[Webkit-unassigned] [Bug 137954] New: ASSERTION FAILED: !document.inPageCache() in WebCore::FrameView::layout

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Oct 22 05:30:57 PDT 2014 

https://bugs.webkit.org/show_bug.cgi?id=137954

            Bug ID: 137954
           Summary: ASSERTION FAILED: !document.inPageCache() in
                    WebCore::FrameView::layout
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Frames
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rhodovan.u-szeged at partner.samsung.com
                CC: akling at apple.com, darin at apple.com
            Blocks: 116980

Created attachment 240268
  --> https://bugs.webkit.org/attachment.cgi?id=240268&action=review
Test case

The failing test case:

<!DOCTYPE html>
<script>
function test() {
    document.execCommand("selectAll", false, null);
    document.execCommand("unlink"   ,true,   null);
    window.open("chrome-extension://foo.bar","_top","toolbar=0,width=10",false);
}
</script>
<body onload='test()'>
<object>


Backtrace:

ASSERTION FAILED: !document.inPageCache()
../../Source/WebCore/page/FrameView.cpp(1160) : void WebCore::FrameView::layout(bool)

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff98c1f700 (LWP 3602)]
0x00007fffedae91b5 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321     *(int *)(uintptr_t)0xbbadbeef = 0;
#0  0x00007fffedae91b5 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007ffff365f4fb in WebCore::FrameView::layout (this=0x84ff60, allowSubtree=true) at ../../Source/WebCore/page/FrameView.cpp:1160
#2  0x00007ffff302a527 in WebCore::Document::updateLayout (this=0x788a60) at ../../Source/WebCore/dom/Document.cpp:1868
#3  0x00007ffff302a62a in WebCore::Document::updateLayoutIgnorePendingStylesheets (this=0x788a60, runPostLayoutTasks=WebCore::Document::Asynchronously) at ../../Source/WebCore/dom/Document.cpp:1900
#4  0x00007ffff31a8319 in WebCore::updateSelectionByUpdatingLayoutOrStyle (frame=...) at ../../Source/WebCore/editing/FrameSelection.cpp:350
#5  0x00007ffff31aecf5 in WebCore::FrameSelection::absoluteCaretBounds (this=0x899910) at ../../Source/WebCore/editing/FrameSelection.cpp:1361
#6  0x00007ffff29dc0c1 in WebKit::WebPage::editorState (this=0x97a030) at ../../Source/WebKit2/WebProcess/WebPage/WebPage.cpp:781
#7  0x00007ffff29e93e1 in WebKit::WebPage::didChangeSelection (this=0x97a030) at ../../Source/WebKit2/WebProcess/WebPage/WebPage.cpp:4331
#8  0x00007ffff2999693 in WebKit::WebEditorClient::respondToChangedSelection (this=0xb06210, frame=0x898e20) at ../../Source/WebKit2/WebProcess/WebCoreSupport/WebEditorClient.cpp:194
#9  0x00007ffff3197941 in WebCore::Editor::respondToChangedSelection (this=0x899660, options=6) at ../../Source/WebCore/editing/Editor.cpp:3313
#10 0x00007ffff31a80c8 in WebCore::FrameSelection::setSelectionWithoutUpdatingAppearance (this=0x899910, newSelectionPossiblyWithoutDirection=..., options=6, align=WebCore::FrameSelection::AlignCursorOnScrollIfNeeded, granularity=WebCore::CharacterGranularity) at ../../Source/WebCore/editing/FrameSelection.cpp:317
#11 0x00007ffff31ae53d in WebCore::FrameSelection::prepareForDestruction (this=0x899910) at ../../Source/WebCore/editing/FrameSelection.cpp:1284
#12 0x00007ffff3510685 in WebCore::FrameLoader::clear (this=0x898eb8, newDocument=0x8ab330, clearWindowProperties=true, clearScriptObjects=true, clearFrameView=true) at ../../Source/WebCore/loader/FrameLoader.cpp:629
#13 0x00007ffff35029a1 in WebCore::DocumentWriter::begin (this=0xa7bb50, urlReference=..., dispatch=false, ownerDocument=0x0) at ../../Source/WebCore/loader/DocumentWriter.cpp:140
#14 0x00007ffff34f0726 in WebCore::DocumentLoader::commitData (this=0xa7bab0, bytes=0xa7e110 "<html><body>URL cannot be shown</body></html>", length=45) at ../../Source/WebCore/loader/DocumentLoader.cpp:790
#15 0x00007ffff29a20c7 in WebKit::WebFrameLoaderClient::committedLoad (this=0x97a800, loader=0xa7bab0, data=0xa7e110 "<html><body>URL cannot be shown</body></html>", length=45) at ../../Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:891
#16 0x00007ffff34f0575 in WebCore::DocumentLoader::commitLoad (this=0xa7bab0, data=0xa7e110 "<html><body>URL cannot be shown</body></html>", length=45) at ../../Source/WebCore/loader/DocumentLoader.cpp:771
#17 0x00007ffff34f0bb9 in WebCore::DocumentLoader::dataReceived (this=0xa7bab0, resource=0x0, data=0xa7e110 "<html><body>URL cannot be shown</body></html>", length=45) at ../../Source/WebCore/loader/DocumentLoader.cpp:888
#18 0x00007ffff34f0400 in WebCore::DocumentLoader::continueAfterContentPolicy (this=0xa7bab0, policy=WebCore::PolicyUse) at ../../Source/WebCore/loader/DocumentLoader.cpp:750
#19 0x00007ffff34efafc in WebCore::DocumentLoader::responseReceived (this=0xa7bab0, resource=0x0, response=...) at ../../Source/WebCore/loader/DocumentLoader.cpp:653
#20 0x00007ffff34eea49 in WebCore::DocumentLoader::handleSubstituteDataLoadNow (this=0xa7bab0) at ../../Source/WebCore/loader/DocumentLoader.cpp:476
#21 0x00007ffff34fdbcc in std::_Mem_fn<void (WebCore::DocumentLoader::*)(WebCore::Timer<WebCore::DocumentLoader>*)>::operator()<WebCore::Timer<WebCore::DocumentLoader>*&, void> (this=0xa3b250, __object=0xa7bab0) at /usr/include/c++/4.8/functional:601
#22 0x00007ffff34fcf8d in std::_Bind<std::_Mem_fn<void (WebCore::DocumentLoader::*)(WebCore::Timer<WebCore::DocumentLoader>*)> (WebCore::DocumentLoader*, WebCore::Timer<WebCore::DocumentLoader>*)>::__call<void, , 0ul, 1ul>(std::tuple<>&&, std::_Index_tuple<0ul, 1ul>) (this=0xa3b250, __args=<unknown type in /home/reni/data/REPOS/webkit/WebKitBuild/Debug/lib/libwebkit2gtk-4.0.so.37, CU 0x2988f338, DIE 0x299c22c1>) at /usr/include/c++/4.8/functional:1296
#23 0x00007ffff34fbb20 in std::_Bind<std::_Mem_fn<void (WebCore::DocumentLoader::*)(WebCore::Timer<WebCore::DocumentLoader>*)> (WebCore::DocumentLoader*, WebCore::Timer<WebCore::DocumentLoader>*)>::operator()<, void>() (this=0xa3b250) at /usr/include/c++/4.8/functional:1355
#24 0x00007ffff34fa06f in std::_Function_handler<void (), std::_Bind<std::_Mem_fn<void (WebCore::DocumentLoader::*)(WebCore::Timer<WebCore::DocumentLoader>*)> (WebCore::DocumentLoader*, WebCore::Timer<WebCore::DocumentLoader>*)> >::_M_invoke(std::_Any_data const&) (__functor=...) at /usr/include/c++/4.8/functional:2071
#25 0x00007ffff26dc5a6 in std::function<void ()>::operator()() const (this=0xa7c340) at /usr/include/c++/4.8/functional:2464
#26 0x00007ffff34feb54 in WebCore::Timer<WebCore::DocumentLoader>::fired (this=0xa7c308) at ../../Source/WebCore/platform/Timer.h:133
#27 0x00007ffff373bd1f in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0xb028b0) at ../../Source/WebCore/platform/ThreadTimers.cpp:132
#28 0x00007ffff373bbcd in WebCore::ThreadTimers::sharedTimerFired () at ../../Source/WebCore/platform/ThreadTimers.cpp:107
#29 0x00007ffff3bf37a3 in std::_Function_handler<void (), void (*)()>::_M_invoke(std::_Any_data const&) (__functor=...) at /usr/include/c++/4.8/functional:2071
#30 0x00007ffff26dc5a6 in std::function<void ()>::operator()() const (this=0x7fffffffd4a8) at /usr/include/c++/4.8/functional:2464
#31 0x00007fffedb32896 in WTF::GMainLoopSource::voidCallback (this=0x7ffff7dd7f60 <WebCore::gSharedTimer>) at ../../Source/WTF/wtf/gobject/GMainLoopSource.cpp:364
#32 0x00007fffedb32ff7 in WTF::GMainLoopSource::voidSourceCallback (source=0x7ffff7dd7f60 <WebCore::gSharedTimer>) at ../../Source/WTF/wtf/gobject/GMainLoopSource.cpp:454
#33 0x00007fffedb31a13 in WTF::__lambda0::operator() (__closure=0x0, source=0x8add20, callback=0x7fffedb32fd4 <WTF::GMainLoopSource::voidSourceCallback(WTF::GMainLoopSource*)>, userData=0x7ffff7dd7f60 <WebCore::gSharedTimer>) at ../../Source/WTF/wtf/gobject/GMainLoopSource.cpp:247
#34 0x00007fffedb31a81 in WTF::__lambda0::_FUN (source=0x8add20, callback=0x7fffedb32fd4 <WTF::GMainLoopSource::voidSourceCallback(WTF::GMainLoopSource*)>, userData=0x7ffff7dd7f60 <WebCore::gSharedTimer>) at ../../Source/WTF/wtf/gobject/GMainLoopSource.cpp:251
#35 0x00007fffeaad1a2d in g_main_dispatch (context=0x6777f0) at gmain.c:3064
#36 g_main_context_dispatch (context=context at entry=0x6777f0) at gmain.c:3663
#37 0x00007fffeaad1d98 in g_main_context_iterate (context=0x6777f0, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at gmain.c:3734
#38 0x00007fffeaad205a in g_main_loop_run (loop=0xb00db0) at gmain.c:3928
#39 0x00007ffff457c386 in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59
#40 0x00007ffff2ad6a46 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd8b8) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#41 0x00007ffff2ad68ab in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd8b8) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:73
#42 0x0000000000400871 in main (argc=2, argv=0x7fffffffd8b8) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141022/bc879320/attachment-0002.html>

More information about the webkit-unassigned mailing list