[Webkit-unassigned] [Bug 102169] New: REGRESSION (?) : Reproducible ASSERT in CachedResourceLoader when loading an m-jpeg as the main resource

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 13 20:25:31 PST 2012 

https://bugs.webkit.org/show_bug.cgi?id=102169

           Summary: REGRESSION (?) : Reproducible ASSERT in
                    CachedResourceLoader when loading an m-jpeg as the
                    main resource
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Images
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: beidson at apple.com
                CC: timothy_horton at apple.com


REGRESSION (?) : Reproducible ASSERT in CachedResourceLoader when loading an m-jpeg as the main resource

Steps:
1 - ToT Debug build in Safari
2 - Go directly to the URL of a multipart m-jpeg - http://210.242.136.66/T1-42K+500 is an example
3 - ASSERT

ASSERTION FAILED: it->value.get() == resource
/Volumes/SSD-Data/git/OpenSource/Source/WebCore/loader/cache/CachedResourceLoader.cpp(686) : void WebCore::CachedResourceLoader::removeCachedResource(WebCore::CachedResource *) const
1   0x10dac8a51 WebCore::CachedResourceLoader::removeCachedResource(WebCore::CachedResource*) const
2   0x10dab431a WebCore::CachedResource::¨CachedResource()
3   0x10daaaf6c WebCore::CachedImage::¨CachedImage()
4   0x10daaaeb5 WebCore::CachedImage::¨CachedImage()
5   0x10daaae89 WebCore::CachedImage::¨CachedImage()
6   0x10dab620e WebCore::CachedResource::deleteIfPossible()
7   0x10dab7142 WebCore::CachedResource::unregisterHandle(WebCore::CachedResourceHandleBase*)
8   0x10dab3bc0 WebCore::CachedResourceHandleBase::¨CachedResourceHandleBase()
9   0x10db0f225 WebCore::CachedResourceHandle<WebCore::CachedImage>::¨CachedResourceHandle()
10  0x10db0f1e5 WebCore::CachedResourceHandle<WebCore::CachedImage>::¨CachedResourceHandle()
11  0x10e2e54a6 WebCore::ImageLoader::¨ImageLoader()
12  0x10e20acc5 WebCore::HTMLImageLoader::¨HTMLImageLoader()
13  0x10e20aca5 WebCore::HTMLImageLoader::¨HTMLImageLoader()
14  0x10e207d58 WebCore::HTMLImageElement::¨HTMLImageElement()
15  0x10e2e275f WebCore::ImageDocumentElement::¨ImageDocumentElement()
16  0x10e2e26c5 WebCore::ImageDocumentElement::¨ImageDocumentElement()
17  0x10e2e2699 WebCore::ImageDocumentElement::¨ImageDocumentElement()
18  0x10db673db void WebCore::removeAllChildrenInContainer<WebCore::Node, WebCore::ContainerNode>(WebCore::ContainerNode*)
19  0x10db62bf5 WebCore::ContainerNode::removeAllChildren()
20  0x10dd75a3b WebCore::Document::removedLastRef()
21  0x10eb0df42 WebCore::Node::removedLastRef()
22  0x10d96eb7f WebCore::TreeShared<WebCore::Node, WebCore::ContainerNode>::deref()
23  0x10e742e49 WebCore::JSNode::releaseImplIfNotNull()
24  0x10e73ee25 WebCore::JSNode::¨JSNode()
25  0x10e73ee05 WebCore::JSNode::¨JSNode()
26  0x10e73eb1d WebCore::JSNode::destroy(JSC::JSCell*)
27  0x10cd0107d JSC::MarkedBlock::callDestructor(JSC::JSCell*)
28  0x10cd00fd8 JSC::MarkedBlock::FreeList JSC::MarkedBlock::specializedSweep<(JSC::MarkedBlock::BlockState)3, (JSC::MarkedBlock::SweepMode)0, (JSC::MarkedBlock::DestructorType)2>()
29  0x10cd000c6 JSC::MarkedBlock::FreeList JSC::MarkedBlock::sweepHelper<(JSC::MarkedBlock::DestructorType)2>(JSC::MarkedBlock::SweepMode)
30  0x10ccff9c4 JSC::MarkedBlock::sweep(JSC::MarkedBlock::SweepMode)
31  0x10ce55329 JSC::IncrementalSweeper::sweepNextBlock()

This certainly used to work.  I hope to find time to track where it broke.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list