[Webkit-unassigned] [Bug 40161] New: Regression: crash when unloading an iFrame with Flash from the DOM

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jun 4 03:21:29 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=40161

           Summary: Regression: crash when unloading an iFrame with Flash
                    from the DOM
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh Intel
        OS/Version: Mac OS X 10.6
            Status: UNCONFIRMED
          Severity: Critical
          Priority: P2
         Component: HTML DOM
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: sulka at sulake.com


When unloading an iFrame from DOM, which contains an embedded Flash movie, the nightly webkit crashes 100% of the time. I don't have a test case at hand right now, but I'll try to get one (this is happening on the internal development server). The stable Safari and Chrome releases do not crash.

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000048
Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                 0x0000000100f48348 WebCore::Node::setNeedsStyleRecalc(WebCore::StyleChangeType) + 8
1   com.apple.WebCore                 0x0000000101002b03 WebCore::RenderLayerCompositor::detachRootPlatformLayer() + 179
2   com.apple.WebCore                 0x00000001009090ce WebCore::Document::documentWillBecomeInactive() + 30
3   com.apple.WebCore                 0x000000010090e256 WebCore::Document::detach() + 38
4   com.apple.WebCore                 0x0000000100a31701 WebCore::Frame::setView(WTF::PassRefPtr<WebCore::FrameView>) + 129
5   com.apple.WebCore                 0x0000000100a3ab6d WebCore::FrameLoader::closeAndRemoveChild(WebCore::Frame*) + 45
6   com.apple.WebCore                 0x0000000100a3ed82 WebCore::FrameLoader::detachFromParent() + 162
7   com.apple.WebCore                 0x0000000100acdbcd WebCore::HTMLFrameOwnerElement::willRemove() + 45
8   com.apple.WebCore                 0x000000010083a52c WebCore::ContainerNode::willRemove() + 44
9   com.apple.WebCore                 0x000000010083a52c WebCore::ContainerNode::willRemove() + 44
10  com.apple.WebCore                 0x000000010083a52c WebCore::ContainerNode::willRemove() + 44
11  com.apple.WebCore                 0x000000010083a52c WebCore::ContainerNode::willRemove() + 44
12  com.apple.WebCore                 0x000000010083d1cd WebCore::ContainerNode::removeChild(WebCore::Node*, int&) + 221
13  com.apple.WebCore                 0x0000000100d4e09e WebCore::JSNode::removeChild(JSC::ExecState*) + 94
14  com.apple.WebCore                 0x0000000100d4afdc WebCore::jsNodePrototypeFunctionRemoveChild(JSC::ExecState*) + 124
15  ???                               0x000042e1ae00017a 0 + 73537054310778
16  com.apple.JavaScriptCore          0x00000001005a9557 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, JSC::JSValue*) + 919
17  com.apple.Safari                  0x0000000100000001 0x100000000 + 1
18  ???                               0x000000011ef11cd0 0 + 4814085328
19  com.apple.WebCore                 0x0000000100c45690 WebCore::JSDOMWindowShell::~JSDOMWindowShell() + 0
20  ???                               0x0000441f0f66ffff 0 + 74900193083391

Testing using Version 4.0.5 (6531.22.7, r60654).

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list