[Webkit-unassigned] [Bug 49005] New: [GTK] Assert running http/tests/navigation/target-frame-from-window.html

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Nov 4 09:36:09 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=49005

           Summary: [GTK] Assert running
                    http/tests/navigation/target-frame-from-window.html
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: nicolas.dufresne at collabora.co.uk


When running LayoutTests/http/tests/navigation/target-frame-from-window.html we observe an assertion:

instance with invalid (NULL) class pointer

This seems to be caused by on-load event being signaled to a destroyed web-view. The WebKitWebView object is stored in a WebKitWebFrame without being reffed. The WebKitWebFrame object which is being kept alive by a pending async call. I think the reference chain is broken here.

Partial backtrace:
#0  0x0000003653834065 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:64
#1  0x0000003653835a16 in abort () at abort.c:92
#2  0x000000365344ab8a in g_logv (log_domain=0x365603a344 "GLib-GObject", log_level=<value optimized out>, format=0x3656040e58 "instance with invalid (NULL) class pointer", 
    args1=0x7fffffffd700) at gmessages.c:557
#3  0x000000365344ac13 in g_log (log_domain=<value optimized out>, log_level=<value optimized out>, format=<value optimized out>) at gmessages.c:577
#4  0x00000036560336fa in g_type_check_instance (type_instance=<value optimized out>) at gtype.c:4060
#5  0x0000003656028a20 in g_signal_emit_by_name (instance=0x6f0280, detailed_signal=0x7ffff6d5b1ce "onload-event") at gsignal.c:3065
#6  0x00007ffff5f71338 in WebKit::FrameLoaderClient::dispatchDidHandleOnloadEvents (this=0x11e1420) at ../../WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:799
#7  0x00007ffff5a81e91 in WebCore::FrameLoader::handledOnloadEvents (this=0x11e15c8) at ../../WebCore/loader/FrameLoader.cpp:2564
 ...

#25 0x00007ffff5ac465d in WebCore::ResourceLoader::didFinishLoading (this=0x11f9260, finishTime=0) at ../../WebCore/loader/ResourceLoader.cpp:421
#26 0x00007ffff5f459d5 in WebCore::closeCallback (source=0x737240 [GLocalFileInputStream], res=0x736f60) at ../../WebCore/platform/network/soup/ResourceHandleSoup.cpp:778
#27 0x000000365685051c in async_ready_close_callback_wrapper (source_object=0x737240 [GLocalFileInputStream], res=0x736f60, user_data=0x0) at ginputstream.c:484
#28 0x000000365685f258 in complete_in_idle_cb_for_thread (_data=0x7d82d0) at gsimpleasyncresult.c:757

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list