of 101 frames)
(100 of 101 frames) (100 of 101 frames) at DumpRenderTree.mm:424
#100    0x000061d4 in main at DumpRenderTree.mm:464


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list