[Webkit-unassigned] [Bug 106431] New: SIGSEV in WebCore::shouldEmitTabBeforeNode

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jan 9 02:33:20 PST 2013 

https://bugs.webkit.org/show_bug.cgi?id=106431

           Summary: SIGSEV in WebCore::shouldEmitTabBeforeNode
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Accessibility
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: svillar at igalia.com


I can reliabily reproduce this clicking on a link in the web interface of the Transmission BitTorrent client. I don't have a debug build right now, but I could get this backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff542e5f4 in WebCore::shouldEmitTabBeforeNode(WebCore::Node*) () from ~/lib64/libwebkitgtk-3.0.so.0

(gdb) bt
#0  0x00007ffff542e5f4 in WebCore::shouldEmitTabBeforeNode(WebCore::Node*) () from ~/lib64/libwebkitgtk-3.0.so.0
#1  0x00007ffff542f6b9 in WebCore::TextIterator::representNodeOffsetZero() () from ~/lib64/libwebkitgtk-3.0.so.0
#2  0x00007ffff542f816 in WebCore::TextIterator::handleNonTextNode() () from ~/lib64/libwebkitgtk-3.0.so.0
#3  0x00007ffff5432600 in WebCore::TextIterator::advance() () from ~/lib64/libwebkitgtk-3.0.so.0
#4  0x00007ffff54334bf in WebCore::plainText(WebCore::Range const*, WebCore::TextIteratorBehavior, bool) () from ~/lib64/libwebkitgtk-3.0.so.0
#5  0x00007ffff5123585 in WebCore::AccessibilityRenderObject::textUnderElement() const () from ~/lib64/libwebkitgtk-3.0.so.0
#6  0x00007ffff5f87b89 in WebCore::AccessibilityObject::accessibilityPlatformIncludesObject() const () from ~/lib64/libwebkitgtk-3.0.so.0
#7  0x00007ffff5126b60 in WebCore::AccessibilityRenderObject::accessibilityIsIgnoredBase() const () from ~/lib64/libwebkitgtk-3.0.so.0
#8  0x00007ffff5131de9 in WebCore::AccessibilityTableRow::accessibilityIsIgnored() const () from ~/lib64/libwebkitgtk-3.0.so.0
#9  0x00007ffff51321f3 in WebCore::AXObjectCache::childrenChanged(WebCore::AccessibilityObject*) () from ~/lib64/libwebkitgtk-3.0.so.0
#10 0x00007ffff58c49ac in WebCore::RenderObjectChildList::removeChildNode(WebCore::RenderObject*, WebCore::RenderObject*, bool) () from ~/lib64/libwebkitgtk-3.0.so.0
#11 0x00007ffff58ce19f in WebCore::RenderObject::willBeDestroyed() () from ~/lib64/libwebkitgtk-3.0.so.0
#12 0x00007ffff57ef3ad in WebCore::RenderBlock::willBeDestroyed() () from ~/lib64/libwebkitgtk-3.0.so.0
#13 0x00007ffff58cc91d in WebCore::RenderObject::destroy() () from ~/lib64/libwebkitgtk-3.0.so.0
#14 0x00007ffff58c4684 in WebCore::RenderObjectChildList::destroyLeftoverChildren() () from ~/lib64/libwebkitgtk-3.0.so.0
#15 0x00007ffff58ce13a in WebCore::RenderObject::willBeDestroyed() () from ~/lib64/libwebkitgtk-3.0.so.0
#16 0x00007ffff58cc91d in WebCore::RenderObject::destroy() () from ~/lib64/libwebkitgtk-3.0.so.0
#17 0x00007ffff58c4684 in WebCore::RenderObjectChildList::destroyLeftoverChildren() () from ~/lib64/libwebkitgtk-3.0.so.0
#18 0x00007ffff58ce13a in WebCore::RenderObject::willBeDestroyed() () from ~/lib64/libwebkitgtk-3.0.so.0
#19 0x00007ffff58cc91d in WebCore::RenderObject::destroy() () from ~/lib64/libwebkitgtk-3.0.so.0
#20 0x00007ffff58c4684 in WebCore::RenderObjectChildList::destroyLeftoverChildren() () from ~/lib64/libwebkitgtk-3.0.so.0
#21 0x00007ffff57ef2cc in WebCore::RenderBlock::willBeDestroyed() () from ~/lib64/libwebkitgtk-3.0.so.0
#22 0x00007ffff58cc91d in WebCore::RenderObject::destroy() () from ~/lib64/libwebkitgtk-3.0.so.0
#23 0x00007ffff58c4684 in WebCore::RenderObjectChildList::destroyLeftoverChildren() () from ~/lib64/libwebkitgtk-3.0.so.0
#24 0x00007ffff57ef2cc in WebCore::RenderBlock::willBeDestroyed() () from ~/lib64/libwebkitgtk-3.0.so.0
#25 0x00007ffff58cc91d in WebCore::RenderObject::destroy() () from ~/lib64/libwebkitgtk-3.0.so.0
#26 0x00007ffff5365063 in WebCore::Node::detach() () from ~/lib64/libwebkitgtk-3.0.so.0
#27 0x00007ffff52f770e in WebCore::ContainerNode::detach() () from ~/lib64/libwebkitgtk-3.0.so.0
#28 0x00007ffff53407c4 in WebCore::Element::detach() () from ~/lib64/libwebkitgtk-3.0.so.0
#29 0x00007ffff5341b03 in WebCore::Node::reattach() () from ~/lib64/libwebkitgtk-3.0.so.0
#30 0x00007ffff53410e8 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from ~/lib64/libwebkitgtk-3.0.so.0
#31 0x00007ffff5341025 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from ~/lib64/libwebkitgtk-3.0.so.0
#32 0x00007ffff5341025 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from ~/lib64/libwebkitgtk-3.0.so.0
#33 0x00007ffff5341025 in WebCore::Element::recalcStyle(WebCore::Node::StyleChange) () from ~/lib64/libwebkitgtk-3.0.so.0
#34 0x00007ffff531676b in WebCore::Document::recalcStyle(WebCore::Node::StyleChange) () from ~/lib64/libwebkitgtk-3.0.so.0
#35 0x00007ffff5316b6e in WebCore::Document::updateStyleIfNeeded() () from ~/lib64/libwebkitgtk-3.0.so.0
#36 0x00007ffff51e2533 in WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue(WebCore::CSSPropertyID, WebCore::EUpdateLayout) const () from ~/lib64/libwebkitgtk-3.0.so.0
#37 0x00007ffff51ee53e in WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue(WebCore::CSSPropertyID) const () from ~/lib64/libwebkitgtk-3.0.so.0
#38 0x00007ffff51eeb31 in WebCore::CSSComputedStyleDeclaration::getPropertyValue(WebCore::CSSPropertyID) const () from ~/lib64/libwebkitgtk-3.0.so.0
#39 0x00007ffff51eebfd in WebCore::CSSComputedStyleDeclaration::getPropertyValue(WTF::String const&) () from ~/lib64/libwebkitgtk-3.0.so.0
#40 0x00007ffff5aa4454 in WebCore::jsCSSStyleDeclarationPrototypeFunctionGetPropertyValue(JSC::ExecState*) () from ~/lib64/libwebkitgtk-3.0.so.0

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list