[Webkit-unassigned] [Bug 143519] New: ASSERTION FAILED: m_templateInsertionModes.isEmpty() in WebCore::HTMLTreeBuilder::finished

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Apr 8 05:26:52 PDT 2015 

https://bugs.webkit.org/show_bug.cgi?id=143519

            Bug ID: 143519
           Summary: ASSERTION FAILED: m_templateInsertionModes.isEmpty()
                    in WebCore::HTMLTreeBuilder::finished
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML DOM
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rhodovan.u-szeged at partner.samsung.com
                CC: cdumez at apple.com, darin at apple.com
            Blocks: 116980

Created attachment 250345
  --> https://bugs.webkit.org/attachment.cgi?id=250345&action=review
Test case

Load this test with debug WebKit:


<!DOCTYPE html>
<ins></ins>
<template>
    <frameset></frameset>
</template>


Note: the issue is present, reported but isn't fixed yet in Blink either: http://crbug.com/475002


Backtrace:

ASSERTION FAILED: m_templateInsertionModes.isEmpty()
../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp(2937) : void WebCore::HTMLTreeBuilder::finished()

Program received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fff8f53b700 (LWP 11681)]
0x00007fffed3987a4 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321        *(int *)(uintptr_t)0xbbadbeef = 0;
#0  0x00007fffed3987a4 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1  0x00007ffff30f2050 in WebCore::HTMLTreeBuilder::finished (this=0x7fffd57e7480) at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2937
#2  0x00007ffff30bdfee in WebCore::HTMLDocumentParser::end (this=0x7fffd4017cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:402
#3  0x00007ffff30be0bc in WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd (this=0x7fffd4017cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:411
#4  0x00007ffff30bcd6c in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x7fffd4017cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:132
#5  0x00007ffff30be0f3 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x7fffd4017cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:423
#6  0x00007ffff30be1a1 in WebCore::HTMLDocumentParser::finish (this=0x7fffd4017cc0) at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:451
#7  0x00007ffff3227b5b in WebCore::DocumentWriter::end (this=0x7fffd401aca0) at ../../Source/WebCore/loader/DocumentWriter.cpp:247
#8  0x00007ffff321320b in WebCore::DocumentLoader::finishedLoading (this=0x7fffd401ac00, finishTime=0) at ../../Source/WebCore/loader/DocumentLoader.cpp:429
#9  0x00007ffff3212f74 in WebCore::DocumentLoader::notifyFinished (this=0x7fffd401ac00, resource=0x7fffd403e000) at ../../Source/WebCore/loader/DocumentLoader.cpp:376
#10 0x00007ffff32c7348 in WebCore::CachedResource::checkNotify (this=0x7fffd403e000) at ../../Source/WebCore/loader/cache/CachedResource.cpp:291
#11 0x00007ffff32c7446 in WebCore::CachedResource::finishLoading (this=0x7fffd403e000) at ../../Source/WebCore/loader/cache/CachedResource.cpp:307
#12 0x00007ffff32c39c5 in WebCore::CachedRawResource::finishLoading (this=0x7fffd403e000, data=0x7fffd5fcf750) at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:104
#13 0x00007ffff3276c45 in WebCore::SubresourceLoader::didFinishLoading (this=0x7fffd40b0000, finishTime=0) at ../../Source/WebCore/loader/SubresourceLoader.cpp:371
#14 0x00007ffff3272597 in WebCore::ResourceLoader::didFinishLoading (this=0x7fffd40b0000, finishTime=0) at ../../Source/WebCore/loader/ResourceLoader.cpp:562
#15 0x00007ffff3c1cd7d in WebCore::readCallback (asyncResult=0x9371a0, data=0x7fffd5fc6da0) at ../../Source/WebCore/platform/network/soup/ResourceHandleSoup.cpp:1318
#16 0x00007fffeae7f7d6 in async_ready_callback_wrapper (source_object=0x82f670, res=0x9371a0, user_data=user_data at entry=0x7fffd5fc6da0) at ginputstream.c:523
#17 0x00007fffeaea50d5 in g_task_return_now (task=0x9371a0) at gtask.c:1077
#18 0x00007fffeaea50f9 in complete_in_idle_cb (task=0x9371a0) at gtask.c:1086
#19 0x00007fffea15da2d in g_main_dispatch (context=0x478c20) at gmain.c:3064
#20 g_main_context_dispatch (context=context at entry=0x478c20) at gmain.c:3663
#21 0x00007fffea15dd98 in g_main_context_iterate (context=0x478c20, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at gmain.c:3734
#22 0x00007fffea15e05a in g_main_loop_run (loop=0x4f8470) at gmain.c:3928
#23 0x00007ffff431a260 in WTF::RunLoop::run () at ../../Source/WTF/wtf/gtk/RunLoopGtk.cpp:59
#24 0x00007ffff27f7192 in WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain> (argc=2, argv=0x7fffffffd8f8) at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#25 0x00007ffff27f6ff7 in WebKit::WebProcessMainUnix (argc=2, argv=0x7fffffffd8f8) at ../../Source/WebKit2/WebProcess/gtk/WebProcessMainGtk.cpp:77
#26 0x00000000004008d1 in main (argc=2, argv=0x7fffffffd8f8) at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20150408/3b93ca1f/attachment.html>

More information about the webkit-unassigned mailing list