[Webkit-unassigned] [Bug 100688] REGRESSION (r132699): Crashes in WebCore::TextIterator::handleTextNodeFirstLetter

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jan 17 03:50:20 PST 2013 

https://bugs.webkit.org/show_bug.cgi?id=100688





--- Comment #3 from Zan Dobersek <zandobersek at gmail.com>  2013-01-17 03:52:07 PST ---
Here's the crash log for these crashes, scraped from the debug builder:
Crash log for DumpRenderTree (pid 28412):

...
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1".
Core was generated by `/home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/Programs/DumpR'.
Program terminated with signal 11, Segmentation fault.
#0  0x00007fcd5068a0b5 in WebCore::RenderObject::firstChild (this=0xf7db428) at ../../Source/WebCore/rendering/RenderObject.h:178
178            if (const RenderObjectChildList* children = virtualChildren())

...

Thread 1 (Thread 0x7fcd45bfe900 (LWP 28412)):
#0  0x00007fcd5068a0b5 in WebCore::RenderObject::firstChild (this=0xf7db428) at ../../Source/WebCore/rendering/RenderObject.h:178
#1  0x00007fcd50b4f061 in WebCore::firstRenderTextInFirstLetter (firstLetter=0xf7db428) at ../../Source/WebCore/editing/TextIterator.cpp:648
#2  0x00007fcd50b4f128 in WebCore::TextIterator::handleTextNodeFirstLetter (this=0x7fffef44c840, renderer=0xf7db4b8) at ../../Source/WebCore/editing/TextIterator.cpp:661
#3  0x00007fcd50b4e85b in WebCore::TextIterator::handleTextNode (this=0x7fffef44c840) at ../../Source/WebCore/editing/TextIterator.cpp:531
#4  0x00007fcd50b4dfd0 in WebCore::TextIterator::advance (this=0x7fffef44c840) at ../../Source/WebCore/editing/TextIterator.cpp:407
#5  0x00007fcd50b4dd19 in WebCore::TextIterator::TextIterator (this=0x7fffef44c840, r=0xf78c880, behavior=28) at ../../Source/WebCore/editing/TextIterator.cpp:342
#6  0x00007fcd50b54843 in WebCore::plainText (r=0xf78c880, defaultBehavior=24, isDisplayString=false) at ../../Source/WebCore/editing/TextIterator.cpp:2569
#7  0x00007fcd5068faa1 in WebCore::AccessibilityRenderObject::textUnderElement (this=0xe43c080) at ../../Source/WebCore/accessibility/AccessibilityRenderObject.cpp:653
#8  0x00007fcd519a1486 in WebCore::AccessibilityObject::accessibilityPlatformIncludesObject (this=0xe43c080) at ../../Source/WebCore/accessibility/atk/AccessibilityObjectAtk.cpp:87
#9  0x00007fcd506915d0 in WebCore::AccessibilityRenderObject::accessibilityIsIgnoredBase (this=0xe43c080) at ../../Source/WebCore/accessibility/AccessibilityRenderObject.cpp:1118
#10 0x00007fcd50691618 in WebCore::AccessibilityRenderObject::accessibilityIsIgnored (this=0xe43c080) at ../../Source/WebCore/accessibility/AccessibilityRenderObject.cpp:1132
#11 0x00007fcd506a921a in WebCore::AXObjectCache::childrenChanged (this=0x9e7bd70, obj=0xe43c080) at ../../Source/WebCore/accessibility/AXObjectCache.cpp:591
#12 0x00007fcd506a919d in WebCore::AXObjectCache::childrenChanged (this=0x9e7bd70, renderer=0xf779b48) at ../../Source/WebCore/accessibility/AXObjectCache.cpp:581
#13 0x00007fcd511d0d9c in WebCore::RenderObject::willBeDestroyed (this=0xf7db4b8) at ../../Source/WebCore/rendering/RenderObject.cpp:2374
#14 0x00007fcd51228b7b in WebCore::RenderText::willBeDestroyed (this=0xf7db4b8) at ../../Source/WebCore/rendering/RenderText.cpp:248
#15 0x00007fcd51233d2f in WebCore::RenderTextFragment::willBeDestroyed (this=0xf7db4b8) at ../../Source/WebCore/rendering/RenderTextFragment.cpp:75
#16 0x00007fcd511d1641 in WebCore::RenderObject::destroy (this=0xf7db4b8) at ../../Source/WebCore/rendering/RenderObject.cpp:2536
#17 0x00007fcd511d161a in WebCore::RenderObject::destroyAndCleanupAnonymousWrappers (this=0xf7db4b8) at ../../Source/WebCore/rendering/RenderObject.cpp:2529
#18 0x00007fcd50a5124e in WebCore::Node::detach (this=0xf807920) at ../../Source/WebCore/dom/Node.cpp:1108
#19 0x00007fcd5097de3a in WebCore::ContainerNode::removeBetween (this=0xa2f5970, previousChild=0xe34f550, nextChild=0x0, oldChild=0xf807920) at ../../Source/WebCore/dom/ContainerNode.cpp:528
#20 0x00007fcd5097dcb7 in WebCore::ContainerNode::removeChild (this=0xa2f5970, oldChild=0xf807920, ec=@0x7fffef44ce44: 0) at ../../Source/WebCore/dom/ContainerNode.cpp:510
#21 0x00007fcd50a4f856 in WebCore::Node::remove (this=0xf807920, ec=@0x7fffef44ce44: 0) at ../../Source/WebCore/dom/Node.cpp:583
#22 0x00007fcd50b382ee in WebCore::RemoveNodeCommand::doApply (this=0xe440430) at ../../Source/WebCore/editing/RemoveNodeCommand.cpp:55
#23 0x00007fcd50acecc2 in WebCore::CompositeEditCommand::applyCommandToComposite (this=0xe3f5340, prpCommand=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:257
#24 0x00007fcd50acfcb9 in WebCore::CompositeEditCommand::removeNode (this=0xe3f5340, node=..., shouldAssumeContentIsAlwaysEditable=WebCore::DoNotAssumeContentIsAlwaysEditable) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:395
#25 0x00007fcd50ac65eb in WebCore::ApplyStyleCommand::surroundNodeRangeWithElement (this=0xe3f5340, passedStartNode=..., endNode=..., elementToInsert=...) at ../../Source/WebCore/editing/ApplyStyleCommand.cpp:1337
#26 0x00007fcd50ac7622 in WebCore::ApplyStyleCommand::applyInlineStyleChange (this=0xe3f5340, passedStart=..., passedEnd=..., styleChange=..., addStyledElement=WebCore::ApplyStyleCommand::AddStyledElement) at ../../Source/WebCore/editing/ApplyStyleCommand.cpp:1448
#27 0x00007fcd50ac2ee0 in WebCore::ApplyStyleCommand::applyInlineStyleToNodeRange (this=0xe3f5340, style=0xe433450, startNode=..., pastEndNode=...) at ../../Source/WebCore/editing/ApplyStyleCommand.cpp:816
#28 0x00007fcd50ac248c in WebCore::ApplyStyleCommand::fixRangeAndApplyInlineStyle (this=0xe3f5340, style=0xe433450, start=..., end=...) at ../../Source/WebCore/editing/ApplyStyleCommand.cpp:702
#29 0x00007fcd50ac205d in WebCore::ApplyStyleCommand::applyInlineStyle (this=0xe3f5340, style=0xe433450) at ../../Source/WebCore/editing/ApplyStyleCommand.cpp:665
#30 0x00007fcd50abf15d in WebCore::ApplyStyleCommand::doApply (this=0xe3f5340) at ../../Source/WebCore/editing/ApplyStyleCommand.cpp:223
#31 0x00007fcd50acea78 in WebCore::CompositeEditCommand::apply (this=0xe3f5340) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:205
#32 0x00007fcd50ace778 in WebCore::applyCommand (command=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:162
#33 0x00007fcd50afd15f in WebCore::Editor::applyStyle (this=0x15cf568, style=0xf806ff0, editingAction=WebCore::EditActionUnspecified) at ../../Source/WebCore/editing/Editor.cpp:695
#34 0x00007fcd50af2968 in WebCore::applyCommandToFrame (frame=0x15cf000, source=WebCore::CommandFromDOM, action=WebCore::EditActionSetColor, style=0xf806ff0) at ../../Source/WebCore/editing/EditorCommand.cpp:111
#35 0x00007fcd50af2a40 in WebCore::executeApplyStyle (frame=0x15cf000, source=WebCore::CommandFromDOM, action=WebCore::EditActionSetColor, propertyID=WebCore::CSSPropertyColor, propertyValue="red") at ../../Source/WebCore/editing/EditorCommand.cpp:122
#36 0x00007fcd50af42f8 in WebCore::executeForeColor (frame=0x15cf000, source=WebCore::CommandFromDOM, value="red") at ../../Source/WebCore/editing/EditorCommand.cpp:439
#37 0x00007fcd50af7d62 in WebCore::Editor::Command::execute (this=0x7fffef44dc20, parameter="red", triggeringEvent=0x0) at ../../Source/WebCore/editing/EditorCommand.cpp:1704
#38 0x00007fcd5099bc7e in WebCore::Document::execCommand (this=0xf7c8c40, commandName="ForeColor", userInterface=false, value="red") at ../../Source/WebCore/dom/Document.cpp:4183
#39 0x00007fcd51462920 in WebCore::jsDocumentPrototypeFunctionExecCommand (exec=0x7fcd001180b0) at DerivedSources/WebCore/JSDocument.cpp:2603
#40 0x00007fcd034fa0e5 in ?? ()
#41 0x00007fffef44ddd0 in ?? ()
#42 0x00007fcd54916ac7 in llint_op_call () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Debug/.libs/libjavascriptcoregtk-3.0.so.0
#43 0x00007fcd00118058 in ?? ()
#44 0x00000000015f0980 in ?? ()
#45 0x00007fffef44dd90 in ?? ()
#46 0x00007fcd548bbdc7 in JSC::JSStack::installTrapsAfterFrame (this=0x0, frame=0x0) at ../../Source/JavaScriptCore/interpreter/JSStackInlines.h:213
#47 0x00007fcd548bab34 in JSC::JITCode::execute (this=0x7fccf82dd620, stack=0x15f0980, callFrame=0x7fcd00118058, globalData=0x1c4e210) at ../../Source/JavaScriptCore/jit/JITCode.h:134
#48 0x00007fcd548b7c6e in JSC::Interpreter::execute (this=0x15f0970, program=0x7fccf82dd600, callFrame=0x7fcd0006e388, thisObj=0x7fcd000affc0) at ../../Source/JavaScriptCore/interpreter/Interpreter.cpp:983
#49 0x00007fcd549a9600 in JSC::evaluate (exec=0x7fcd0006e388, source=..., thisValue=..., returnedException=0x7fffef44f3e0) at ../../Source/JavaScriptCore/runtime/Completion.cpp:75
#50 0x00007fcd5071be23 in WebCore::JSMainThreadExecState::evaluate (exec=0x7fcd0006e388, source=..., thisValue=..., exception=0x7fffef44f3e0) at ../../Source/WebCore/bindings/js/JSMainThreadExecState.h:77
#51 0x00007fcd5074a884 in WebCore::ScriptController::evaluateInWorld (this=0x15cf4e8, sourceCode=..., world=0x1c82ec0) at ../../Source/WebCore/bindings/js/ScriptController.cpp:141
#52 0x00007fcd5074a99a in WebCore::ScriptController::evaluate (this=0x15cf4e8, sourceCode=...) at ../../Source/WebCore/bindings/js/ScriptController.cpp:158
#53 0x00007fcd50a856dd in WebCore::ScriptElement::executeScript (this=0xf807a80, sourceCode=...) at ../../Source/WebCore/dom/ScriptElement.cpp:304
#54 0x00007fcd50a84ec6 in WebCore::ScriptElement::prepareScript (this=0xf807a80, scriptStartPosition=..., supportLegacyTypes=WebCore::ScriptElement::DisallowLegacyTypeInTypeAttribute) at ../../Source/WebCore/dom/ScriptElement.cpp:242
#55 0x00007fcd50ca8c7a in WebCore::HTMLScriptRunner::runScript (this=0xf7ab600, script=0xf807a10, scriptStartPosition=...) at ../../Source/WebCore/html/parser/HTMLScriptRunner.cpp:290
#56 0x00007fcd50ca82b5 in WebCore::HTMLScriptRunner::execute (this=0xf7ab600, scriptElement=..., scriptStartPosition=...) at ../../Source/WebCore/html/parser/HTMLScriptRunner.cpp:170
#57 0x00007fcd50c98d97 in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder (this=0xf75bff0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:207
#58 0x00007fcd50c98e49 in WebCore::HTMLDocumentParser::canTakeNextToken (this=0xf75bff0, mode=WebCore::HTMLDocumentParser::AllowYield, session=...) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:224
#59 0x00007fcd50c9925c in WebCore::HTMLDocumentParser::pumpTokenizer (this=0xf75bff0, mode=WebCore::HTMLDocumentParser::AllowYield) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:261
#60 0x00007fcd50c98c44 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0xf75bff0, mode=WebCore::HTMLDocumentParser::AllowYield) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:180
#61 0x00007fcd50c99818 in WebCore::HTMLDocumentParser::append (this=0xf75bff0, source=...) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:368
#62 0x00007fcd50986e35 in WebCore::DecodedDataDocumentParser::flush (this=0xf75bff0, writer=0xf7982a8) at ../../Source/WebCore/dom/DecodedDataDocumentParser.cpp:60
#63 0x00007fcd50e9dd91 in WebCore::DocumentWriter::end (this=0xf7982a8) at ../../Source/WebCore/loader/DocumentWriter.cpp:241
#64 0x00007fcd50e8e68c in WebCore::DocumentLoader::finishedLoading (this=0xf798200) at ../../Source/WebCore/loader/DocumentLoader.cpp:295
#65 0x00007fcd50ee0afc in WebCore::MainResourceLoader::didFinishLoading (this=0xf7bf970, finishTime=0) at ../../Source/WebCore/loader/MainResourceLoader.cpp:563
#66 0x00007fcd50ee0c77 in WebCore::MainResourceLoader::notifyFinished (this=0xf7bf970, resource=0xf7e07e0) at ../../Source/WebCore/loader/MainResourceLoader.cpp:573
#67 0x00007fcd50e6d7fe in WebCore::CachedResource::checkNotify (this=0xf7e07e0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:336
#68 0x00007fcd50e6d858 in WebCore::CachedResource::data (this=0xf7e07e0, allDataReceived=true) at ../../Source/WebCore/loader/cache/CachedResource.cpp:345
#69 0x00007fcd50e6ae8c in WebCore::CachedRawResource::data (this=0xf7e07e0, data=..., allDataReceived=true) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:72
#70 0x00007fcd50ef7e12 in WebCore::SubresourceLoader::didFinishLoading (this=0xf747cc0, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:276
#71 0x00007fcd50eed7b9 in WebCore::ResourceLoader::didFinishLoading (this=0xf747cc0, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:457
#72 0x00007fcd518297ab in WebCore::readCallback (asyncResult=0xc08e350, data=0x9512b90) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1346
#73 0x00007fcd4f331e5f in async_ready_callback_wrapper () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0
#74 0x00007fcd4f34c7ea in g_simple_async_result_complete () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0
#75 0x00007fcd4f34c9b2 in complete_in_idle_cb_for_thread () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0
#76 0x00007fcd4f179fd1 in g_idle_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#77 0x00007fcd4f177903 in g_main_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#78 0x00007fcd4f1784b3 in g_main_context_dispatch () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#79 0x00007fcd4f1786a3 in g_main_context_iterate () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#80 0x00007fcd4f178ad3 in g_main_loop_run () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0
#81 0x00007fcd4fcc0e22 in gtk_main () from /home/slave/webkitgtk/gtk-linux-64-debug/build/WebKitBuild/Dependencies/Root/lib64/libgtk-3.so.0
#82 0x00000000004953bf in runTest (inputLine=...) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:761
#83 0x0000000000494afd in runTestingServerLoop () at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:551
#84 0x0000000000497da3 in main (argc=2, argv=0x7fffef450aa8) at ../../Tools/DumpRenderTree/gtk/DumpRenderTree.cpp:1503

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list