[Webkit-unassigned] [Bug 179917] New: WebDriver: crash in Session::computeElementLayout when called without a current browsing context

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Nov 21 05:18:50 PST 2017 

https://bugs.webkit.org/show_bug.cgi?id=179917

            Bug ID: 179917
           Summary: WebDriver: crash in Session::computeElementLayout when
                    called without a current browsing context
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebDriver
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: cgarcia at igalia.com
                CC: bburg at apple.com

In the case of computeElementLayout message, the frameHandle parameter is not optional, but we still need to provide a valid value (empty string means the default frame) when m_currentBrowsingContext is std::nullopt. The same applies to selectOptionElement.

#0  0x00007ffaefa27c3f in Inspector::InspectorValue::create(WTF::String const&) () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#1  0x00005619b41707e7 in Inspector::InspectorObjectBase::setString(WTF::String const&, WTF::String const&) ()
#2  0x00005619b4166ac2 in WebDriver::Session::computeElementLayout(WTF::String const&, WTF::OptionSet<WebDriver::Session::ElementLayoutOption>, WTF::Function<void (std::optional<WebDriver::Session::Rect>&&, std::optional<WebDriver::Session::Point>&&, bool, WTF::RefPtr<Inspector::InspectorObject>&&)>&&) ()
#3  0x00005619b4166e5c in WebDriver::Session::elementClick(WTF::String const&, WTF::Function<void (WebDriver::CommandResult&&)>&&) ()
#4  0x00005619b4176ff2 in WebDriver::WebDriverService::elementClick(WTF::RefPtr<Inspector::InspectorObject>&&, WTF::Function<void (WebDriver::CommandResult&&)>&&) ()
#5  0x00005619b417cf61 in WebDriver::WebDriverService::handleRequest(WebDriver::HTTPRequestHandler::Request&&, WTF::Function<void (WebDriver::HTTPRequestHandler::Response&&)>&&) ()
#6  0x00005619b4182bdd in WebDriver::HTTPServer::listen(unsigned int)::{lambda(_SoupServer*, _SoupMessage*, char const*, _GHashTable*, SoupClientContext*, void*)#1}::_FUN(_SoupServer*, _SoupMessage*, char const*, _GHashTable*, SoupClientContext*, void*) ()
#7  0x00007ffaeef0c00f in call_handler (early=0, msg=0x5619b4a34390, client=0x5619b4a30c00, handler=0x5619b4a04640, server=0x5619b4a258c0) at soup-server.c:1259
#8  got_body (msg=0x5619b4a34390, client=0x5619b4a30c00) at soup-server.c:1400
#9  0x00007ffaec66b62d in g_closure_invoke (closure=0x5619b4a3ae40, return_value=0x0, n_param_values=1, param_values=0x7ffe4332f550, invocation_hint=0x7ffe4332f4f0) at gclosure.c:804
#10 0x00007ffaec67e50e in signal_emit_unlocked_R (node=node at entry=0x5619b4a31b00, detail=detail at entry=0, instance=instance at entry=0x5619b4a34390, emission_return=emission_return at entry=0x0, 
    instance_and_params=instance_and_params at entry=0x7ffe4332f550) at gsignal.c:3635
#11 0x00007ffaec686eb5 in g_signal_emit_valist (instance=0x5619b4a34390, signal_id=<optimized out>, detail=0, var_args=var_args at entry=0x7ffe4332f6e8) at gsignal.c:3391
#12 0x00007ffaec687872 in g_signal_emit (instance=instance at entry=0x5619b4a34390, signal_id=<optimized out>, detail=detail at entry=0) at gsignal.c:3447
#13 0x00007ffaeef003ef in soup_message_got_body (msg=msg at entry=0x5619b4a34390) at soup-message.c:1140
#14 0x00007ffaeef04b1a in io_read (msg=msg at entry=0x5619b4a34390, blocking=blocking at entry=0, cancellable=cancellable at entry=0x0, error=error at entry=0x7ffe4332f898) at soup-message-io.c:781
#15 0x00007ffaeef051d6 in io_run_until (msg=msg at entry=0x5619b4a34390, blocking=blocking at entry=0, read_state=read_state at entry=SOUP_MESSAGE_IO_STATE_DONE, 
    write_state=write_state at entry=SOUP_MESSAGE_IO_STATE_DONE, cancellable=cancellable at entry=0x0, error=error at entry=0x7ffe4332f8e8) at soup-message-io.c:977
#16 0x00007ffaeef05bab in io_run (msg=msg at entry=0x5619b4a34390, blocking=blocking at entry=0) at soup-message-io.c:1048
#17 0x00007ffaeef05e28 in soup_message_io_server (msg=msg at entry=0x5619b4a34390, iostream=<optimized out>, async_context=<optimized out>, 
    get_headers_cb=get_headers_cb at entry=0x7ffaeef06900 <get_response_headers>, parse_headers_cb=parse_headers_cb at entry=0x7ffaeef06490 <parse_request_headers>, 
    header_data=header_data at entry=0x5619b4a2b440, completion_cb=0x7ffaeef0bdf0 <request_finished>, completion_data=0x5619b4a30c00) at soup-message-io.c:1252
#18 0x00007ffaeef06e07 in soup_message_read_request (msg=0x5619b4a34390, sock=0x5619b4a2b440, use_thread_context=<optimized out>, completion_cb=0x7ffaeef0bdf0 <request_finished>, 
    user_data=0x5619b4a30c00) at soup-message-server-io.c:304
#19 0x00007ffaec66e5b5 in g_cclosure_marshal_VOID__OBJECTv (closure=0x5619b4a2f840, return_value=<optimized out>, instance=<optimized out>, args=<optimized out>, 
    marshal_data=<optimized out>, n_params=<optimized out>, param_types=0x5619b4a1d300) at gmarshal.c:2102
#20 0x00007ffaec66b866 in _g_closure_invoke_va (closure=0x5619b4a2f840, return_value=0x0, instance=0x5619b4a2b100, args=0x7ffe4332fbc8, n_params=1, param_types=0x5619b4a1d300)
    at gclosure.c:867
#21 0x00007ffaec687196 in g_signal_emit_valist (instance=0x5619b4a2b100, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args at entry=0x7ffe4332fbc8) at gsignal.c:3300
#22 0x00007ffaec687872 in g_signal_emit (instance=instance at entry=0x5619b4a2b100, signal_id=<optimized out>, detail=detail at entry=0) at gsignal.c:3447
#23 0x00007ffaeef192ef in listen_watch (pollable=<optimized out>, data=0x5619b4a2b100) at soup-socket.c:1237
#24 0x00007ffaebd06405 in g_main_dispatch (context=0x5619b4a1fd40) at gmain.c:3148
#25 g_main_context_dispatch (context=context at entry=0x5619b4a1fd40) at gmain.c:3813
#26 0x00007ffaebd067a8 in g_main_context_iterate (context=0x5619b4a1fd40, block=block at entry=1, dispatch=dispatch at entry=1, self=<optimized out>) at gmain.c:3886
#27 0x00007ffaebd06ab2 in g_main_loop_run (loop=0x5619b4a1a7b0) at gmain.c:4082
#28 0x00007ffaeff49ef8 in WTF::RunLoop::run() () from /home/cgarcia/src/git/gnome/WebKit/WebKitBuild/Release/lib/libjavascriptcoregtk-4.0.so.18
#29 0x00005619b4174bcc in WebDriver::WebDriverService::run(int, char**) ()
#30 0x00005619b415555e in main ()

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20171121/f6f208f2/attachment.html>

More information about the webkit-unassigned mailing list