[Webkit-unassigned] [Bug 118056] New: ASSERTION FAILED: !collection->hasExactlyOneItem() in WebCore::namedItemGetter

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Jun 26 05:57:35 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=118056

           Summary: ASSERTION FAILED: !collection->hasExactlyOneItem() in
                    WebCore::namedItemGetter
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Bindings
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: reni at webkit.org
            Blocks: 116980


The test below fails on the assertion above:


<html>
    <a id="logger"></a>
    <svg id="logger"></svg>
    <body onselectionchange="logger(foo)"></body>
    <select contenteditable="plaintext-only" autofocus="autofocus"></select>
</html>


BackTrace:


Program received signal SIGSEGV, Segmentation fault.
0x00007ffff5760ba5 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:339
339        *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0  0x00007ffff5760ba5 in WTFCrash () at /home/reni/Data/REPOS/webkit_sec/Source/WTF/wtf/Assertions.cpp:339
#1  0x00007ffff3fe48d6 in WebCore::namedItemGetter (exec=0x7fffe4180060, slotBase=..., propertyName=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/bindings/js/JSDOMWindowCustom.cpp:105
#2  0x00007ffff3e3e158 in JSC::PropertySlot::getValue (this=0x7fffffffc520, exec=0x7fffe4180060, propertyName=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/runtime/PropertySlot.h:76
#3  0x00007ffff56f48fb in JSC::JSScope::resolveWithThis (callFrame=0x7fffe4180060, identifier=..., base=0x7fffe4180070, operations=0x7668c0)
    at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/runtime/JSScope.cpp:531
#4  0x00007ffff5607c86 in JSC::LLInt::llint_slow_path_resolve_with_this (exec=0x7fffe4180060, pc=0x772d80)
    at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/llint/LLIntSlowPaths.cpp:876
#5  0x00007ffff5612eea in llint_op_resolve_with_this () from /home/reni/Data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libQt5WebKit.so.5
#6  0x00007fffe4180060 in ?? ()
#7  0x000000000074b960 in ?? ()
#8  0x00007fffffffc6f0 in ?? ()
#9  0x00007ffff55bcd6d in JSC::JSStack::installTrapsAfterFrame (this=0x0, frame=0x0)
    at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/interpreter/JSStackInlines.h:212
#10 0x00007ffff55bbccc in JSC::JITCode::execute (this=0x7fff863efe90, stack=0x74b960, callFrame=0x7fffe4180060, vm=0x7d3110)
    at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/jit/JITCode.h:135
#11 0x00007ffff55b9999 in JSC::Interpreter::executeCall (this=0x74b950, callFrame=0x7fffe405f8d8, function=0x7fff9c06f2b0, callType=JSC::CallTypeJS, 
    callData=..., thisValue=..., args=...) at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/interpreter/Interpreter.cpp:1052
#12 0x00007ffff568f867 in JSC::call (exec=0x7fffe405f8d8, functionObject=..., callType=JSC::CallTypeJS, callData=..., thisValue=..., args=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/JavaScriptCore/runtime/CallData.cpp:40
#13 0x00007ffff3fcf08b in WebCore::JSMainThreadExecState::call (exec=0x7fffe405f8d8, functionObject=..., callType=JSC::CallTypeJS, callData=..., 
    thisValue=..., args=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/bindings/js/JSMainThreadExecState.h:56
#14 0x00007ffff3ffda81 in WebCore::JSEventListener::handleEvent (this=0x8a4100, scriptExecutionContext=0x8631d0, event=0x8bcd90)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/bindings/js/JSEventListener.cpp:130
#15 0x00007ffff42b6400 in WebCore::EventTarget::fireEventListeners (this=0x863120, event=0x8bcd90, d=0x8a41a0, entry=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/EventTarget.cpp:248
#16 0x00007ffff42b606d in WebCore::EventTarget::fireEventListeners (this=0x863120, event=0x8bcd90)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/EventTarget.cpp:190
#17 0x00007ffff42e16cd in WebCore::Node::handleLocalEvents (this=0x863120, event=0x8bcd90)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Node.cpp:2205
#18 0x00007ffff42a8cd6 in WebCore::EventContext::handleLocalEvents (this=0x756d80, event=0x8bcd90)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/EventContext.cpp:58
#19 0x00007ffff42aaa97 in WebCore::EventDispatcher::dispatchEventAtTarget (this=0x7fffffffcd90)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/EventDispatcher.cpp:162
#20 0x00007ffff42aa754 in WebCore::EventDispatcher::dispatch (this=0x7fffffffcd90)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/EventDispatcher.cpp:119
#21 0x00007ffff42a9651 in WebCore::EventDispatchMediator::dispatchEvent (this=0x711e80, dispatcher=0x7fffffffcd90)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/EventDispatchMediator.cpp:54
#22 0x00007ffff42a9d01 in WebCore::EventDispatcher::dispatchEvent (node=0x863120, mediator=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/EventDispatcher.cpp:53
#23 0x00007ffff42e18e2 in WebCore::Node::dispatchEvent (this=0x863120, event=...) at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/Node.cpp:2226
#24 0x00007ffff4274e29 in WebCore::DocumentEventQueue::dispatchEvent (this=0x7890a0, event=...)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/DocumentEventQueue.cpp:147
#25 0x00007ffff4274cf2 in WebCore::DocumentEventQueue::pendingEventTimerFired (this=0x7890a0)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/DocumentEventQueue.cpp:137
#26 0x00007ffff4274506 in WebCore::DocumentEventQueueTimer::fired (this=0x789130)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/dom/DocumentEventQueue.cpp:48
#27 0x00007ffff4838a04 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x6d6990)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ThreadTimers.cpp:129
#28 0x00007ffff48388f1 in WebCore::ThreadTimers::sharedTimerFired () at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/ThreadTimers.cpp:105
#29 0x00007ffff4b2ab22 in WebCore::SharedTimerQt::timerEvent (this=0x6d69c0, ev=0x7fffffffd760)
    at /home/reni/Data/REPOS/webkit_sec/Source/WebCore/platform/qt/SharedTimerQt.cpp:113
#30 0x00007ffff229b66c in QObject::event(QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#31 0x00007ffff30e1dbc in QApplicationPrivate::notify_helper(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
#32 0x00007ffff30e5075 in QApplication::notify(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Widgets.so.5
---Type <return> to continue, or q <return> to quit--- 
#33 0x00007ffff2275dbe in QCoreApplication::notifyInternal(QObject*, QEvent*) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#34 0x00007ffff22bc75c in QTimerInfoList::activateTimers() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#35 0x00007ffff22bd094 in ?? () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#36 0x00007fffee40bf05 in g_main_dispatch (context=0x6632f0) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3054
#37 g_main_context_dispatch (context=context at entry=0x6632f0) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3630
#38 0x00007fffee40c248 in g_main_context_iterate (context=context at entry=0x6632f0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>)
    at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3701
#39 0x00007fffee40c304 in g_main_context_iteration (context=0x6632f0, may_block=1) at /build/buildd/glib2.0-2.36.0/./glib/gmain.c:3762
#40 0x00007ffff22bd4bc in QEventDispatcherGlib::processEvents(QFlags<QEventLoop::ProcessEventsFlag>) ()
   from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#41 0x00007ffff2274d3b in QEventLoop::exec(QFlags<QEventLoop::ProcessEventsFlag>) () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#42 0x00007ffff2278120 in QCoreApplication::exec() () from /usr/local/Trolltech/Qt5/Qt-5.0.0-r40/lib/libQt5Core.so.5
#43 0x0000000000421ba0 in launcherMain (app=...) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:49
#44 0x0000000000423680 in main (argc=2, argv=0x7fffffffdca8) at /home/reni/Data/REPOS/webkit_sec/Tools/QtTestBrowser/qttestbrowser.cpp:318

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list