[Webkit-unassigned] [Bug 119969] REGRESSION (r154220-r154241): Crash on the japantimes.co.jp

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Aug 19 14:40:41 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=119969


Zan Dobersek <zandobersek at gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |ap at webkit.org,
                   |                            |zandobersek at gmail.com




--- Comment #1 from Zan Dobersek <zandobersek at gmail.com>  2013-08-19 14:40:11 PST ---
Reproducible on the GTK port with the following backtrace on the crashing thread:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff42d969b in WebCore::Node::getFlag (this=0x0, mask=WebCore::Node::IsInShadowTreeFlag) at ../Source/WebCore/dom/Node.h:649
649        bool getFlag(NodeFlags mask) const { return m_nodeFlags & mask; }
#0  0x00007ffff42d969b in WebCore::Node::getFlag (this=0x0, mask=WebCore::Node::IsInShadowTreeFlag) at ../Source/WebCore/dom/Node.h:649
#1  0x00007ffff45ba469 in WebCore::Node::isInShadowTree (this=0x0) at ../Source/WebCore/dom/Node.h:423
#2  0x00007ffff47e9e8f in WebCore::Node::insertedInto (this=0xb70040, insertionPoint=0x168c730) at ../Source/WebCore/dom/Node.cpp:1050
#3  0x00007ffff47a6210 in WebCore::Element::insertedInto (this=0xb70040, insertionPoint=0x168c730) at ../Source/WebCore/dom/Element.cpp:1279
#4  0x00007ffff47a62e6 in WebCore::Element::insertedInto (this=0x1ace620, insertionPoint=0x168c730) at ../Source/WebCore/dom/Element.cpp:1288
#5  0x00007ffff47399d0 in WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoDocument (this=0x7fffffffbbf0, node=0x1ace620) at ../Source/WebCore/dom/ContainerNodeAlgorithms.h:199
#6  0x00007ffff47390b8 in WebCore::ChildNodeInsertionNotifier::notifyDescendantInsertedIntoDocument (this=0x7fffffffbbf0, node=0x2321b40) at ../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:42
#7  0x00007ffff4739a1f in WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoDocument (this=0x7fffffffbbf0, node=0x2321b40) at ../Source/WebCore/dom/ContainerNodeAlgorithms.h:202
#8  0x00007ffff47390b8 in WebCore::ChildNodeInsertionNotifier::notifyDescendantInsertedIntoDocument (this=0x7fffffffbbf0, node=0x110c260) at ../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:42
#9  0x00007ffff4739a1f in WebCore::ChildNodeInsertionNotifier::notifyNodeInsertedIntoDocument (this=0x7fffffffbbf0, node=0x110c260) at ../Source/WebCore/dom/ContainerNodeAlgorithms.h:202
#10 0x00007ffff473ee2b in WebCore::ChildNodeInsertionNotifier::notify (this=0x7fffffffbbf0, node=0x110c260) at ../Source/WebCore/dom/ContainerNodeAlgorithms.h:227
#11 0x00007ffff473e41a in WebCore::updateTreeAfterInsertion (parent=0x168c730, child=0x110c260, attachBehavior=WebCore::AttachLazily) at ../Source/WebCore/dom/ContainerNode.cpp:1049
#12 0x00007ffff473c7f2 in WebCore::ContainerNode::appendChild (this=0x168c730, newChild=..., ec=@0x7fffffffbd7c: 0, attachBehavior=WebCore::AttachLazily) at ../Source/WebCore/dom/ContainerNode.cpp:699
#13 0x00007ffff47e84cc in WebCore::Node::appendChild (this=0x168c730, newChild=..., ec=@0x7fffffffbd7c: 0, attachBehavior=WebCore::AttachLazily) at ../Source/WebCore/dom/Node.cpp:506
#14 0x00007ffff451da31 in WebCore::JSNode::appendChild (this=0x7fffa007edb0, exec=0x7fff833ff2c0) at ../Source/WebCore/bindings/js/JSNodeCustom.cpp:179
#15 0x00007ffff5205a71 in WebCore::jsNodePrototypeFunctionAppendChild (exec=0x7fff833ff2c0) at DerivedSources/WebCore/JSNode.cpp:492
#16 0x00007ffff367d636 in JSC::LLInt::CLoop::execute (callFrame=0x7fff833ff260, bootstrapOpcodeId=JSC::llint_program_prologue, isInitializationPass=false) at ./DerivedSources/JavaScriptCore/LLIntAssembly.h:5599
#17 0x00007ffff364da6b in JSC::Interpreter::execute (this=0x783a10, program=0x7fff829efc70, callFrame=0x7fffa015cce0, thisObj=0x7fffa019ffd8) at ../Source/JavaScriptCore/interpreter/Interpreter.cpp:850
#18 0x00007ffff3712700 in JSC::evaluate (exec=0x7fffa015cce0, source=..., thisValue=..., returnedException=0x7fffffffd830) at ../Source/JavaScriptCore/runtime/Completion.cpp:83
#19 0x00007ffff4515a20 in WebCore::JSMainThreadExecState::evaluate (exec=0x7fffa015cce0, source=..., thisValue=..., exception=0x7fffffffd830) at ../Source/WebCore/bindings/js/JSMainThreadExecState.h:74
#20 0x00007ffff4540eaf in WebCore::ScriptController::evaluateInWorld (this=0x6b5220, sourceCode=..., world=0x787810) at ../Source/WebCore/bindings/js/ScriptController.cpp:142
#21 0x00007ffff4540fb8 in WebCore::ScriptController::evaluate (this=0x6b5220, sourceCode=...) at ../Source/WebCore/bindings/js/ScriptController.cpp:158
#22 0x00007ffff4815f92 in WebCore::ScriptElement::executeScript (this=0x1ca5d18, sourceCode=...) at ../Source/WebCore/dom/ScriptElement.cpp:317
#23 0x00007ffff481611a in WebCore::ScriptElement::execute (this=0x1ca5d18, cachedScript=0x1a2dad0) at ../Source/WebCore/dom/ScriptElement.cpp:338
#24 0x00007ffff48202d4 in WebCore::ScriptRunner::timerFired (this=0x267d880, timer=0x267d8d0) at ../Source/WebCore/dom/ScriptRunner.cpp:121
#25 0x00007ffff48233b5 in WebCore::Timer<WebCore::ScriptRunner>::fired (this=0x267d8d0) at ../Source/WebCore/platform/Timer.h:114
#26 0x00007ffff444cc7b in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x6c4750) at ../Source/WebCore/platform/ThreadTimers.cpp:129
#27 0x00007ffff444cb6b in WebCore::ThreadTimers::sharedTimerFired () at ../Source/WebCore/platform/ThreadTimers.cpp:105
#28 0x00007ffff44696d5 in WebCore::timeout_cb () at ../Source/WebCore/platform/gtk/SharedTimerGtk.cpp:49
#29 0x00007fffeef30a03 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#30 0x00007fffeef2fea6 in g_main_context_dispatch () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#31 0x00007fffeef301f8 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#32 0x00007fffeef305fa in g_main_loop_run () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#33 0x00007ffff27e5257 in gtk_main () from /usr/lib/x86_64-linux-gnu/libgtk-x11-2.0.so.0
#34 0x0000000000405b02 in main (argc=1, argv=0x7fffffffde98) at ../Tools/GtkLauncher/main.c:557

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list