[Webkit-unassigned] [Bug 138211] New: [GTK] [Stable] Crash in EventPath::updateTouchLists()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Oct 30 02:55:46 PDT 2014 

https://bugs.webkit.org/show_bug.cgi?id=138211

            Bug ID: 138211
           Summary: [GTK] [Stable] Crash in EventPath::updateTouchLists()
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebKit Gtk
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: berto at igalia.com

This happens while browsing http://www.ekinops.net/ with WebKitGTK+ 2.4.7. The 2.6 series does not seem to be affected.

Here's a backtrace from the debug build:

(gdb) bt
#0  0x00007ffff38ddc7e in WTF::Vector<WTF::RefPtr<WebCore::Touch>, 0ul, WTF::CrashOnOverflow>::size (this=0x8) at ../../Source/WTF/wtf/Vector.h:576
#1  0x00007ffff3bb36f8 in WebCore::TouchList::length (this=0x0) at ../../Source/WebCore/dom/TouchList.h:46
#2  0x00007ffff3bb4f86 in WebCore::EventPath::updateTouchLists (this=0x7fffffffbd10, touchEvent=...) at ../../Source/WebCore/dom/EventDispatcher.cpp:438
#3  0x00007ffff3bb45f2 in WebCore::EventDispatcher::dispatchEvent (origin=0x7f3b80, prpEvent=...) at ../../Source/WebCore/dom/EventDispatcher.cpp:316
#4  0x00007ffff3be92ed in WebCore::Node::dispatchTouchEvent (this=0x7f3b80, event=...) at ../../Source/WebCore/dom/Node.cpp:2068
#5  0x00007ffff3be8f71 in WebCore::Node::dispatchEvent (this=0x7f3b80, event=...) at ../../Source/WebCore/dom/Node.cpp:2035
#6  0x00007ffff3bbd9df in WebCore::EventTarget::dispatchEvent (this=0x7f3b80, event=..., ec=@0x7fffffffbfcc: 0) at ../../Source/WebCore/dom/EventTarget.cpp:152
#7  0x00007ffff4760e3a in WebCore::jsNodePrototypeFunctionDispatchEvent (exec=0x7fff8c7f8ec8) at DerivedSources/WebCore/JSNode.cpp:768
#8  0x00007fff97fff0e5 in ?? ()
#9  0x00007fff8c7f8f48 in ?? ()
#10 0x00007ffff15dc601 in llint_op_call () from WebKitBuild/Debug/.libs/libjavascriptcoregtk-3.0.so.0
#11 0x00007fff97fff8e0 in ?? ()
#12 0x00000000008a5e20 in ?? ()
#13 0x00000000008bcb70 in ?? ()
#14 0x00007fffec5bbbc0 in ?? () from /lib/x86_64-linux-gnu/libglib-2.0.so.0
#15 0x0000000000961380 in ?? ()
#16 0x00007ffff38d24fa in WebCore::JSDOMWindowBase::supportsProfiling (object=0x7fff97fff8e0) at ../../Source/WebCore/bindings/js/JSDOMWindowBase.cpp:121
#17 0x00007fffffffc0d0 in ?? ()
#18 0x00007ffff15939e0 in JSC::JITCode::execute (this=0xf0458b4832eb0000, vm=0xb8077500f07d, protoCallFrame=0x8348f04589480000, topOfStack=0xd90e8c7894860c0)
    at ../../Source/JavaScriptCore/jit/JITCode.cpp:48
Backtrace stopped: previous frame inner to this frame (corrupt stack?)

#2  0x00007ffff3bb4f86 in WebCore::EventPath::updateTouchLists (this=0x7fffffffbd10, touchEvent=...) at ../../Source/WebCore/dom/EventDispatcher.cpp:438
438        const size_t touchNodeCount = touchEvent.touches()->length() + touchEvent.targetTouches()->length() + touchEvent.changedTouches()->length();
(gdb) print touchEvent.touches()
$6 = (WebCore::TouchList *) 0x0
(gdb) print touchEvent.targetTouches()
$7 = (WebCore::TouchList *) 0x0
(gdb) print touchEvent.changedTouches()
$8 = (WebCore::TouchList *) 0x0

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141030/a8f9901c/attachment-0002.html>

More information about the webkit-unassigned mailing list