[Webkit-unassigned] [Bug 82896] New: Segmentation fault in JS drop-down menus in facebook.com

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 2 07:09:34 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=82896

           Summary: Segmentation fault in JS drop-down menus in
                    facebook.com
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Accessibility
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: msanchez at igalia.com
                CC: cfleizach at apple.com


This issue has been observed with upstream webkit + Epiphany browser and does not happen with latest stable release of webkitgtk (1.8).

Still, it's not clear to me whether this happens in other ports, since the backtrace seems to suggest that the problem is somewhere in the crossplatform code.

It would be wonderful if someone could try it (CCing Chris because of that).

STEPS TO REPRODUCE IT:

  1. Log in facebook.com
  2. Open any of the html menus in facebook (e.g. the one for 'privacy' in one of your posts, or the one that shows up when hovering over a 'Friends' button, to select a list)
  3. Let the drop-down menu dissapear (e.g. just hover out of the menu for 'Friends' drop-down menu)

EXPECTED OUTCOME:

Nothing unexpected happens :P

ACTUAL OUTCOME:

WebKit crashes with SIGSEGV, spitting the following backtrace in gdb:

Program received signal SIGSEGV, Segmentation fault.
0x0000000000000000 in ?? ()
Missing separate debuginfos, use: debuginfo-install gnome-shell-3.2.2.1-1.fc16.x86_64 google-talkplugin-2.8.5.0-1.x86_64 icedtea-web-1.2-1.fc16.x86_64 nss-myhostname-0.3-1.fc16.x86_64 
(gdb) back
#0  0x0000000000000000 in ?? ()
#1  0x00007ffff643c9b5 in WebCore::AccessibilityRenderObject::renderBoxModelObject() const () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#2  0x00007ffff643ca28 in WebCore::AccessibilityRenderObject::isAttachment() const () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#3  0x00007ffff64311dd in WebCore::AccessibilityObject::clearChildren() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#4  0x00007ffff6435e59 in WebCore::AccessibilityRenderObject::clearChildren() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#5  0x00007ffff643675d in WebCore::AccessibilityRenderObject::detach() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#6  0x00007ffff644919f in WebCore::AXObjectCache::remove(unsigned int) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#7  0x00007ffff64494e0 in WebCore::AXObjectCache::remove(WebCore::RenderObject*) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#8  0x00007ffff6b5a0b4 in WebCore::RenderObject::willBeDestroyed() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#9  0x00007ffff6ae1020 in WebCore::RenderBox::willBeDestroyed() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#10 0x00007ffff6aa79c5 in WebCore::RenderBlock::willBeDestroyed() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#11 0x00007ffff6b5928d in WebCore::RenderObject::destroy() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#12 0x00007ffff6621e68 in WebCore::Node::detach() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#13 0x00007ffff660cf3b in WebCore::Element::detach() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#14 0x00007ffff65ce984 in WebCore::ContainerNode::detach() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#15 0x00007ffff660cf3b in WebCore::Element::detach() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#16 0x00007ffff65ce984 in WebCore::ContainerNode::detach() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#17 0x00007ffff660cf3b in WebCore::Element::detach() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#18 0x00007ffff65ce984 in WebCore::ContainerNode::detach() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#19 0x00007ffff660cf3b in WebCore::Element::detach() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#20 0x00007ffff660d89d in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#21 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#22 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#23 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#24 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#25 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#26 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#27 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#28 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#29 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#30 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#31 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#32 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#33 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#34 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#35 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#36 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#37 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#38 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#39 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#40 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#41 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#42 0x00007ffff660d474 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#43 0x00007ffff65efe03 in WebCore::Document::recalcStyle(WebCore::Node::StyleChange) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#44 0x00007ffff65f02e3 in WebCore::Document::updateStyleIfNeeded() () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#45 0x00007ffff66a3a3f in WebCore::FrameSelection::notifyRendererOfSelectionChange(WebCore::EUserTriggered) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#46 0x00007ffff6958de8 in WebCore::EventHandler::handleMouseReleaseEvent(WebCore::MouseEventWithHitTestResults const&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#47 0x00007ffff695c656 in WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#48 0x00007ffff6338a70 in webkit_web_view_button_release_event(_GtkWidget*, _GdkEventButton*) () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
#49 0x00007ffff2590c18 in _gtk_marshal_BOOLEAN__BOXEDv (closure=0x6f6980, return_value=0x7fffffffcf00, instance=0x10680c0, args=0x7fffffffd098, marshal_data=0x7ffff6338a00, n_params=1, param_types=0x6f69b0) at gtkmarshalers.c:130
#50 0x00007ffff049985c in g_type_class_meta_marshalv (closure=0x6f6980, return_value=0x7fffffffcf00, instance=0x10680c0, args=0x7fffffffd098, marshal_data=0x188, n_params=1, param_types=0x6f69b0) at gclosure.c:997
#51 0x00007ffff0499408 in _g_closure_invoke_va (closure=0x6f6980, return_value=0x7fffffffcf00, instance=0x10680c0, args=0x7fffffffd098, n_params=1, param_types=0x6f69b0) at gclosure.c:840
#52 0x00007ffff04b3d11 in g_signal_emit_valist (instance=0x10680c0, signal_id=29, detail=0, var_args=0x7fffffffd098) at gsignal.c:3207
#53 0x00007ffff04b4ebd in g_signal_emit (instance=0x10680c0, signal_id=29, detail=0) at gsignal.c:3352
#54 0x00007ffff273b690 in gtk_widget_event_internal (widget=0x10680c0, event=0x11b2410) at gtkwidget.c:6380
#55 0x00007ffff273ace0 in gtk_widget_event (widget=0x10680c0, event=0x11b2410) at gtkwidget.c:6037
#56 0x00007ffff2590569 in propagate_event_up (widget=0x10680c0, event=0x11b2410, topmost=0x0) at gtkmain.c:2390
#57 0x00007ffff25908cb in propagate_event (widget=0x10680c0, event=0x11b2410, captured=0, topmost=0x0) at gtkmain.c:2490
#58 0x00007ffff2590999 in gtk_propagate_event (widget=0x10680c0, event=0x11b2410) at gtkmain.c:2525
#59 0x00007ffff258f468 in gtk_main_do_event (event=0x11b2410) at gtkmain.c:1713
#60 0x00007ffff212b5f6 in _gdk_event_emit (event=0x11b2410) at gdkevents.c:69
#61 0x00007ffff2163d64 in gdk_event_source_dispatch (source=0x7283c0, callback=0, user_data=0x0) at gdkeventsource.c:358
#62 0x00007fffefd8e0ab in g_main_dispatch (context=0x72abe0) at gmain.c:2515
#63 0x00007fffefd8ed6c in g_main_context_dispatch (context=0x72abe0) at gmain.c:3052
#64 0x00007fffefd8ef4f in g_main_context_iterate (context=0x72abe0, block=1, dispatch=1, self=0x835300) at gmain.c:3123
#65 0x00007fffefd8f013 in g_main_context_iteration (context=0x72abe0, may_block=1) at gmain.c:3184
#66 0x00007ffff0c706d5 in g_application_run (application=0x858020, argc=1, argv=0x7fffffffd748) at gapplication.c:1496
#67 0x000000000042fe44 in main (argc=1, argv=0x7fffffffd748) at ephy-main.c:481

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list