[Webkit-unassigned] [Bug 35085] New: plugins/iframe-shims.html crashing on GTK Debug bots

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Feb 18 03:16:09 PST 2010 

https://bugs.webkit.org/show_bug.cgi?id=35085

           Summary: plugins/iframe-shims.html crashing on GTK Debug bots
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Mac OS X 10.5
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: pnormand at igalia.com


To reproduce the crash:

ulimit -c unlimited
WebKitTools/Scripts/run-webkit-tests --gtk --debug 
plugins/geturl-replace-query.html plugins/iframe-shims.html

and inspect the core file. Crash won't happen if the test is executed alone. If
it is executed after plugins/geturl-replace-query.html the crash happens...

Program terminated with signal 11, Segmentation fault.
#0  0xf6c4f70b in WTF::HashTable<_NPP*, std::pair<_NPP*, WebCore::PluginView*>,
WTF::PairFirstExtractor<std::pair<_NPP*, WebCore::PluginView*> >,
WTF::PtrHash<_NPP*>, WTF::PairHashTraits<WTF::HashTraits<_NPP*>,
WTF::HashTraits<WebCore::PluginView*> >, WTF::HashTraits<_NPP*>
>::checkKey<_NPP*, WTF::IdentityHashTranslator<_NPP*, std::pair<_NPP*,
WebCore::PluginView*>, WTF::PtrHash<_NPP*> > > (this=0x8fc7050, key=@0x9015acc)
    at ../../JavaScriptCore/wtf/HashTable.h:464
464            ASSERT(!HashTranslator::equal(KeyTraits::emptyValue(), key));
(gdb) bt
#0  0xf6c4f70b in WTF::HashTable<_NPP*, std::pair<_NPP*, WebCore::PluginView*>,
WTF::PairFirstExtractor<std::pair<_NPP*, WebCore::PluginView*> >,
WTF::PtrHash<_NPP*>, WTF::PairHashTraits<WTF::HashTraits<_NPP*>,
WTF::HashTraits<WebCore::PluginView*> >, WTF::HashTraits<_NPP*>
>::checkKey<_NPP*, WTF::IdentityHashTranslator<_NPP*, std::pair<_NPP*,
WebCore::PluginView*>, WTF::PtrHash<_NPP*> > > (this=0x8fc7050, key=@0x9015acc)
    at ../../JavaScriptCore/wtf/HashTable.h:464
#1  0xf6c4eb54 in WTF::HashTable<_NPP*, std::pair<_NPP*, WebCore::PluginView*>,
WTF::PairFirstExtractor<std::pair<_NPP*, WebCore::PluginView*> >,
WTF::PtrHash<_NPP*>, WTF::PairHashTraits<WTF::HashTraits<_NPP*>,
WTF::HashTraits<WebCore::PluginView*> >, WTF::HashTraits<_NPP*>
>::lookup<_NPP*, WTF::IdentityHashTranslator<_NPP*, std::pair<_NPP*,
WebCore::PluginView*>, WTF::PtrHash<_NPP*> > > (this=0x8fc7050, key=@0x9015acc)
    at ../../JavaScriptCore/wtf/HashTable.h:478
#2  0xf6c4ec5f in WTF::HashTable<_NPP*, std::pair<_NPP*, WebCore::PluginView*>,
WTF::PairFirstExtractor<std::pair<_NPP*, WebCore::PluginView*> >,
WTF::PtrHash<_NPP*>, WTF::PairHashTraits<WTF::HashTraits<_NPP*>,
WTF::HashTraits<WebCore::PluginView*> >, WTF::HashTraits<_NPP*> >::find<_NPP*,
WTF::IdentityHashTranslator<_NPP*, std::pair<_NPP*, WebCore::PluginView*>,
WTF::PtrHash<_NPP*> > > (this=0x8fc7050, key=@0x9015acc)
    at ../../JavaScriptCore/wtf/HashTable.h:775
#3  0xf6c4dc3a in WTF::HashTable<_NPP*, std::pair<_NPP*, WebCore::PluginView*>,
WTF::PairFirstExtractor<std::pair<_NPP*, WebCore::PluginView*> >,
WTF::PtrHash<_NPP*>, WTF::PairHashTraits<WTF::HashTraits<_NPP*>,
WTF::HashTraits<WebCore::PluginView*> >, WTF::HashTraits<_NPP*> >::find
(this=0x8fc7050, key=@0x9015acc)
    at ../../JavaScriptCore/wtf/HashTable.h:325
#4  0xf6c4cbe8 in WTF::HashMap<_NPP*, WebCore::PluginView*,
WTF::PtrHash<_NPP*>, WTF::HashTraits<_NPP*>,
WTF::HashTraits<WebCore::PluginView*> >::find (this=0x8fc7050, key=@0x9015acc)
    at ../../JavaScriptCore/wtf/HashMap.h:193
#5  0xf6c4be03 in WTF::HashMap<_NPP*, WebCore::PluginView*,
WTF::PtrHash<_NPP*>, WTF::HashTraits<_NPP*>,
WTF::HashTraits<WebCore::PluginView*> >::remove (this=0x8fc7050,
key=@0x9015acc)
    at ../../JavaScriptCore/wtf/HashMap.h:293
#6  0xf6c46d29 in ~PluginView (this=0x9015948, __in_chrg=<value optimized out>)
    at ../../WebCore/plugins/PluginView.cpp:282
#7  0xf693458f in WTF::RefCounted<WebCore::Widget>::deref (this=0x901594c)
    at ../../JavaScriptCore/wtf/RefCounted.h:109
#8  0xf6c4c963 in WTF::derefIfNotNull<WebCore::PluginView> (ptr=0x9015948)
    at ../../JavaScriptCore/wtf/PassRefPtr.h:53
#9  0xf6c4bcab in ~RefPtr (this=0xffbe4368, __in_chrg=<value optimized out>)
    at ../../JavaScriptCore/wtf/RefPtr.h:54
#10 0xf6f8f911 in WebKit::FrameLoaderClient::createPlugin (this=0x8f1c310,
pluginSize=..., element=0x9012478, 
    url=..., paramNames=..., paramValues=..., mimeType=..., loadManually=false)
    at ../../WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:464
#11 0xf6af22c2 in WebCore::FrameLoader::loadPlugin (this=0x8f3242c,
renderer=0x9011774, url=..., mimeType=..., 
    paramNames=..., paramValues=..., useFallback=false) at
../../WebCore/loader/FrameLoader.cpp:1378
#12 0xf6af1bfb in WebCore::FrameLoader::requestObject (this=0x8f3242c,
renderer=0x9011774, url=..., 
    frameName=..., mimeType=..., paramNames=..., paramValues=...) at
../../WebCore/loader/FrameLoader.cpp:1285
#13 0xf6cc1b8d in WebCore::RenderEmbeddedObject::updateWidget (this=0x9011774, 
    onlyCreateNonNetscapePlugins=true) at
../../WebCore/rendering/RenderEmbeddedObject.cpp:304
#14 0xf6a23285 in WebCore::HTMLEmbedElement::updateWidget (this=0x9012478)
    at ../../WebCore/html/HTMLEmbedElement.cpp:182
#15 0xf6a5b4ce in WebCore::HTMLPlugInElement::updateWidgetCallback
(n=0x9012478)
    at ../../WebCore/html/HTMLPlugInElement.cpp:183
#16 0xf68ce91b in WebCore::ContainerNode::dispatchPostAttachCallbacks ()
    at ../../WebCore/dom/ContainerNode.cpp:574
#17 0xf68ce7be in WebCore::ContainerNode::resumePostAttachCallbacks
(this=0x9012478)
    at ../../WebCore/dom/ContainerNode.cpp:546
#18 0xf690d17c in WebCore::Element::attach (this=0x9012478) at
../../WebCore/dom/Element.cpp:794
#19 0xf6a23123 in WebCore::HTMLEmbedElement::attach (this=0x9012478)
    at ../../WebCore/html/HTMLEmbedElement.cpp:166
#20 0xf69237de in WebCore::Node::lazyAttach (this=0x9012478) at
../../WebCore/dom/Node.cpp:808
#21 0xf68ce484 in WebCore::ContainerNode::appendChild (this=0x900ede8,
newChild=..., ec=@0xffbe487c, 
    shouldLazyAttach=true) at ../../WebCore/dom/ContainerNode.cpp:490
#22 0xf67b16f1 in WebCore::JSNode::appendChild (this=0xf3fcf8c0,
exec=0xf29ff208, args=...)
    at ../../WebCore/bindings/js/JSNodeCustom.cpp:104
#23 0xf71c3936 in WebCore::jsNodePrototypeFunctionAppendChild (exec=0xf29ff208,
thisValue=..., args=...)
    at DerivedSources/JSNode.cpp:460
#24 0xf403516e in ?? ()
#25 0xf7068255 in JSC::JITCode::execute (this=0x90099e8,
registerFile=0x8f4d77c, callFrame=0xf29ff050, 
    globalData=0x8f4b830, exception=0x8f4c2f4) at
../../JavaScriptCore/jit/JITCode.h:79
#26 0xf705a67a in JSC::Interpreter::execute (this=0x8f4d770,
functionExecutable=0x90099d8, 
---Type <return> to continue, or q <return> to quit---
    callFrame=0x8f275f4, function=0xf3fcf300, thisObj=0xf3fc0000, args=...,
scopeChain=0x9008c88, 
    exception=0x8f4c2f4) at
../../JavaScriptCore/interpreter/Interpreter.cpp:686
#27 0xf7120d97 in JSC::JSFunction::call (this=0xf3fcf300, exec=0x8f275f4,
thisValue=..., args=...)
    at ../../JavaScriptCore/runtime/JSFunction.cpp:122
#28 0xf7103596 in JSC::call (exec=0x8f275f4, functionObject=...,
callType=JSC::CallTypeJS, callData=..., 
    thisValue=..., args=...) at ../../JavaScriptCore/runtime/CallData.cpp:39
#29 0xf679e2e4 in WebCore::JSEventListener::handleEvent (this=0x9003a40,
scriptExecutionContext=0x8ffc448, 
    event=0x900dce0) at ../../WebCore/bindings/js/JSEventListener.cpp:115
#30 0xf6914e8d in WebCore::EventTarget::fireEventListeners (this=0x8fad910,
event=0x900dce0)
    at ../../WebCore/dom/EventTarget.cpp:297
#31 0xf6b3a1c8 in WebCore::DOMWindow::dispatchEvent (this=0x8fad910,
prpEvent=..., prpTarget=...)
    at ../../WebCore/page/DOMWindow.cpp:1368
#32 0xf6b39e66 in WebCore::DOMWindow::dispatchLoadEvent (this=0x8fad910)
    at ../../WebCore/page/DOMWindow.cpp:1322
#33 0xf68e0c66 in WebCore::Document::dispatchWindowLoadEvent (this=0x8ffc418)
    at ../../WebCore/dom/Document.cpp:2982
#34 0xf68dcae2 in WebCore::Document::implicitClose (this=0x8ffc418) at
../../WebCore/dom/Document.cpp:1811
#35 0xf6af126c in WebCore::FrameLoader::checkCallImplicitClose (this=0x8f3242c)
    at ../../WebCore/loader/FrameLoader.cpp:1184
#36 0xf6af1051 in WebCore::FrameLoader::checkCompleted (this=0x8f3242c)
    at ../../WebCore/loader/FrameLoader.cpp:1132
#37 0xf6af0dfd in WebCore::FrameLoader::finishedParsing (this=0x8f3242c)
    at ../../WebCore/loader/FrameLoader.cpp:1071
#38 0xf68e57ca in WebCore::Document::finishedParsing (this=0x8ffc418) at
../../WebCore/dom/Document.cpp:4177
#39 0xf6a57e4a in WebCore::HTMLParser::finished (this=0x90039f8) at
../../WebCore/html/HTMLParser.cpp:1662
#40 0xf6a71cea in WebCore::HTMLTokenizer::end (this=0x9002fd8) at
../../WebCore/html/HTMLTokenizer.cpp:1878
#41 0xf6a720da in WebCore::HTMLTokenizer::finish (this=0x9002fd8) at
../../WebCore/html/HTMLTokenizer.cpp:1918
#42 0xf68dd146 in WebCore::Document::finishParsing (this=0x8ffc418) at
../../WebCore/dom/Document.cpp:1959
#43 0xf6af06c0 in WebCore::FrameLoader::endIfNotLoadingMainResource
(this=0x8f3242c)
    at ../../WebCore/loader/FrameLoader.cpp:974
#44 0xf6af061b in WebCore::FrameLoader::end (this=0x8f3242c) at
../../WebCore/loader/FrameLoader.cpp:959
#45 0xf6ada382 in WebCore::DocumentLoader::finishedLoading (this=0x8ff0828)
    at ../../WebCore/loader/DocumentLoader.cpp:268
#46 0xf6af87a4 in WebCore::FrameLoader::finishedLoading (this=0x8f3242c)
    at ../../WebCore/loader/FrameLoader.cpp:2754
#47 0xf6b097be in WebCore::MainResourceLoader::didFinishLoading
(this=0x8ff5b48)
    at ../../WebCore/loader/MainResourceLoader.cpp:424
#48 0xf6b14a0e in WebCore::ResourceLoader::didFinishLoading (this=0x8ff5b48)
    at ../../WebCore/loader/ResourceLoader.cpp:403
#49 0xf6f73dc8 in closeCallback (source=0x8f12950, res=0x8ff7c18)
    at ../../WebCore/platform/network/soup/ResourceHandleSoup.cpp:727
#50 0xf4dcdb65 in async_ready_close_callback_wrapper (source_object=0x8f12950,
res=0x8ff7c18, user_data=0x0)
    at
/build/buildd-glib2.0_2.22.4-1-i386-jRfNZE/glib2.0-2.22.4/gio/ginputstream.c:485
#51 0xf4ddc059 in IA__g_simple_async_result_complete (simple=0x8ff7c18)
    at
/build/buildd-glib2.0_2.22.4-1-i386-jRfNZE/glib2.0-2.22.4/gio/gsimpleasyncresult.c:588
#52 0xf4ddc36e in complete_in_idle_cb_for_thread (_data=0x8f56038)
    at
/build/buildd-glib2.0_2.22.4-1-i386-jRfNZE/glib2.0-2.22.4/gio/gsimpleasyncresult.c:650
#53 0xf4cd0db1 in g_idle_dispatch (source=0x8feb130, callback=0xbbadbeef,
user_data=0x8f56038)
    at
/build/buildd-glib2.0_2.22.4-1-i386-jRfNZE/glib2.0-2.22.4/glib/gmain.c:4065
#54 0xf4cd2b38 in g_main_dispatch (context=0x8ed8318)
    at
/build/buildd-glib2.0_2.22.4-1-i386-jRfNZE/glib2.0-2.22.4/glib/gmain.c:1960
#55 IA__g_main_context_dispatch (context=0x8ed8318)
    at
/build/buildd-glib2.0_2.22.4-1-i386-jRfNZE/glib2.0-2.22.4/glib/gmain.c:2513
#56 0xf4cd63d0 in g_main_context_iterate (context=0x8ed8318, block=<value
optimized out>, dispatch=1, 
    self=0x8eb7218) at
/build/buildd-glib2.0_2.22.4-1-i386-jRfNZE/glib2.0-2.22.4/glib/gmain.c:2591
#57 0xf4cd683f in IA__g_main_loop_run (loop=0x8fa7098)
    at
/build/buildd-glib2.0_2.22.4-1-i386-jRfNZE/glib2.0-2.22.4/glib/gmain.c:2799
#58 0xf50f1149 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0
#59 0x080572b0 in runTest (testPathOrURL=...) at
../../WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp:503
#60 0x08058352 in main (argc=2, argv=0xffbe5ca4) at
../../WebKitTools/DumpRenderTree/gtk/DumpRenderTree.cpp:864

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list