[Webkit-unassigned] [Bug 99266] ASSERTION FAILED: !lookupForWriting(Extractor::extract(entry)).second : void WTF::HashTable<WTF::RefPtr<WebCore::SecurityOrigin>

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue May 7 21:28:18 PDT 2013 

https://bugs.webkit.org/show_bug.cgi?id=99266





--- Comment #5 from Stephen <sfcheng at gmail.com>  2013-05-07 21:26:42 PST ---
I produced the same bug on another website. Just go to www.alipay.com and login with my account. It will crash immediately. 

It crashes right at this line:

    template<typename Key, typename Value, typename Extractor, typename HashFunctions, typename Traits, typename KeyTraits>
    inline void HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::reinsert(ValueType& entry)
    {
        ASSERT(m_table);
        ASSERT(!lookupForWriting(Extractor::extract(entry)).second);  <- Crash here.

Here is the stack trace:

     ntdll.dll!_ZwRaiseException at 12()  + 0x12 bytes    
     ntdll.dll!_ZwRaiseException at 12()  + 0x12 bytes    
>	Qt5WebKitd.dll!WTF::HashTable<WTF::RefPtr<WebCore::SecurityOrigin>,WTF::KeyValuePair<WTF::RefPtr<WebCore::SecurityOrigin>,WTF::RefPtr<WebCore::StorageAreaImpl> >,WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::RefPtr<WebCore::SecurityOrigin>,WTF::RefPtr<WebCore::StorageAreaImpl> > >,WebCore::SecurityOriginHash,WTF::KeyValuePairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::SecurityOrigin> >,WTF::HashTraits<WTF::RefPtr<WebCore::StorageAreaImpl> > >,WTF::HashTraits<WTF::RefPtr<WebCore::SecurityOrigin> > >::reinsert(WTF::KeyValuePair<WTF::RefPtr<WebCore::SecurityOrigin>,WTF::RefPtr<WebCore::StorageAreaImpl> > & entry={...})  Line 952 + 0x47 bytes	C++
     Qt5WebKitd.dll!WTF::HashTable<WTF::RefPtr<WebCore::SecurityOrigin>,WTF::KeyValuePair<WTF::RefPtr<WebCore::SecurityOrigin>,WTF::RefPtr<WebCore::StorageAreaImpl> >,WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::RefPtr<WebCore::SecurityOrigin>,WTF::RefPtr<WebCore::StorageAreaImpl> > >,WebCore::SecurityOriginHash,WTF::KeyValuePairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::SecurityOrigin> >,WTF::HashTraits<WTF::RefPtr<WebCore::StorageAreaImpl> > >,WTF::HashTraits<WTF::RefPtr<WebCore::SecurityOrigin> > >::rehash(int newTableSize=16)  Line 1135    C++
     Qt5WebKitd.dll!WTF::HashTable<WTF::RefPtr<WebCore::SecurityOrigin>,WTF::KeyValuePair<WTF::RefPtr<WebCore::SecurityOrigin>,WTF::RefPtr<WebCore::StorageAreaImpl> >,WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::RefPtr<WebCore::SecurityOrigin>,WTF::RefPtr<WebCore::StorageAreaImpl> > >,WebCore::SecurityOriginHash,WTF::KeyValuePairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::SecurityOrigin> >,WTF::HashTraits<WTF::RefPtr<WebCore::StorageAreaImpl> > >,WTF::HashTraits<WTF::RefPtr<WebCore::SecurityOrigin> > >::expand()  Line 1107    C++
     Qt5WebKitd.dll!WTF::HashTable<WTF::RefPtr<WebCore::SecurityOrigin>,WTF::KeyValuePair<WTF::RefPtr<WebCore::SecurityOrigin>,WTF::RefPtr<WebCore::StorageAreaImpl> >,WTF::KeyValuePairKeyExtractor<WTF::KeyValuePair<WTF::RefPtr<WebCore::SecurityOrigin>,WTF::RefPtr<WebCore::StorageAreaImpl> > >,WebCore::SecurityOriginHash,WTF::KeyValuePairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::SecurityOrigin> >,WTF::HashTraits<WTF::RefPtr<WebCore::StorageAreaImpl> > >,WTF::HashTraits<WTF::RefPtr<WebCore::SecurityOrigin> > >::add<WTF::HashMapTranslator<WTF::KeyValuePairHashTraits<WTF::HashTraits<WTF::RefPtr<WebCore::SecurityOrigin> >,WTF::HashTraits<WTF::RefPtr<WebCore::StorageAreaImpl> > >,WebCore::SecurityOriginHash>,WTF::RefPtr<WebCore::SecurityOrigin>,WTF::PassRefPtr<WebCore::StorageAreaImpl> >(const WTF::RefPtr<WebCore::SecurityOrigin> & key={...}, const WTF::PassRefPtr<WebCore::StorageAreaImpl> & extra={...})  Line 893    C++
     Qt5WebKitd.dll!WTF::HashMap<WTF::RefPtr<WebCore::SecurityOrigin>,WTF::RefPtr<WebCore::StorageAreaImpl>,WebCore::SecurityOriginHash,WTF::HashTraits<WTF::RefPtr<WebCore::SecurityOrigin> >,WTF::HashTraits<WTF::RefPtr<WebCore::StorageAreaImpl> > >::inlineAdd(const WTF::RefPtr<WebCore::SecurityOrigin> & key={...}, WTF::PassRefPtr<WebCore::StorageAreaImpl> & mapped={...})  Line 202 + 0x14 bytes    C++
     Qt5WebKitd.dll!WTF::HashMap<WTF::RefPtr<WebCore::SecurityOrigin>,WTF::RefPtr<WebCore::StorageAreaImpl>,WebCore::SecurityOriginHash,WTF::HashTraits<WTF::RefPtr<WebCore::SecurityOrigin> >,WTF::HashTraits<WTF::RefPtr<WebCore::StorageAreaImpl> > >::set(const WTF::RefPtr<WebCore::SecurityOrigin> & key={...}, WTF::PassRefPtr<WebCore::StorageAreaImpl> mapped={...})  Line 217    C++
     Qt5WebKitd.dll!WebCore::StorageNamespaceImpl::storageArea(WTF::PassRefPtr<WebCore::SecurityOrigin> prpOrigin={...})  Line 115 + 0x34 bytes    C++
     Qt5WebKitd.dll!WebCore::DOMWindow::localStorage(int & ec=0)  Line 802 + 0x37 bytes    C++
     Qt5WebKitd.dll!WebCore::jsDOMWindowLocalStorage(JSC::ExecState * exec=0x11f200b8, JSC::JSValue slotBase={...}, JSC::PropertyName __formal={...})  Line 1936 + 0xc bytes    C++
     Qt5WebKitd.dll!JSC::PropertySlot::getValue(JSC::ExecState * exec=0x11f200b8, JSC::PropertyName propertyName={...})  Line 76 + 0x26 bytes    C++
     Qt5WebKitd.dll!JSC::JSValue::get(JSC::ExecState * exec=0x11f200b8, JSC::PropertyName propertyName={...}, JSC::PropertySlot & slot={...})  Line 1465 + 0x14 bytes    C++
     Qt5WebKitd.dll!cti_op_get_by_id(void * * args=0x0016b87c)  Line 1532    C++
     Qt5WebKitd.dll!@cti_op_create_this at 4()  + 0xdf bytes    C++
     Qt5WebKitd.dll!JSC::JITCode::execute(JSC::JSStack * stack=0x0ec3c558, JSC::ExecState * callFrame=0x11f20058, JSC::JSGlobalData * globalData=0x136d2950)  Line 134 + 0x29 bytes    C++
     Qt5WebKitd.dll!JSC::Interpreter::execute(JSC::ProgramExecutable * program=0x1242fc60, JSC::ExecState * callFrame=0x0da6f3a8, JSC::JSObject * thisObj=0x0d8effe0)  Line 979 + 0x28 bytes    C++
     Qt5WebKitd.dll!JSC::evaluate(JSC::ExecState * exec=0x0da6f3a8, const JSC::SourceCode & source={...}, JSC::JSValue thisValue={...}, JSC::JSValue * returnedException=0x0016c43c)  Line 77    C++
     Qt5WebKitd.dll!WebCore::JSMainThreadExecState::evaluate(JSC::ExecState * exec=0x0da6f3a8, const JSC::SourceCode & source={...}, JSC::JSValue thisValue={...}, JSC::JSValue * exception=0x0016c43c)  Line 77 + 0x1d bytes    C++
     Qt5WebKitd.dll!WebCore::ScriptController::evaluateInWorld(const WebCore::ScriptSourceCode & sourceCode={...}, WebCore::DOMWrapperWorld * world=0x0ec52a28)  Line 142 + 0x23 bytes    C++
     Qt5WebKitd.dll!WebCore::ScriptController::evaluate(const WebCore::ScriptSourceCode & sourceCode={...})  Line 159 + 0x16 bytes    C++
     Qt5WebKitd.dll!WebCore::ScriptElement::executeScript(const WebCore::ScriptSourceCode & sourceCode={...})  Line 304 + 0x17 bytes    C++
     Qt5WebKitd.dll!WebCore::HTMLScriptRunner::executePendingScriptAndDispatchEvent(WebCore::PendingScript & pendingScript={...})  Line 140    C++
     Qt5WebKitd.dll!WebCore::HTMLScriptRunner::executeParsingBlockingScript()  Line 119    C++
     Qt5WebKitd.dll!WebCore::HTMLScriptRunner::executeParsingBlockingScripts()  Line 190 + 0x8 bytes    C++
     Qt5WebKitd.dll!WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element> scriptElement={...}, const WTF::TextPosition & scriptStartPosition={...})  Line 180    C++
     Qt5WebKitd.dll!WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder()  Line 206    C++
     Qt5WebKitd.dll!WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode mode=AllowYield, WebCore::PumpSession & session={...})  Line 223    C++
     Qt5WebKitd.dll!WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode mode=AllowYield)  Line 259 + 0x10 bytes    C++
     Qt5WebKitd.dll!WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode mode=AllowYield)  Line 179    C++
     Qt5WebKitd.dll!WebCore::HTMLDocumentParser::append(const WebCore::SegmentedString & source={...})  Line 368    C++
     Qt5WebKitd.dll!WebCore::DecodedDataDocumentParser::appendBytes(WebCore::DocumentWriter * writer=0x16198920, const char * data=0x20c5ca18, unsigned int length=24933)  Line 50 + 0x1d bytes    C++
     Qt5WebKitd.dll!WebCore::DocumentWriter::addData(const char * bytes=0x20c5ca18, unsigned int length=24933)  Line 222    C++
     Qt5WebKitd.dll!WebCore::DocumentLoader::commitData(const char * bytes=0x20c5ca18, unsigned int length=24933)  Line 363    C++
     Qt5WebKitd.dll!WebCore::FrameLoaderClientQt::committedLoad(WebCore::DocumentLoader * loader=0x161988a8, const char * data=0x20c5ca18, int length=24933)  Line 877    C++
     Qt5WebKitd.dll!WebCore::DocumentLoader::commitLoad(const char * data=0x20c5ca18, int length=24933)  Line 325    C++
     Qt5WebKitd.dll!WebCore::DocumentLoader::receivedData(const char * data=0x20c5ca18, int length=24933)  Line 394    C++
     Qt5WebKitd.dll!WebCore::MainResourceLoader::addData(const char * data=0x20c5ca18, int length=24933, bool allAtOnce=false)  Line 190    C++
     Qt5WebKitd.dll!WebCore::ResourceLoader::didReceiveData(const char * data=0x20c5ca18, int length=24933, __int64 encodedDataLength=-1, bool allAtOnce=false)  Line 293    C++
     Qt5WebKitd.dll!WebCore::MainResourceLoader::didReceiveData(const char * data=0x20c5ca18, int length=24933, __int64 encodedDataLength=-1, bool allAtOnce=false)  Line 488    C++
     Qt5WebKitd.dll!WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle * __formal=0x1af38cc0, const char * data=0x20c5ca18, int length=24933, int encodedDataLength=-1)  Line 448    C++
     Qt5WebKitd.dll!WebCore::QNetworkReplyHandler::forwardData()  Line 674    C++
     Qt5WebKitd.dll!WebCore::QNetworkReplyHandlerCallQueue::flush()  Line 249 + 0x13 bytes    C++
     Qt5WebKitd.dll!WebCore::QNetworkReplyHandlerCallQueue::unlock()  Line 230    C++
     Qt5WebKitd.dll!WebCore::QueueLocker::~QueueLocker()  Line 257 + 0x11 bytes    C++
     Qt5WebKitd.dll!WebCore::QNetworkReplyWrapper::emitMetaDataChanged()  Line 390 + 0x8 bytes    C++
     Qt5WebKitd.dll!WebCore::QNetworkReplyWrapper::receiveSniffedMIMEType()  Line 360    C++
     Qt5WebKitd.dll!WebCore::QNetworkReplyWrapper::receiveMetaData()  Line 346    C++
     Qt5WebKitd.dll!WebCore::QNetworkReplyWrapper::qt_static_metacall(QObject * _o=0x15f8d1e8, QMetaObject::Call _c=InvokeMetaMethod, int _id=0, void * * _a=0x0016c9d0)  Line 171 + 0x8 bytes    C++
     Qt5Cored.dll!QMetaObject::activate(QObject * sender=0x1cfb2df8, int signalOffset=3, int local_signal_index=0, void * * argv=0x00000000)  Line 3445 + 0x2e bytes    C++
     Qt5Cored.dll!QMetaObject::activate(QObject * sender=0x1cfb2df8, const QMetaObject * m=0x6749dcfc, int local_signal_index=0, void * * argv=0x00000000)  Line 3320 + 0x1e bytes    C++
     Qt5Cored.dll!QIODevice::readyRead()  Line 153 + 0x12 bytes    C++
     Qt5Networkd.dll!QNetworkReplyHttpImplPrivate::replyDownloadData(QByteArray d={...})  Line 1029    C++
     Qt5Networkd.dll!QNetworkReplyHttpImpl::qt_static_metacall(QObject * _o=0x1cfb2df8, QMetaObject::Call _c=InvokeMetaMethod, int _id=15, void * * _a=0x0d2dd3b8)  Line 211 + 0x1f bytes    C++
     Qt5Cored.dll!QMetaCallEvent::placeMetaCall(QObject * object=0x1cfb2df8)  Line 479 + 0x1d bytes    C++
     Qt5Cored.dll!QObject::event(QEvent * e=0x1681eeb8)  Line 1071    C++
     Qt5Widgetsd.dll!QApplicationPrivate::notify_helper(QObject * receiver=0x1cfb2df8, QEvent * e=0x1681eeb8)  Line 3398 + 0x11 bytes    C++
     Qt5Widgetsd.dll!QApplication::notify(QObject * receiver=0x1cfb2df8, QEvent * e=0x1681eeb8)  Line 2829 + 0x10 bytes    C++
     Qt5Cored.dll!QCoreApplication::notifyInternal(QObject * receiver=0x1cfb2df8, QEvent * event=0x1681eeb8)  Line 767 + 0x15 bytes    C++
     Qt5Cored.dll!QCoreApplication::sendEvent(QObject * receiver=0x1cfb2df8, QEvent * event=0x1681eeb8)  Line 203 + 0x39 bytes    C++
     Qt5Cored.dll!QCoreApplicationPrivate::sendPostedEvents(QObject * receiver=0x00000000, int event_type=0, QThreadData * data=0x0be8db88)  Line 1368 + 0x12 bytes    C++
     Qt5Cored.dll!QCoreApplication::sendPostedEvents(QObject * receiver=0x00000000, int event_type=0)  Line 1228 + 0x11 bytes    C++
     Qt5Guid.dll!QWindowSystemInterface::sendWindowSystemEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 515 + 0xa bytes    C++
     qwindowsd.dll!QWindowsGuiEventDispatcher::sendPostedEvents()  Line 86 + 0xd bytes    C++
     Qt5Cored.dll!qt_internal_proc(HWND__ * hwnd=0x049b16e6, unsigned int message=1025, unsigned int wp=0, long lp=0)  Line 423    C++
     user32.dll!_InternalCallWinProc at 20()  + 0x23 bytes    
     user32.dll!_UserCallWinProcCheckWow at 32()  + 0xb7 bytes    
     user32.dll!_DispatchMessageWorker at 8()  + 0xed bytes    
     user32.dll!_DispatchMessageW at 4()  + 0xf bytes    
     Qt5Cored.dll!QEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 744    C++
     qwindowsd.dll!QWindowsGuiEventDispatcher::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 78 + 0xd bytes    C++
     Qt5Cored.dll!QEventLoop::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 137    C++
     Qt5Cored.dll!QEventLoop::exec(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 212 + 0x26 bytes    C++
     Qt5Cored.dll!QCoreApplication::exec()  Line 1020 + 0x15 bytes    C++
     Qt5Guid.dll!QGuiApplication::exec()  Line 1184    C++
     Qt5Widgetsd.dll!QApplication::exec()  Line 2674    C++

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list