[Webkit-unassigned] [Bug 67582] New: Calling 'nativeImageForCurrentFrame()' causes segment fault

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Sep 4 19:41:27 PDT 2011 

https://bugs.webkit.org/show_bug.cgi?id=67582

           Summary: Calling 'nativeImageForCurrentFrame()' causes segment
                    fault
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: huajun.li.lee at gmail.com
                CC: darin at apple.com, levin at chromium.org


Reproduce steps:
1. Launch EWebLauncher with cmd  'build/Programs/EWebLauncher  -v'
2. Surfing some web pages
3. Press 'F1' to try to backward the page, you will find the browser segment fault, output msg likes "ASSERTION FAILED: m_verifier.isSafeToUse()
../Source/JavaScriptCore/wtf/RefCounted.h(53) : void WTF::RefCountedBase::ref()"

I am using git://gitorious.org/webkit/webkit.git, commit 0c5c7a3aaebfbd5451df634292fe182ee99e5a5d


Below is the backtrace :
-----------------------------------------------------------
(gdb) c
Continuing.
[New Thread 0x7f1daf02a700 (LWP 15960)]
[Thread 0x7f1daf02a700 (LWP 15960) exited]
[New Thread 0x7f1daf02a700 (LWP 15961)]
[Thread 0x7f1daf02a700 (LWP 15961) exited]
[New Thread 0x7f1daf02a700 (LWP 15962)]
[Thread 0x7f1daf02a700 (LWP 15962) exited]

Program received signal SIGSEGV, Segmentation fault.
0x00007f1dc0acea94 in WTF::RefCountedBase::ref (this=0x22d1400)
    at /home/huajun/build_webkit_repo/Source/JavaScriptCore/wtf/RefCounted.h:53
53              ASSERT(m_verifier.isSafeToUse());
(gdb) bt
#0  0x00007f1dc0acea94 in WTF::RefCountedBase::ref (this=0x22d1400)
    at /home/huajun/build_webkit_repo/Source/JavaScriptCore/wtf/RefCounted.h:53
#1  0x00007f1dbdc10d8a in WTF::refIfNotNull<WebCore::SharedBuffer> (ptr=0x22d1400)
    at /home/huajun/build_webkit_repo/Source/JavaScriptCore/wtf/PassRefPtr.h:53
#2  0x00007f1dbddbc6f8 in WTF::RefPtr<WebCore::SharedBuffer>::operator= (this=0x2309e70, optr=0x22d1400)
    at /home/huajun/build_webkit_repo/Source/JavaScriptCore/wtf/RefPtr.h:132
#3  0x00007f1dbe6d2765 in WebCore::BMPImageReader::setData (this=0x2309e60, data=0x22d1400)
    at /home/huajun/build_webkit_repo/Source/WebCore/platform/image-decoders/bmp/BMPImageReader.h:72
#4  0x00007f1dbe6db24e in WebCore::ICOImageDecoder::decodeAtIndex (this=0x1c2ccd0, index=0)
    at /home/huajun/build_webkit_repo/Source/WebCore/platform/image-decoders/ico/ICOImageDecoder.cpp:196
#5  0x00007f1dbe6daee0 in WebCore::ICOImageDecoder::decode (this=0x1c2ccd0, index=0, onlySize=false)
    at /home/huajun/build_webkit_repo/Source/WebCore/platform/image-decoders/ico/ICOImageDecoder.cpp:161
#6  0x00007f1dbe6dac7a in WebCore::ICOImageDecoder::frameBufferAtIndex (this=0x1c2ccd0, index=0)
    at /home/huajun/build_webkit_repo/Source/WebCore/platform/image-decoders/ico/ICOImageDecoder.cpp:121
#7  0x00007f1dbe6cf9da in WebCore::ImageSource::createFrameAtIndex (this=0x22f5158, index=0)
    at /home/huajun/build_webkit_repo/Source/WebCore/platform/graphics/ImageSource.cpp:138
#8  0x00007f1dbdef1477 in WebCore::BitmapImage::cacheFrame (this=0x22f5120, index=0)
    at /home/huajun/build_webkit_repo/Source/WebCore/platform/graphics/BitmapImage.cpp:127
#9  0x00007f1dbdef1b46 in WebCore::BitmapImage::frameAtIndex (this=0x22f5120, index=0)
    at /home/huajun/build_webkit_repo/Source/WebCore/platform/graphics/BitmapImage.cpp:248
#10 0x00007f1dbdef256e in WebCore::BitmapImage::nativeImageForCurrentFrame (this=0x22f5120)
    at /home/huajun/build_webkit_repo/Source/WebCore/platform/graphics/BitmapImage.h:160
#11 0x00007f1dbb82690b in ewk_history_item_icon_surface_get (item=0x24ead50)
    at /home/huajun/build_webkit_repo/Source/WebKit/efl/ewk/ewk_history.cpp:363
#12 0x00000000004030d6 in print_history (list=0x1a7db90) at /home/huajun/build_webkit_repo/Tools/EWebLauncher/main.c:177
#13 0x0000000000403fb0 in on_key_down (data=0x1ac34b0, e=0x1ad77f0, obj=0x7f1dc337b200, event_info=0x7fff3f985b90)
    at /home/huajun/build_webkit_repo/Tools/EWebLauncher/main.c:515
#14 0x00007f1dc2806842 in evas_object_event_callback_call (obj=0x7f1dc337b200, type=EVAS_CALLBACK_KEY_DOWN, event_info=0x7fff3f985b90)
    at evas_callbacks.c:224
#15 0x00007f1dc280e40b in evas_event_feed_key_down (e=0x1ad77f0, keyname=<value optimized out>, key=<value optimized out>,
    string=<value optimized out>, compose=<value optimized out>, timestamp=<value optimized out>, data=0x0) at evas_events.c:1249
#16 0x00007f1db5891bf4 in _ecore_event_evas_key (e=0x21ee280, press=ECORE_DOWN) at ecore_input_evas.c:153
#17 0x00007f1dc25c41a5 in _ecore_call_handler_cb () at ecore_private.h:287
#18 _ecore_event_call () at ecore_events.c:691
#19 0x00007f1dc25c89a5 in _ecore_main_loop_iterate_internal (once_only=0) at ecore_main.c:1746
#20 0x00007f1dc25c8faf in ecore_main_loop_begin () at ecore_main.c:861
#21 0x0000000000405640 in main (argc=2, argv=0x7fff3f986ec8) at /home/huajun/build_webkit_repo/Tools/EWebLauncher/main.c:914
(gdb)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list