[Webkit-unassigned] [Bug 135284] New: ASSERTION FAILED: lineageOfType<HTMLCanvasElement>(*this).first() in WebCore::Element::isFocusable
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 25 00:48:59 PDT 2014
https://bugs.webkit.org/show_bug.cgi?id=135284
Summary: ASSERTION FAILED:
lineageOfType<HTMLCanvasElement>(*this).first() in
WebCore::Element::isFocusable
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: HTML DOM
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: rhodovan.u-szeged at partner.samsung.com
CC: darin at apple.com, koivisto at iki.fi
Blocks: 116980
Created an attachment (id=235506)
--> (https://bugs.webkit.org/attachment.cgi?id=235506&action=review)
Test case
Test case to reproduce the issue:
<s>
<canvas>
<h3>
<svg>
<animatemotion onload=""/>
<var/>
<keygen autofocus/>
</s>
Backtrace:
ASSERTION FAILED: lineageOfType<HTMLCanvasElement>(*this).first()
../../Source/WebCore/dom/Element.cpp(440) : virtual bool WebCore::Element::isFocusable() const
1 0x7ffff3025dd3 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(WTFCrash+0x1e) [0x7ffff3025dd3]
2 0x7ffff35a023a /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZNK7WebCore7Element11isFocusableEv+0xb2) [0x7ffff35a023a]
3 0x7ffff3754fd2 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZNK7WebCore22HTMLFormControlElement11isFocusableEv+0x98) [0x7ffff3754fd2]
4 0x7ffff35a5a13 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore7Element5focusEbNS_14FocusDirectionE+0x9b) [0x7ffff35a5a13]
5 0x7ffff3754a18 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(+0x47cda18) [0x7ffff3754a18]
6 0x7ffff3755ae4 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(+0x47ceae4) [0x7ffff3755ae4]
7 0x7ffff2c0b22a /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZNKSt8functionIFvvEEclEv+0x32) [0x7ffff2c0b22a]
8 0x7ffff4025b3f /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore5Style30PostResolutionCallbackDisablerD1Ev+0x45) [0x7ffff4025b3f]
9 0x7ffff3548421 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore8Document11recalcStyleENS_5Style6ChangeE+0x243) [0x7ffff3548421]
10 0x7ffff3548657 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore8Document19updateStyleIfNeededEv+0x17f) [0x7ffff3548657]
11 0x7ffff3551ff5 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore8Document15finishedParsingEv+0x1b3) [0x7ffff3551ff5]
12 0x7ffff3845215 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore20HTMLConstructionSite15finishedParsingEv+0x1b) [0x7ffff3845215]
13 0x7ffff387f8ad /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore15HTMLTreeBuilder8finishedEv+0xa1) [0x7ffff387f8ad]
14 0x7ffff384cdb0 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore18HTMLDocumentParser3endEv+0x8e) [0x7ffff384cdb0]
15 0x7ffff384ce9b /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore18HTMLDocumentParser33attemptToRunDeferredScriptsAndEndEv+0xe9) [0x7ffff384ce9b]
16 0x7ffff384ba09 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore18HTMLDocumentParser20prepareToStopParsingEv+0xf7) [0x7ffff384ba09]
17 0x7ffff384cede /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore18HTMLDocumentParser12attemptToEndEv+0x40) [0x7ffff384cede]
18 0x7ffff384cf95 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore18HTMLDocumentParser6finishEv+0x3f) [0x7ffff384cf95]
19 0x7ffff399c935 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore14DocumentWriter3endEv+0x119) [0x7ffff399c935]
20 0x7ffff398998b /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore14DocumentLoader15finishedLoadingEd+0x209) [0x7ffff398998b]
21 0x7ffff39896f4 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore14DocumentLoader14notifyFinishedEPNS_14CachedResourceE+0x10e) [0x7ffff39896f4]
22 0x7ffff3a2ff8d /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore14CachedResource11checkNotifyEv+0x93) [0x7ffff3a2ff8d]
23 0x7ffff3a30074 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore14CachedResource13finishLoadingEPNS_14ResourceBufferE+0x3a) [0x7ffff3a30074]
24 0x7ffff3a2d02e /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore17CachedRawResource13finishLoadingEPNS_14ResourceBufferE+0xca) [0x7ffff3a2d02e]
25 0x7ffff39e3cc4 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore17SubresourceLoader16didFinishLoadingEd+0x1de) [0x7ffff39e3cc4]
26 0x7ffff39e01b1 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(_ZN7WebCore14ResourceLoader16didFinishLoadingEPNS_14ResourceHandleEd+0x3b) [0x7ffff39e01b1]
27 0x7ffff42a1205 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Debug/lib/libwebkit2gtk-3.0.so.25(+0x531a205) [0x7ffff42a1205]
28 0x7fffec2862ea /home/reni/data/REPOS/webkit_sec/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0(+0x5a2ea) [0x7fffec2862ea]
29 0x7fffec2a5ceb /home/reni/data/REPOS/webkit_sec/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0(+0x79ceb) [0x7fffec2a5ceb]
30 0x7fffec2a5d09 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Dependencies/Root/lib64/libgio-2.0.so.0(+0x79d09) [0x7fffec2a5d09]
31 0x7fffeb4fc2e6 /home/reni/data/REPOS/webkit_sec/WebKitBuild/Dependencies/Root/lib64/libglib-2.0.so.0(g_main_context_dispatch+0x146) [0x7fffeb4fc2e6]
Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff97334700 (LWP 17423)]
0x00007ffff3025dd8 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:329
329 *(int *)(uintptr_t)0xbbadbeef = 0;
(gdb) bt
#0 0x00007ffff3025dd8 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:329
#1 0x00007ffff35a023a in WebCore::Element::isFocusable (this=0x8e89e0) at ../../Source/WebCore/dom/Element.cpp:440
#2 0x00007ffff3754fd2 in WebCore::HTMLFormControlElement::isFocusable (this=0x8e89e0) at ../../Source/WebCore/html/HTMLFormControlElement.cpp:314
#3 0x00007ffff35a5a13 in WebCore::Element::focus (this=0x8e89e0, restorePreviousSelection=true, direction=WebCore::FocusDirectionNone)
at ../../Source/WebCore/dom/Element.cpp:1925
#4 0x00007ffff3754a18 in WebCore::HTMLFormControlElement::__lambda2::operator() (__closure=0x669260)
at ../../Source/WebCore/html/HTMLFormControlElement.cpp:224
#5 0x00007ffff3755ae4 in std::_Function_handler<void(), WebCore::HTMLFormControlElement::didAttachRenderers()::__lambda2>::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/4.8/functional:2071
#6 0x00007ffff2c0b22a in std::function<void ()>::operator()() const (this=0x87e840) at /usr/include/c++/4.8/functional:2464
#7 0x00007ffff4025b3f in WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler (this=0x7fffffffd2a6,
__in_chrg=<optimized out>) at ../../Source/WebCore/style/StyleResolveTree.cpp:1017
#8 0x00007ffff3548421 in WebCore::Document::recalcStyle (this=0x981e00, change=WebCore::Style::NoChange)
at ../../Source/WebCore/dom/Document.cpp:1761
#9 0x00007ffff3548657 in WebCore::Document::updateStyleIfNeeded (this=0x981e00) at ../../Source/WebCore/dom/Document.cpp:1794
#10 0x00007ffff3551ff5 in WebCore::Document::finishedParsing (this=0x981e00) at ../../Source/WebCore/dom/Document.cpp:4510
#11 0x00007ffff3845215 in WebCore::HTMLConstructionSite::finishedParsing (this=0x7d3a18)
at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:395
#12 0x00007ffff387f8ad in WebCore::HTMLTreeBuilder::finished (this=0x7d3a00) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2997
#13 0x00007ffff384cdb0 in WebCore::HTMLDocumentParser::end (this=0xa19ac0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:451
#14 0x00007ffff384ce9b in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0xa19ac0)
at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:462
#15 0x00007ffff384ba09 in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0xa19ac0)
at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:165
#16 0x00007ffff384cede in WebCore::HTMLDocumentParser::attemptToEnd (this=0xa19ac0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:474
#17 0x00007ffff384cf95 in WebCore::HTMLDocumentParser::finish (this=0xa19ac0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:502
#18 0x00007ffff399c935 in WebCore::DocumentWriter::end (this=0x934570) at ../../Source/WebCore/loader/DocumentWriter.cpp:250
#19 0x00007ffff398998b in WebCore::DocumentLoader::finishedLoading (this=0x9344d0, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:441
#20 0x00007ffff39896f4 in WebCore::DocumentLoader::notifyFinished (this=0x9344d0, resource=0x81a8e0)
at ../../Source/WebCore/loader/DocumentLoader.cpp:375
#21 0x00007ffff3a2ff8d in WebCore::CachedResource::checkNotify (this=0x81a8e0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:334
#22 0x00007ffff3a30074 in WebCore::CachedResource::finishLoading (this=0x81a8e0) at ../../Source/WebCore/loader/cache/CachedResource.cpp:350
#23 0x00007ffff3a2d02e in WebCore::CachedRawResource::finishLoading (this=0x81a8e0, data=0x774de0)
at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:98
#24 0x00007ffff39e3cc4 in WebCore::SubresourceLoader::didFinishLoading (this=0x81ae10, finishTime=0)
at ../../Source/WebCore/loader/SubresourceLoader.cpp:310
#25 0x00007ffff39e01b1 in WebCore::ResourceLoader::didFinishLoading (this=0x81ae10, finishTime=0)
at ../../Source/WebCore/loader/ResourceLoader.cpp:517
#26 0x00007ffff42a1205 in WebCore::readCallback (asyncResult=0x8c69d0, data=0x81beb0)
at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1302
#27 0x00007fffec2862ea in async_ready_callback_wrapper (source_object=0x98cb30, res=0x8c69d0, user_data=0x81beb0) at ginputstream.c:519
#28 0x00007fffec2a5ceb in g_task_return_now (task=0x8c69d0) at gtask.c:1108
#29 0x00007fffec2a5d09 in complete_in_idle_cb (task=0x8c69d0) at gtask.c:1117
#30 0x00007fffeb4fc2e6 in g_main_dispatch (context=0x677bb0) at gmain.c:3065
#31 g_main_context_dispatch (context=context at entry=0x677bb0) at gmain.c:3641
#32 0x00007fffeb4fc638 in g_main_context_iterate (context=0x677bb0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>)
at gmain.c:3712
#33 0x00007fffeb4fca3a in g_main_loop_run (loop=0x70c750) at gmain.c:3906
#34 0x00007ffff3077542 in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59
#35 0x00007ffff2fb063e in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffda38)
at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#36 0x00007ffff2fb04a3 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffda38) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:73
#37 0x000000000040085d in main (argc=2, argv=0x7fffffffda38) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:32
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list