[Webkit-unassigned] [Bug 34057] New: [gtk] webkit_web_view_execute_script causes assertion failure

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Jan 24 07:57:10 PST 2010 

https://bugs.webkit.org/show_bug.cgi?id=34057

           Summary: [gtk] webkit_web_view_execute_script causes assertion
                    failure
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: iain at thenicols.net


If you have Epiphany with Seed extension support, one way to trigger a
crash is to enable the following extension, then restart Epiphany.

extension = {
    attach_tab:
    function (window, embed) {
        embed.get_web_view().execute_script('');
    }
}

The actual crash doesn't happen inside the attach_tab handler, but
instead during a subsequent call to webkit_web_view_execute_script:

ASSERTION FAILED: exec->globalData().identifierTable ==
currentIdentifierTable()
(JavaScriptCore/runtime/Completion.cpp:52 JSC::Completion
JSC::evaluate(JSC::ExecState*, JSC::ScopeChain&, const JSC::SourceCode&,
JSC::JSValue))

Program received signal SIGSEGV, Segmentation fault.
0x016612bd in JSC::evaluate (exec=0x8c3144c, scopeChain=..., source=...,
thisValue=...) at JavaScriptCore/runtime/Completion.cpp:52
(gdb) bt
#0  0x016612bd in JSC::evaluate (exec=0x8c3144c, scopeChain=..., source=...,
thisValue=...) at JavaScriptCore/runtime/Completion.cpp:52
#1  0x00f4ae2f in WebCore::ScriptController::evaluateInWorld (this=0x87de6b4,
sourceCode=..., world=0x8c30674) at
WebCore/bindings/js/ScriptController.cpp:126
#2  0x00f4affa in WebCore::ScriptController::evaluate (this=0x87de6b4,
sourceCode=...) at WebCore/bindings/js/ScriptController.cpp:152
#3  0x00f63dfd in WebCore::ScriptController::executeScript (this=0x87de6b4,
sourceCode=...) at WebCore/bindings/ScriptControllerBase.cpp:56
#4  0x00f63d39 in WebCore::ScriptController::executeScript (this=0x87de6b4,
script=..., forceUserGesture=true) at
WebCore/bindings/ScriptControllerBase.cpp:45
#5  0x01571891 in webkit_web_view_execute_script (webView=0x8c23018,
script=0x810164c "var node =
document.getElementById('epiphanyWebKitFloatingStatusBar');if (node)
node.parentNode.removeChild(node);") at
WebKit/gtk/webkit/webkitwebview.cpp:3275
#6  0x0807cd7d in ephy_window_link_message_cb (web_view=0x8c23018,
spec=0x89740e0, window=0x87c8020) at ephy-window.c:2689
#7  0x00577dd7 in g_cclosure_marshal_VOID__PARAM (closure=0x8c46a40,
return_value=0x0, n_param_values=2, param_values=0x8c1def0,
invocation_hint=0xbfffcb7c, marshal_data=0x0) at gmarshal.c:531
#8  0x0055f126 in g_closure_invoke (closure=0x8c46a40, return_value=0x0,
n_param_values=2, param_values=0x8c1def0, invocation_hint=0xbfffcb7c) at
gclosure.c:767
#9  0x00576cdb in signal_emit_unlocked_R (node=0x812cb88, detail=3679,
instance=0x8c23018, emission_return=0x0, instance_and_params=0x8c1def0) at
gsignal.c:3243
#10 0x00576026 in g_signal_emit_valist (instance=0x8c23018, signal_id=1,
detail=3679, var_args=0xbfffcd70 "ЫY") at gsignal.c:2976
#11 0x00576312 in g_signal_emit (instance=0x8c23018, signal_id=1, detail=3679)
at gsignal.c:3033
#12 0x00561eae in g_object_dispatch_properties_changed (object=0x8c23018,
n_pspecs=5, pspecs=0xbfffcdc4) at gobject.c:801
#13 0x00560d36 in g_object_notify_dispatcher (object=0x8c23018, n_pspecs=5,
pspecs=0xbfffcdc4) at gobject.c:328
#14 0x00560863 in g_object_notify_queue_thaw (object=0x8c23018,
nqueue=0x8e94a00) at gobjectnotifyqueue.c:120
#15 0x00562360 in g_object_thaw_notify (object=0x8c23018) at gobject.c:918
#16 0x080cd22b in ephy_web_view_location_changed (view=0x8c23018,
location=0x8c37f48 "about:blank") at ephy-web-view.c:2669
#17 0x080bc9cd in load_status_changed_cb (view=0x8c23018, spec=0x8975290,
embed=0x891cc08) at ephy-embed.c:215
#18 0x00577dd7 in g_cclosure_marshal_VOID__PARAM (closure=0x8c2fb68,
return_value=0x0, n_param_values=2, param_values=0x8c1de78,
invocation_hint=0xbfffcfec, marshal_data=0x0) at gmarshal.c:531
#19 0x0055f126 in g_closure_invoke (closure=0x8c2fb68, return_value=0x0,
n_param_values=2, param_values=0x8c1de78, invocation_hint=0xbfffcfec) at
gclosure.c:767
#20 0x00576cdb in signal_emit_unlocked_R (node=0x812cb88, detail=3667,
instance=0x8c23018, emission_return=0x0, instance_and_params=0x8c1de78) at
gsignal.c:3243
#21 0x00576026 in g_signal_emit_valist (instance=0x8c23018, signal_id=1,
detail=3667, var_args=0xbfffd1e0 "ЫY") at gsignal.c:2976
#22 0x00576312 in g_signal_emit (instance=0x8c23018, signal_id=1, detail=3667)
at gsignal.c:3033
#23 0x00561eae in g_object_dispatch_properties_changed (object=0x8c23018,
n_pspecs=1, pspecs=0xbfffd234) at gobject.c:801
#24 0x00560d36 in g_object_notify_dispatcher (object=0x8c23018, n_pspecs=1,
pspecs=0xbfffd234) at gobject.c:328
#25 0x00560863 in g_object_notify_queue_thaw (object=0x8c23018,
nqueue=0x8e82c80) at gobjectnotifyqueue.c:120
#26 0x00562218 in g_object_notify (object=0x8c23018, property_name=0x1b5a0f3
"load-status") at gobject.c:888
#27 0x0154d3c0 in WebKit::notifyStatus (frame=0x8c1cf20,
loadStatus=WEBKIT_LOAD_COMMITTED) at
WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:107
#28 0x01550171 in WebKit::FrameLoaderClient::dispatchDidCommitLoad
(this=0x87de2f8) at WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:771
#29 0x01251fa9 in WebCore::FrameLoader::dispatchDidCommitLoad (this=0x87de3f4)
at WebCore/loader/FrameLoader.cpp:4008
#30 0x012441c2 in WebCore::FrameLoader::receivedFirstData (this=0x87de3f4) at
WebCore/loader/FrameLoader.cpp:759
#31 0x012474b6 in WebCore::FrameLoader::setEncoding (this=0x87de3f4, name=...,
userChosen=false) at WebCore/loader/FrameLoader.cpp:1480
#32 0x01550852 in WebKit::FrameLoaderClient::finishedLoading (this=0x87de2f8,
documentLoader=0x8e83c00) at
WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:866
#33 0x0124d440 in WebCore::FrameLoader::finishedLoadingDocument
(this=0x87de3f4, loader=0x8e83c00) at WebCore/loader/FrameLoader.cpp:2809
#34 0x0122fd05 in WebCore::DocumentLoader::finishedLoading (this=0x8e83c00) at
WebCore/loader/DocumentLoader.cpp:267
#35 0x0124d1b8 in WebCore::FrameLoader::finishedLoading (this=0x87de3f4) at
WebCore/loader/FrameLoader.cpp:2749
#36 0x0125d416 in WebCore::MainResourceLoader::didFinishLoading
(this=0x8e85400) at WebCore/loader/MainResourceLoader.cpp:424
#37 0x0125cbd5 in WebCore::MainResourceLoader::continueAfterContentPolicy
(this=0x8e85400, contentPolicy=PolicyUse, r=...) at
WebCore/loader/MainResourceLoader.cpp:267
#38 0x0125ccec in WebCore::MainResourceLoader::continueAfterContentPolicy
(this=0x8e85400, policy=PolicyUse) at WebCore/loader/MainResourceLoader.cpp:281
#39 0x0125cc28 in WebCore::MainResourceLoader::callContinueAfterContentPolicy
(argument=0x8e85400, policy=PolicyUse) at
WebCore/loader/MainResourceLoader.cpp:273
#40 0x0125fbc3 in WebCore::PolicyCallback::call (this=0xbfffd69c,
action=PolicyUse) at WebCore/loader/PolicyCallback.cpp:112
#41 0x012607f0 in WebCore::PolicyChecker::continueAfterContentPolicy
(this=0x87de3fc, policy=PolicyUse) at WebCore/loader/PolicyChecker.cpp:187
#42 0x01562bd1 in webkit_web_policy_decision_use (decision=0x8c4ab60) at
WebKit/gtk/webkit/webkitwebpolicydecision.cpp:89
#43 0x0154e199 in WebKit::FrameLoaderClient::dispatchDecidePolicyForMIMEType
(this=0x87de2f8, policyFunction=(void
(WebCore::PolicyChecker::*)(WebCore::PolicyChecker *, WebCore::PolicyAction))
0x12607a0
<WebCore::PolicyChecker::continueAfterContentPolicy(WebCore::PolicyAction)>,
mimeType=..., resourceRequest=...) at
WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:320
#44 0x012603a9 in WebCore::PolicyChecker::checkContentPolicy (this=0x87de3fc,
MIMEType=..., function=0x125cc04
<WebCore::MainResourceLoader::callContinueAfterContentPolicy(void*,
WebCore::PolicyAction)>, argument=0x8e85400) at
WebCore/loader/PolicyChecker.cpp:104
#45 0x0125d12d in WebCore::MainResourceLoader::didReceiveResponse
(this=0x8e85400, r=...) at WebCore/loader/MainResourceLoader.cpp:372
#46 0x0125d653 in WebCore::MainResourceLoader::handleEmptyLoad (this=0x8e85400,
url=..., forURLScheme=false) at WebCore/loader/MainResourceLoader.cpp:457
#47 0x0125dad3 in WebCore::MainResourceLoader::loadNow (this=0x8e85400, r=...)
at WebCore/loader/MainResourceLoader.cpp:518
#48 0x0125dc69 in WebCore::MainResourceLoader::load (this=0x8e85400, r=...,
substituteData=...) at WebCore/loader/MainResourceLoader.cpp:544
#49 0x012318a3 in WebCore::DocumentLoader::startLoadingMainResource
(this=0x8e83c00, identifier=1) at WebCore/loader/DocumentLoader.cpp:727
#50 0x0124e031 in WebCore::FrameLoader::continueLoadAfterWillSubmitForm
(this=0x87de3f4) at WebCore/loader/FrameLoader.cpp:3033
#51 0x0124fbe3 in WebCore::FrameLoader::continueLoadAfterNavigationPolicy
(this=0x87de3f4, formState=..., shouldContinue=true) at
WebCore/loader/FrameLoader.cpp:3508
#52 0x0124f802 in WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy
(argument=0x87de3f4, request=..., formState=..., shouldContinue=true) at
WebCore/loader/FrameLoader.cpp:3439
#53 0x0125f9e5 in WebCore::PolicyCallback::call (this=0xbfffddf8,
shouldContinue=true) at WebCore/loader/PolicyCallback.cpp:101
#54 0x012606b3 in WebCore::PolicyChecker::continueAfterNavigationPolicy
(this=0x87de3fc, policy=PolicyUse) at WebCore/loader/PolicyChecker.cpp:160
#55 0x01562bd1 in webkit_web_policy_decision_use (decision=0x8c4aac0) at
WebKit/gtk/webkit/webkitwebpolicydecision.cpp:89
#56 0x0154e845 in
WebKit::FrameLoaderClient::dispatchDecidePolicyForNavigationAction
(this=0x87de2f8, policyFunction=(void
(WebCore::PolicyChecker::*)(WebCore::PolicyChecker *, WebCore::PolicyAction))
0x126051e
<WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction)>,
action=..., resourceRequest=...) at
WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:435
#57 0x012601f1 in WebCore::PolicyChecker::checkNavigationPolicy
(this=0x87de3fc, request=..., loader=0x8e83c00, formState=...,
function=0x124f7b0
<WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*,
WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>,
argument=0x87de3f4) at WebCore/loader/PolicyChecker.cpp:88
#58 0x0124a747 in WebCore::FrameLoader::loadWithDocumentLoader (this=0x87de3f4,
loader=0x8e83c00, type=FrameLoadTypeStandard, prpFormState=...) at
WebCore/loader/FrameLoader.cpp:2083
#59 0x0124a302 in WebCore::FrameLoader::load (this=0x87de3f4,
newDocumentLoader=0x8e83c00) at WebCore/loader/FrameLoader.cpp:2037
#60 0x01249e0e in WebCore::FrameLoader::load (this=0x87de3f4, request=...,
substituteData=..., lockHistory=false) at WebCore/loader/FrameLoader.cpp:1978
#61 0x01249c6c in WebCore::FrameLoader::load (this=0x87de3f4, request=...,
lockHistory=false) at WebCore/loader/FrameLoader.cpp:1965
#62 0x0155cd9b in webkit_web_frame_load_uri (frame=0x8c1cf20, uri=0x8e93fa8
"about:blank") at WebKit/gtk/webkit/webkitwebframe.cpp:534
#63 0x01570df8 in webkit_web_view_load_uri (webView=0x8c23018, uri=0x8e93fa8
"about:blank") at WebKit/gtk/webkit/webkitwebview.cpp:3089
#64 0x01570bba in webkit_web_view_open (webView=0x8c23018, uri=0x8e93fa8
"about:blank") at WebKit/gtk/webkit/webkitwebview.cpp:3049
#65 0x080cc37f in ephy_web_view_load_url (view=0x8c23018, url=0x8e845d8
"about:blank") at ephy-web-view.c:2136
#66 0x080742f6 in load_homepage (embed=0x891cc08) at ephy-shell.c:400
#67 0x0807469d in ephy_shell_new_tab_full (shell=0x8160c38, parent_window=0x0,
previous_embed=0x0, request=0x0, flags=1025, chrome=15, is_popup=0,
user_time=602202) at ephy-shell.c:519
#68 0x080718bf in session_command_dispatch (session=0x8155400) at
ephy-session.c:710
#69 0x00cc9b47 in g_idle_dispatch (source=0x875bad8, callback=0x8071753
<session_command_dispatch>, user_data=0x8155400) at gmain.c:4065
#70 0x00cc6070 in g_main_dispatch (context=0x8145138) at gmain.c:1960
#71 0x00cc7368 in g_main_context_dispatch (context=0x8145138) at gmain.c:2513
#72 0x00cc77b8 in g_main_context_iterate (context=0x8145138, block=1,
dispatch=1, self=0x811bee0) at gmain.c:2591
#73 0x00cc7f22 in g_main_loop_run (loop=0x8708548) at gmain.c:2799
#74 0x01fe3f86 in IA__gtk_main () at gtkmain.c:1219
#75 0x0806e92a in main (argc=1, argv=0xbffff894) at ephy-main.c:739

The assertion failed because exec->globalData().identifierTable has a
sensible value, but currentIdentifierTable() returned NULL.

Many (all?) JavaScriptCore APIs begin with the code:

    ExecState* exec = toJS(ctx);
    APIEntryShim entryShim(exec);

On the construction of the entry shim, the value of
currentIdentifierTable() is stored, and
setCurrentIdentifierTable(globalData->identifierTable) is called.  On
its destruction, the initial value of currentIdentifierTable() is
restored.

I think something analogous is needed for
webkit_web_view_execute_script.  However, we cannot use the above code
directly because the function is not passed a JSContextRef `ctx' parameter.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list