[Webkit-unassigned] [Bug 85095] New: Crash in WebCore::TextTrackList::remove
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Apr 27 13:29:32 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=85095
Summary: Crash in WebCore::TextTrackList::remove
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh Intel
URL: http://windows.microsoft.com/en-US/skydrive/home
OS/Version: Other
Status: UNCONFIRMED
Severity: Major
Priority: P2
Component: WebCore JavaScript
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: rex_4539 at yahoo.com
Created an attachment (id=139259)
--> (https://bugs.webkit.org/attachment.cgi?id=139259&action=review)
Crash log.
5.2 (8536.6.1)
Reproducibility: always
Steps:
Go to http://windows.microsoft.com/en-US/skydrive/home
What happened:
Crash.
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x00007fff8cf141ef WebCore::TextTrackList::remove(WebCore::TextTrack*) + 47
1 com.apple.WebCore 0x00007fff8cb3e3c9 WebCore::HTMLMediaElement::willRemoveTrack(WebCore::HTMLTrackElement*) + 73
2 com.apple.WebCore 0x00007fff8cb53ec6 WebCore::HTMLTrackElement::willRemove() + 70
3 com.apple.WebCore 0x00007fff8c412425 WebCore::ContainerNode::willRemove() + 277
4 com.apple.WebCore 0x00007fff8c4125a3 WebCore::Element::willRemove() + 163
5 com.apple.WebCore 0x00007fff8c3aea08 WebCore::ContainerNode::removeChildren() + 344
6 com.apple.WebCore 0x00007fff8c45917f WebCore::ContainerNode::appendChild(WTF::PassRefPtr<WebCore::Node>, int&, bool) + 143
7 com.apple.WebCore 0x00007fff8cd731a6 WebCore::replaceChildrenWithFragment(WebCore::ContainerNode*, WTF::PassRefPtr<WebCore::DocumentFragment>, int&) + 310
8 com.apple.WebCore 0x00007fff8c457ef4 WebCore::HTMLElement::setInnerHTML(WTF::String const&, int&) + 68
9 com.apple.WebCore 0x00007fff8c457e69 WebCore::setJSHTMLElementInnerHTML(JSC::ExecState*, JSC::JSObject*, JSC::JSValue) + 57
10 com.apple.WebCore 0x00007fff8cc682be bool JSC::lookupPut<WebCore::JSHTMLElement>(JSC::ExecState*, JSC::Identifier const&, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLElement*, bool) + 254
11 com.apple.WebCore 0x00007fff8cc67a9e WebCore::JSHTMLElement::put(JSC::JSCell*, JSC::ExecState*, JSC::Identifier const&, JSC::JSValue, JSC::PutPropertySlot&) + 62
12 com.apple.JavaScriptCore 0x00007fff899bb938 llint_slow_path_put_by_id + 328
13 com.apple.JavaScriptCore 0x00007fff899c21a9 llint_op_put_by_id + 138
14 com.apple.JavaScriptCore 0x00007fff897c000a JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::ScopeChainNode*, JSC::JSObject*) + 3098
15 com.apple.JavaScriptCore 0x00007fff89877204 JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 340
16 com.apple.WebCore 0x00007fff8c3f8fe6 WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) + 422
17 com.apple.WebCore 0x00007fff8c3f8c39 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) + 41
18 com.apple.WebCore 0x00007fff8c41cdfb WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 155
19 com.apple.WebCore 0x00007fff8ce4b686 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 1078
20 com.apple.WebCore 0x00007fff8cb48d66 WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) + 294
21 com.apple.WebCore 0x00007fff8cb48bf0 WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) + 48
22 com.apple.WebCore 0x00007fff8c41c364 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 84
23 com.apple.WebCore 0x00007fff8c3b18e8 WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) + 88
24 com.apple.WebCore 0x00007fff8c3b170c WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 268
25 com.apple.WebCore 0x00007fff8c55785b WebCore::HTMLDocumentParser::resumeParsingAfterYield() + 27
26 com.apple.WebCore 0x00007fff8c390834 WebCore::ThreadTimers::sharedTimerFiredInternal() + 148
27 com.apple.WebCore 0x00007fff8ce6da93 WebCore::timerFired(__CFRunLoopTimer*, void*) + 51
28 com.apple.CoreFoundation 0x00007fff885a8a24 __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
29 com.apple.CoreFoundation 0x00007fff885a853d __CFRunLoopDoTimer + 557
30 com.apple.CoreFoundation 0x00007fff8858dd39 __CFRunLoopRun + 1513
31 com.apple.CoreFoundation 0x00007fff8858d352 CFRunLoopRunSpecific + 290
32 com.apple.HIToolbox 0x00007fff8a788d14 RunCurrentEventLoopInMode + 209
33 com.apple.HIToolbox 0x00007fff8a79055e ReceiveNextEventCommon + 356
34 com.apple.HIToolbox 0x00007fff8a7903ef BlockUntilNextEventMatchingListInMode + 62
35 com.apple.AppKit 0x00007fff8676c39b _DPSNextEvent + 685
36 com.apple.AppKit 0x00007fff8676bc59 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
37 com.apple.AppKit 0x00007fff86768283 -[NSApplication run] + 517
38 com.apple.WebCore 0x00007fff8ce42eaf WebCore::RunLoop::run() + 63
39 com.apple.WebKit2 0x00007fff8bfca38f WebKit::WebProcessMain(WebKit::CommandLine const&) + 2597
40 com.apple.WebKit2 0x00007fff8bf94e05 WebKitMain + 285
41 com.apple.WebProcess 0x000000010a677e7b 0x10a677000 + 3707
42 libdyld.dylib 0x00007fff903287e1 start + 1
Expected result:
WebKit does not crash.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list