[Webkit-unassigned] [Bug 98001] New: [chromium] crash when running accessibility/canvas-fallback-content-2.html

[bugzilla-daemon at webkit.org]

https://bugs.webkit.org/show_bug.cgi?id=98001

           Summary: [chromium] crash when running
                    accessibility/canvas-fallback-content-2.html
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Accessibility
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: jochen at chromium.org
                CC: abarth at webkit.org, dmazzoni at google.com,
                    jochen at chromium.org


When trying to run the test accessibility/canvas-fallback-content-2.html in content_shell like this:

echo file://$(pwd)/LayoutTests/accessibility/canvas-fallback-content-2.html | out/Debug/content_shell  --no-sandbox --dump-render-tree

I get the following crash:

[20467:20467:1001/103914:9811384406:ERROR:process_util_posix.cc(144)] Received signal 11
        base::debug::StackTrace::StackTrace() [0x50cf7e]
        base::(anonymous namespace)::StackDumpSignalHandler() [0x524df4]
        0x7f602d4eb4c0
        WTF::StringImpl::rawHash() [0xc7520a]
        WTF::StringImpl::hasHash() [0xc751e5]
        WTF::StringImpl::existingHash() [0xc75169]
        WTF::AtomicStringHash::hash() [0xc7513d]
        WTF::HashMapTranslator<>::hash<>() [0x3042bf5]
        WTF::HashTable<>::add<>() [0x30427cd]
        WTF::HashMap<>::inlineAdd() [0x30426cc]
        WTF::HashMap<>::add() [0x30424a4]
        WebCore::Document::getCachedLocalizer() [0x303b928]
        WebCore::Element::localizer() [0x308d50d]
        WebCore::NumberInputType::localizeValue() [0x2ddc975]
        WebCore::NumberInputType::visibleValue() [0x2ddca31]
        WebCore::TextFieldInputType::updateInnerTextValue() [0x2de7e46]
        WebCore::HTMLInputElement::updateType() [0x2d75e1c]
        WebCore::HTMLInputElement::parseAttribute() [0x2d7710f]
        WebCore::Element::attributeChanged() [0x30888e9]
        WebCore::StyledElement::attributeChanged() [0x311a349]
        WebCore::Element::parserSetAttributes() [0x308943a]
        WebCore::HTMLConstructionSite::createHTMLElement() [0x2eb6856]
        WebCore::HTMLConstructionSite::insertSelfClosingHTMLElement() [0x2eb6dcf]
        WebCore::HTMLTreeBuilder::processStartTagForInBody() [0x2e4c85f]
        WebCore::HTMLTreeBuilder::processStartTag() [0x2e46426]
        WebCore::HTMLTreeBuilder::processToken() [0x2e45ae1]
        WebCore::HTMLTreeBuilder::constructTreeFromAtomicToken() [0x2e44e1b]
        WebCore::HTMLTreeBuilder::constructTreeFromToken() [0x2e44d1a]
        WebCore::HTMLDocumentParser::pumpTokenizer() [0x2e2ab66]
        WebCore::HTMLDocumentParser::pumpTokenizerIfPossible() [0x2e2a5f5]
        WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() [0x2e2ba21]
        WebCore::HTMLDocumentParser::notifyFinished() [0x2e2bdc7]
        WebCore::HTMLDocumentParser::notifyFinished() [0x2e2be2f]
        WebCore::CachedResource::checkNotify() [0x28e97dd]
        WebCore::CachedScript::data() [0x2904118]
        WebCore::SubresourceLoader::didFinishLoading() [0x28cb94a]
        WebCore::ResourceLoader::didFinishLoading() [0x28c5705]
        WebCore::ResourceHandleInternal::didFinishLoading() [0x39a2624]
        webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest() [0x1d40e54]
        content::ResourceDispatcher::OnRequestComplete() [0xbeb4bd]
        DispatchToMethod<>() [0xbecde8]
        ResourceMsg_RequestComplete::Dispatch<>() [0xbec846]
        content::ResourceDispatcher::DispatchMessage() [0xbea227]
        content::ResourceDispatcher::OnMessageReceived() [0xbe962a]
        ChildThread::OnMessageReceived() [0xacca3b]
        IPC::ChannelProxy::Context::OnDispatchMessage() [0x2091b59]
        base::internal::RunnableAdapter<>::Run() [0x2095c7a]
        base::internal::InvokeHelper<>::MakeItSo() [0x2095be1]
        base::internal::Invoker<>::Run() [0x2095b8c]
        base::Callback<>::Run() [0x42be1e]
        MessageLoop::RunTask() [0x49bcbc]
        MessageLoop::DeferOrRunPendingTask() [0x49c0ab]
        MessageLoop::DoWork() [0x49c255]
        base::MessagePumpDefault::Run() [0x4a6168]
        MessageLoop::RunInternal() [0x49b6e6]
        MessageLoop::RunHandler() [0x49b595]
        base::RunLoop::Run() [0x4bd5c2]
        MessageLoop::Run() [0x49ae31]
        RendererMain() [0xd16610]
        content::RunZygote() [0xca6297]
        content::RunNamedProcessTypeMain() [0xca6594]
        content::ContentMainRunnerImpl::Run() [0xca738d]

Also tracked in https://code.google.com/p/chromium/issues/detail?id=153248

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.