[Webkit-unassigned] [Bug 105529] New: [Qt]REGRESSION(r138222): It made fast/forms/number/number-spinbutton-click-in-iframe.html crash

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Dec 20 04:08:43 PST 2012 

https://bugs.webkit.org/show_bug.cgi?id=105529

           Summary: [Qt]REGRESSION(r138222): It made
                    fast/forms/number/number-spinbutton-click-in-iframe.ht
                    ml crash
           Product: WebKit
           Version: 420+
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Keywords: Qt, QtTriaged
          Severity: Critical
          Priority: P1
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ossy at webkit.org
                CC: beidson at apple.com, hausmann at webkit.org,
                    japhet at chromium.org
            Blocks: 79668,105330


$ gdb WebKitBuild/Debug/bin/DumpRenderTree
GNU gdb (GDB) 7.0.1-debian
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>...
Reading symbols from /home/oszi/WebKit/WebKitBuild/Debug/bin/DumpRenderTree...done.
(gdb) run LayoutTests/fast/forms/number/number-spinbutton-click-in-iframe.html
Starting program: /home/oszi/WebKit/WebKitBuild/Debug/bin/DumpRenderTree LayoutTests/fast/forms/number/number-spinbutton-click-in-iframe.html
[Thread debugging using libthread_db enabled]
[New Thread 0x7fffa1e69700 (LWP 18300)]
[Thread 0x7fffa1e69700 (LWP 18300) exited]
[New Thread 0x7fffa1e69700 (LWP 18301)]
[New Thread 0x7fffa1089700 (LWP 18302)]

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7594fd6 in WebCore::Frame::page (this=0x0) at /home/oszi/WebKit/Source/WebCore/page/Frame.h:330
330             return m_page;
(gdb) bt
#0  0x00007ffff7594fd6 in WebCore::Frame::page (this=0x0) at /home/oszi/WebKit/Source/WebCore/page/Frame.h:330
#1  0x00007ffff438544f in WebCore::MainResourceLoader::load (this=0x7d3050, initialRequest=..., substituteData=...) at /home/oszi/WebKit/Source/WebCore/loader/MainResourceLoader.cpp:647
#2  0x00007ffff434b207 in WebCore::DocumentLoader::startLoadingMainResource (this=0x7d3960) at /home/oszi/WebKit/Source/WebCore/loader/DocumentLoader.cpp:888
#3  0x00007ffff43692d2 in WebCore::FrameLoader::continueLoadAfterWillSubmitForm (this=0x7cf7a8) at /home/oszi/WebKit/Source/WebCore/loader/FrameLoader.cpp:2217
#4  0x00007ffff436be87 in WebCore::FrameLoader::continueLoadAfterNavigationPolicy (this=0x7cf7a8, formState=..., shouldContinue=true) at /home/oszi/WebKit/Source/WebCore/loader/FrameLoader.cpp:2818
#5  0x00007ffff436b590 in WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy (argument=0x7cf7a8, request=..., formState=..., shouldContinue=true) at /home/oszi/WebKit/Source/WebCore/loader/FrameLoader.cpp:2688
#6  0x00007ffff4388d8d in WebCore::PolicyCallback::call (this=0x7fffffff9d30, shouldContinue=true) at /home/oszi/WebKit/Source/WebCore/loader/PolicyCallback.cpp:103
#7  0x00007ffff4389e01 in WebCore::PolicyChecker::continueAfterNavigationPolicy (this=0x7cf7b8, policy=WebCore::PolicyUse) at /home/oszi/WebKit/Source/WebCore/loader/PolicyChecker.cpp:167
#8  0x00007ffff75a56f6 in WebCore::FrameLoaderClientQt::callPolicyFunction (this=0x7e2fe0, function=0x7ffff4389bb6 <WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction)>, action=WebCore::PolicyUse)
    at /home/oszi/WebKit/Source/WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:242
#9  0x00007ffff75ab81a in WebCore::FrameLoaderClientQt::dispatchDecidePolicyForNavigationAction (this=0x7e2fe0, function=0x7ffff4389bb6 <WebCore::PolicyChecker::continueAfterNavigationPolicy(WebCore::PolicyAction)>, action=...,
    request=...) at /home/oszi/WebKit/Source/WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:1284
#10 0x00007ffff4389721 in WebCore::PolicyChecker::checkNavigationPolicy (this=0x7cf7b8, request=..., loader=0x7d3960, formState=...,
    function=0x7ffff436b53a <WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>, argument=0x7cf7a8)
    at /home/oszi/WebKit/Source/WebCore/loader/PolicyChecker.cpp:89
#11 0x00007ffff4365a0b in WebCore::FrameLoader::loadWithDocumentLoader (this=0x7cf7a8, loader=0x7d3960, type=WebCore::FrameLoadTypeRedirectWithLockedBackForwardList, prpFormState=...)
    at /home/oszi/WebKit/Source/WebCore/loader/FrameLoader.cpp:1398
#12 0x00007ffff436525b in WebCore::FrameLoader::loadWithNavigationAction (this=0x7cf7a8, request=..., action=..., lockHistory=false, type=WebCore::FrameLoadTypeRedirectWithLockedBackForwardList, formState=...)
    at /home/oszi/WebKit/Source/WebCore/loader/FrameLoader.cpp:1302
#13 0x00007ffff4364863 in WebCore::FrameLoader::loadURL (this=0x7cf7a8, newURL=..., referrer=..., frameName=..., lockHistory=false, newLoadType=WebCore::FrameLoadTypeRedirectWithLockedBackForwardList, event=..., prpFormState=...)
    at /home/oszi/WebKit/Source/WebCore/loader/FrameLoader.cpp:1237
#14 0x00007ffff4362ba1 in WebCore::FrameLoader::loadURLIntoChildFrame (this=0x6b2ab8, url=..., referer=..., childFrame=0x7cf720) at /home/oszi/WebKit/Source/WebCore/loader/FrameLoader.cpp:860
#15 0x00007ffff75abc75 in WebCore::FrameLoaderClientQt::createFrame (this=0x6b2840, url=..., name=..., ownerElement=0x7f1990, referrer=..., allowsScrolling=true, marginWidth=-1, marginHeight=-1)
    at /home/oszi/WebKit/Source/WebKit/qt/WebCoreSupport/FrameLoaderClientQt.cpp:1329
#16 0x00007ffff439b6ad in WebCore::SubframeLoader::loadSubframe (this=0x6b2d08, ownerElement=0x7f1990, url=..., name=..., referrer=...) at /home/oszi/WebKit/Source/WebCore/loader/SubframeLoader.cpp:370
#17 0x00007ffff439b3ee in WebCore::SubframeLoader::loadOrRedirectSubframe (this=0x6b2d08, ownerElement=0x7f1990, url=..., frameName=..., lockHistory=true, lockBackForwardList=true)
    at /home/oszi/WebKit/Source/WebCore/loader/SubframeLoader.cpp:341
#18 0x00007ffff439a0c9 in WebCore::SubframeLoader::requestFrame (this=0x6b2d08, ownerElement=0x7f1990, urlString=..., frameName=..., lockHistory=true, lockBackForwardList=true)
    at /home/oszi/WebKit/Source/WebCore/loader/SubframeLoader.cpp:87
#19 0x00007ffff40fb527 in WebCore::HTMLFrameElementBase::openURL (this=0x7f1990, lockHistory=true, lockBackForwardList=true) at /home/oszi/WebKit/Source/WebCore/html/HTMLFrameElementBase.cpp:88
#20 0x00007ffff40fbb6c in WebCore::HTMLFrameElementBase::setNameAndOpenURL (this=0x7f1990) at /home/oszi/WebKit/Source/WebCore/html/HTMLFrameElementBase.cpp:141
#21 0x00007ffff40fbc37 in WebCore::HTMLFrameElementBase::didNotifySubtreeInsertions (this=0x7f1990) at /home/oszi/WebKit/Source/WebCore/html/HTMLFrameElementBase.cpp:172
#22 0x00007ffff3e873ad in WebCore::ChildNodeInsertionNotifier::notify (this=0x7fffffffb280, node=0x7f1990) at /home/oszi/WebKit/Source/WebCore/dom/ContainerNodeAlgorithms.h:230
#23 0x00007ffff3e8c440 in updateTreeAfterInsertion (parent=0x7814d0, child=0x7f1990, shouldLazyAttach=true) at /home/oszi/WebKit/Source/WebCore/dom/ContainerNode.cpp:1095
#24 0x00007ffff3e8a455 in WebCore::ContainerNode::appendChild (this=0x7814d0, newChild=..., ec=@0x7fffffffb41c, shouldLazyAttach=true) at /home/oszi/WebKit/Source/WebCore/dom/ContainerNode.cpp:676
#25 0x00007ffff3f5f1c0 in WebCore::Node::appendChild (this=0x7814d0, newChild=..., ec=@0x7fffffffb41c, shouldLazyAttach=true) at /home/oszi/WebKit/Source/WebCore/dom/Node.cpp:595
#26 0x00007ffff3c001f7 in WebCore::JSNode::appendChild (this=0x7fffa111fb40, exec=0x7fffa11c0100) at /home/oszi/WebKit/Source/WebCore/bindings/js/JSNodeCustom.cpp:181
#27 0x00007ffff4d3e377 in WebCore::jsNodePrototypeFunctionAppendChild (exec=0x7fffa11c0100) at generated/JSNode.cpp:496
#28 0x00007fffa1e6b265 in ?? ()
#29 0x00007fffffffb550 in ?? ()
#30 0x00007ffff07beb21 in llint_op_call () from /home/oszi/WebKit/WebKitBuild/Debug/lib/libJavaScriptCore.so.1
#31 0x00007fffa11c0058 in ?? ()
warning: (Internal error: pc 0x712250 in read in psymtab, but not in symtab.)

warning: (Internal error: pc 0x71224f in read in psymtab, but not in symtab.)

warning: (Internal error: pc 0x71224f in read in psymtab, but not in symtab.)

#32 0x0000000000712250 in ?? (warning: (Internal error: pc 0x71224f in read in psymtab, but not in symtab.)

)
warning: (Internal error: pc 0x71224f in read in psymtab, but not in symtab.)

#33 0x00007fffffffb510 in ?? ()
#34 0x00007ffff0763237 in JSC::JSStack::installTrapsAfterFrame (this=0x0, frame=0x0) at /home/oszi/WebKit/Source/JavaScriptCore/interpreter/JSStackInlines.h:213
#35 0x00007ffff0761fa2 in JSC::JITCode::execute (this=0x7fffa11b7b80, stack=0x712250, callFrame=0x7fffa11c0058, globalData=0x707700) at /home/oszi/WebKit/Source/JavaScriptCore/jit/JITCode.h:134
#36 0x00007ffff075f08c in JSC::Interpreter::execute (this=0x712240, program=0x7fffa11b7b60, callFrame=0x7fffa115f388, thisObj=0x7fffa119ffc0) at /home/oszi/WebKit/Source/JavaScriptCore/interpreter/Interpreter.cpp:983
#37 0x00007ffff08555ef in JSC::evaluate (exec=0x7fffa115f388, source=..., thisValue=..., returnedException=0x7fffffffcb60) at /home/oszi/WebKit/Source/JavaScriptCore/runtime/Completion.cpp:75
#38 0x00007ffff3bf77e0 in WebCore::JSMainThreadExecState::evaluate (exec=0x7fffa115f388, source=..., thisValue=..., exception=0x7fffffffcb60) at /home/oszi/WebKit/Source/WebCore/bindings/js/JSMainThreadExecState.h:77
#39 0x00007ffff3c196ef in WebCore::ScriptController::evaluateInWorld (this=0x6b2f10, sourceCode=..., world=0x7126a0) at /home/oszi/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:141
#40 0x00007ffff3c1980e in WebCore::ScriptController::evaluate (this=0x6b2f10, sourceCode=...) at /home/oszi/WebKit/Source/WebCore/bindings/js/ScriptController.cpp:158
#41 0x00007ffff3f965fb in WebCore::ScriptElement::executeScript (this=0x7463f0, sourceCode=...) at /home/oszi/WebKit/Source/WebCore/dom/ScriptElement.cpp:304
#42 0x00007ffff3f95ddf in WebCore::ScriptElement::prepareScript (this=0x7463f0, scriptStartPosition=..., supportLegacyTypes=WebCore::ScriptElement::DisallowLegacyTypeInTypeAttribute)
    at /home/oszi/WebKit/Source/WebCore/dom/ScriptElement.cpp:242
#43 0x00007ffff418551c in WebCore::HTMLScriptRunner::runScript (this=0x772840, script=0x746380, scriptStartPosition=...) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:290
#44 0x00007ffff4184b2d in WebCore::HTMLScriptRunner::execute (this=0x772840, scriptElement=..., scriptStartPosition=...) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLScriptRunner.cpp:170
#45 0x00007ffff417582d in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder (this=0x762f40) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:200
#46 0x00007ffff41758df in WebCore::HTMLDocumentParser::canTakeNextToken (this=0x762f40, mode=WebCore::HTMLDocumentParser::AllowYield, session=...) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:217
#47 0x00007ffff4175d10 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x762f40, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:254
#48 0x00007ffff41756da in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x762f40, mode=WebCore::HTMLDocumentParser::AllowYield) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:173
#49 0x00007ffff417685f in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution (this=0x762f40) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:476
#50 0x00007ffff4176b15 in WebCore::HTMLDocumentParser::notifyFinished (this=0x762f40, cachedResource=0x77f240) at /home/oszi/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:516
---Type <return> to continue, or q <return> to quit---
#51 0x00007ffff4327ace in WebCore::CachedResource::checkNotify (this=0x77f240) at /home/oszi/WebKit/Source/WebCore/loader/cache/CachedResource.cpp:336
#52 0x00007ffff4333aed in WebCore::CachedScript::data (this=0x77f240, data=..., allDataReceived=true) at /home/oszi/WebKit/Source/WebCore/loader/cache/CachedScript.cpp:90
#53 0x00007ffff439d78e in WebCore::SubresourceLoader::didFinishLoading (this=0x77f840, finishTime=0) at /home/oszi/WebKit/Source/WebCore/loader/SubresourceLoader.cpp:276
#54 0x00007ffff439254d in WebCore::ResourceLoader::didFinishLoading (this=0x77f840, finishTime=0) at /home/oszi/WebKit/Source/WebCore/loader/ResourceLoader.cpp:456
#55 0x00007ffff48cb8eb in WebCore::QNetworkReplyHandler::finish (this=0x780500) at /home/oszi/WebKit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:510
#56 0x00007ffff48c9f2e in WebCore::QNetworkReplyHandlerCallQueue::flush (this=0x780538) at /home/oszi/WebKit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:249
#57 0x00007ffff48c9c17 in WebCore::QNetworkReplyHandlerCallQueue::push (this=0x780538, method=0x7ffff48cb718 <WebCore::QNetworkReplyHandler::finish()>) at /home/oszi/WebKit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:215
#58 0x00007ffff48caf1c in WebCore::QNetworkReplyWrapper::didReceiveFinished (this=0x781840) at /home/oszi/WebKit/Source/WebCore/platform/network/qt/QNetworkReplyHandler.cpp:403
#59 0x00007ffff48cdc51 in WebCore::QNetworkReplyWrapper::qt_static_metacall (_o=0x781840, _c=QMetaObject::InvokeMetaMethod, _id=1, _a=0x7fffffffd570) at .moc/release-shared/moc_QNetworkReplyHandler.cpp:173
#60 0x00007fffe8ded0d8 in QMetaObject::activate(QObject*, int, int, void**) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#61 0x00007fffe8de770e in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#62 0x00007fffea4798cc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#63 0x00007fffea47fbeb in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#64 0x00007fffe8dc2c04 in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#65 0x00007fffe8dc7829 in QCoreApplicationPrivate::sendPostedEvents(QObject*, int, QThreadData*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#66 0x00007fffe8e0ed43 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#67 0x00007fffec2876f2 in g_main_context_dispatch () from /lib/libglib-2.0.so.0
#68 0x00007fffec28b568 in ?? () from /lib/libglib-2.0.so.0
#69 0x00007fffec28b71c in g_main_context_iteration () from /lib/libglib-2.0.so.0
#70 0x00007fffe8e0e81b in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#71 0x00007fffe8dc1e4b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#72 0x00007fffe8dc7e4d in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#73 0x0000000000431d54 in main (argc=2, argv=0x7fffffffe3b8) at /home/oszi/WebKit/Tools/DumpRenderTree/qt/DumpRenderTreeMain.cpp:203
(gdb)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list