[Webkit-unassigned] [Bug 117502] New: ASSERTION FAILED: m_frame->document()->securityOrigin()->isUnique() in WebCore::ScriptController::canExecuteScripts

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jun 11 01:51:38 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=117502

           Summary: ASSERTION FAILED:
                    m_frame->document()->securityOrigin()->isUnique() in
                    WebCore::ScriptController::canExecuteScripts
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: reni at webkit.org
                CC: abarth at webkit.org, japhet at chromium.org
            Blocks: 116980


The following test fails on the above assertion:

<html>
<body onload="frames[0].location = 'javascript:"FAIL<script>document.body.firstChild.data=location</script>"'">
    <iframe viewsource="1"></iframe>
</html>


Backtrace:

Program received signal SIGSEGV, Segmentation fault.
0x00007ffff574cc01 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:339
339        *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff574cc01 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:339
#1  0x00007ffff3f974e3 in WebCore::ScriptController::canExecuteScripts (this=0x8ae290, reason=WebCore::NotAboutToExecuteScript)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/bindings/ScriptControllerBase.cpp:50
#2  0x00007ffff46295e2 in WebCore::FrameLoader::dispatchDidClearWindowObjectsInAllWorlds (this=0x8adca8)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:3223
#3  0x00007ffff461de14 in WebCore::FrameLoader::didBeginDocument (this=0x8adca8, dispatch=true)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:659
#4  0x00007ffff4615c33 in WebCore::DocumentWriter::begin (this=0x8b8b90, urlReference=..., dispatch=true, ownerDocument=0x8ba780)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:154
#5  0x00007ffff46155a1 in WebCore::DocumentWriter::replaceDocument (this=0x8b8b90, source=..., ownerDocument=0x8ba780)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/DocumentWriter.cpp:71
#6  0x00007ffff3f97a12 in WebCore::ScriptController::executeIfJavaScriptURL (this=0x8ae290, url=..., 
    shouldReplaceDocumentIfJavaScriptURL=WebCore::ReplaceDocumentIfJavaScriptURL)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/bindings/ScriptControllerBase.cpp:117
#7  0x00007ffff461c4a4 in WebCore::FrameLoader::urlSelected (this=0x8adca8, passedRequest=..., triggeringEvent=..., lockHistory=true, 
    lockBackForwardList=true, shouldSendReferrer=WebCore::MaybeSendReferrer, shouldReplaceDocumentIfJavaScriptURL=WebCore::ReplaceDocumentIfJavaScriptURL)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:307
#8  0x00007ffff461c25a in WebCore::FrameLoader::changeLocation (this=0x8adca8, securityOrigin=0x750bc0, url=..., referrer=..., lockHistory=true, 
    lockBackForwardList=true, refresh=false) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/FrameLoader.cpp:289
#9  0x00007ffff4644768 in WebCore::ScheduledURLNavigation::fire (this=0x8e9ef0, frame=0x8adc20)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/NavigationScheduler.cpp:111
#10 0x00007ffff4645fc5 in WebCore::NavigationScheduler::timerFired (this=0x8ade60)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/loader/NavigationScheduler.cpp:426
#11 0x00007ffff4646e17 in WebCore::Timer<WebCore::NavigationScheduler>::fired (this=0x8ade68)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/Timer.h:113
#12 0x00007ffff4819c6e in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x6d6ae0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ThreadTimers.cpp:129
#13 0x00007ffff4819b5b in WebCore::ThreadTimers::sharedTimerFired () at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ThreadTimers.cpp:105
#14 0x00007ffff4b0a838 in WebCore::SharedTimerQt::timerEvent (this=0x6d6b10, ev=0x7fffffffd660)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/qt/SharedTimerQt.cpp:113
#15 0x00007ffff227a66c in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#16 0x00007ffff30c0dbc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#17 0x00007ffff30c4075 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#18 0x00007ffff2254dbe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#19 0x00007ffff229b75c in QTimerInfoList::activateTimers() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#20 0x00007ffff229c094 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#21 0x00007fffee3eaf05 in g_main_dispatch (context=0x6632f0) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3054
#22 g_main_context_dispatch (context=context at entry=0x6632f0) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3630
#23 0x00007fffee3eb248 in g_main_context_iterate (context=context at entry=0x6632f0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>)
    at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3701
#24 0x00007fffee3eb304 in g_main_context_iteration (context=0x6632f0, may_block=1) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3762
#25 0x00007ffff229c4bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#26 0x00007ffff2253d3b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#27 0x00007ffff2257120 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#28 0x0000000000421ba0 in launcherMain (app=...) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:49
#29 0x0000000000423680 in main (argc=2, argv=0x7fffffffdba8) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:318

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list