[Webkit-unassigned] [Bug 70841] New: Crash in WebCore::HistoryItem::addChildItem(WTF::PassRefPtr<WebCore::HistoryItem>) due to assert failure

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Oct 25 13:08:17 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=70841

           Summary: Crash in
                    WebCore::HistoryItem::addChildItem(WTF::PassRefPtr<Web
                    Core::HistoryItem>) due to assert failure
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh Intel
               URL: https://www.facebook.com/people/Julie-Tritaki/12274388
                    52
        OS/Version: Mac OS X 10.7
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebCore JavaScript
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rex_4539 at yahoo.com


Created an attachment (id=112382)
 --> (https://bugs.webkit.org/attachment.cgi?id=112382&action=review)
Crash log.

r

Reproducibility: once

Steps:
Go to https://www.facebook.com/people/Julie-Tritaki/1227438852

What happened:
Assert failure and crash.

ASSERTION FAILED: !childItemWithTarget(child->target())
/Users/rex/WebKit/Source/WebCore/history/HistoryItem.cpp(463) : void WebCore::HistoryItem::addChildItem(PassRefPtr<WebCore::HistoryItem>)
1   0x1113fe4c3 WebCore::HistoryItem::addChildItem(WTF::PassRefPtr<WebCore::HistoryItem>)
2   0x1113fbef2 WebCore::HistoryController::createItemTree(WebCore::Frame*, bool)
3   0x1113fc254 WebCore::HistoryController::pushState(WTF::PassRefPtr<WebCore::SerializedScriptValue>, WTF::String const&, WTF::String const&)
4   0x1113f87aa WebCore::History::stateObjectAdded(WTF::PassRefPtr<WebCore::SerializedScriptValue>, WTF::String const&, WTF::String const&, WebCore::History::StateObjectType, int&)
5   0x1117f2e02 WebCore::JSHistory::pushState(JSC::ExecState*)
6   0x1117f12b9 WebCore::jsHistoryPrototypeFunctionPushState(JSC::ExecState*)
7   0x31fd9f8011f8
8   0x1101d75f9 JSC::JITCode::execute(JSC::RegisterFile*, JSC::ExecState*, JSC::JSGlobalData*)
9   0x1101d3f16 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
10  0x11012b281 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
11  0x1116a5b33 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&)
12  0x1117c920b WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*)
13  0x1112bd3cc WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&)
14  0x1112bd224 WebCore::EventTarget::fireEventListeners(WebCore::Event*)
15  0x111c3103b WebCore::Node::handleLocalEvents(WebCore::Event*)
16  0x111291779 WebCore::EventDispatcher::dispatchEvent(WTF::PassRefPtr<WebCore::Event>)
17  0x111c0fe74 WebCore::MouseEventDispatchMediator::dispatchEvent(WebCore::EventDispatcher*) const
18  0x111290b85 WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::EventDispatchMediator>)
19  0x111c31b4f WebCore::Node::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WTF::AtomicString const&, int, WebCore::Node*)
20  0x11129bb02 WebCore::EventHandler::dispatchMouseEvent(WTF::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool)
21  0x11129e06b WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&)
22  0x10f37c1ba _ZN6WebKitL16handleMouseEventERKNS_13WebMouseEventEPN7WebCore4PageE
23  0x10f37c02b WebKit::WebPage::mouseEvent(WebKit::WebMouseEvent const&)
24  0x10f48b707 void CoreIPC::callMemberFunction<WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&), WebKit::WebMouseEvent>(CoreIPC::Arguments1<WebKit::WebMouseEvent> const&, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&))
25  0x10f4807c6 void CoreIPC::handleMessage<Messages::WebPage::MouseEvent, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)>(CoreIPC::ArgumentDecoder*, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&))
26  0x10f47e553 WebKit::WebPage::didReceiveWebPageMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*)
27  0x10f37fe1d WebKit::WebPage::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*)
28  0x10f3f8881 WebKit::WebProcess::didReceiveMessage(CoreIPC::Connection*, CoreIPC::MessageID, CoreIPC::ArgumentDecoder*)
29  0x10f2b579c CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&)
30  0x10f2b7fb3 CoreIPC::Connection::dispatchMessages()
31  0x10f2bedcb MemberFunctionWorkItem0<CoreIPC::Connection>::execute()

Expected result:
No assert failure, no crash.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list