<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - ASSERTION FAILED: inDocument() in WebCore::HTMLFrameOwnerElement::setContentFrame"
href="https://bugs.webkit.org/show_bug.cgi?id=151035">151035</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>ASSERTION FAILED: inDocument() in WebCore::HTMLFrameOwnerElement::setContentFrame
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Local Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>WebCore Misc.
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>rhodovan.u-szeged@partner.samsung.com
</td>
</tr>
<tr>
<th>CC</th>
<td>ap@webkit.org, cdumez@apple.com
</td>
</tr>
<tr>
<th>Blocks</th>
<td>116980
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=265064" name="attach_265064" title="Test">attachment 265064</a> <a href="attachment.cgi?id=265064&action=edit" title="Test">[details]</a></span>
Test
Load the attached test with debug MiniBrowser:
a<big>
<style>
* {
-webkit-nbsp-mode:space;
}
</style>
<video controls ></video>
<object data="aaaaaaaaaaaaaaaaa"></object>
<script>
document.designMode = 'on';
document.execCommand("selectAll", false, null);
document.execCommand("indent" , true , null);
</script>
OS: Ubuntu 15.04 x86_64
Checked build: debug EFL
Checked version: 009fb33
Backtrace:
ASSERTION FAILED: inDocument()
../../Source/WebCore/html/HTMLFrameOwnerElement.cpp(57) : void WebCore::HTMLFrameOwnerElement::setContentFrame(WebCore::Frame*)
1 0x7f2c881fff97 WTFCrash
2 0x7f2c8e5702fb WebCore::HTMLFrameOwnerElement::setContentFrame(WebCore::Frame*)
3 0x7f2c8e8c55e6 WebCore::Frame::Frame(WebCore::Page&, WebCore::HTMLFrameOwnerElement*, WebCore::FrameLoaderClient&)
4 0x7f2c8e8c5805 WebCore::Frame::create(WebCore::Page*, WebCore::HTMLFrameOwnerElement*, WebCore::FrameLoaderClient*)
5 0x7f2c8df60aac WebKit::WebFrame::createSubframe(WebKit::WebPage*, WTF::String const&, WebCore::HTMLFrameOwnerElement*)
6 0x7f2c8df2f120 WebKit::WebFrameLoaderClient::createFrame(WebCore::URL const&, WTF::String const&, WebCore::HTMLFrameOwnerElement*, WTF::String const&, bool, int, int)
7 0x7f2c8e7da9d9 WebCore::SubframeLoader::loadSubframe(WebCore::HTMLFrameOwnerElement&, WebCore::URL const&, WTF::String const&, WTF::String const&)
8 0x7f2c8e7da716 WebCore::SubframeLoader::loadOrRedirectSubframe(WebCore::HTMLFrameOwnerElement&, WebCore::URL const&, WTF::AtomicString const&, WebCore::LockHistory, WebCore::LockBackForwardList)
9 0x7f2c8e7d9e77 WebCore::SubframeLoader::requestObject(WebCore::HTMLPlugInImageElement&, WTF::String const&, WTF::AtomicString const&, WTF::String const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul> const&)
10 0x7f2c8e5c8975 WebCore::HTMLPlugInImageElement::requestObject(WTF::String const&, WTF::String const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul> const&, WTF::Vector<WTF::String, 0ul, WTF::CrashOnOverflow, 16ul> const&)
11 0x7f2c8e5bb2e9 WebCore::HTMLObjectElement::updateWidget(WebCore::PluginCreationOption)
12 0x7f2c8e5c5773 WebCore::HTMLPlugInImageElement::updateWidgetIfNecessary()
13 0x7f2c8e5c537f
14 0x7f2c8e5c8b58
15 0x7f2c8db15a82 std::function<void ()>::operator()() const
16 0x7f2c8edce28d WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler()
17 0x7f2c8e332428 WebCore::Document::recalcStyle(WebCore::Style::Change)
18 0x7f2c8e332713 WebCore::Document::updateStyleIfNeeded()
19 0x7f2c8e332810 WebCore::Document::updateLayout()
20 0x7f2c8e332992 WebCore::Document::updateLayoutIgnorePendingStylesheets(WebCore::Document::RunPostLayoutTasks)
21 0x7f2c8e22d4eb WebCore::AccessibilityObject::updateBackingStore()
22 0x7f2c8eedd13c
23 0x7f2c8223af70
24 0x7f2c8455594b g_object_get_property
25 0x7f2c8223a05b
26 0x7f2c8454cf15 g_closure_invoke
27 0x7f2c8455ef6b
28 0x7f2c84568198 g_signal_emit_valist
29 0x7f2c845683ff g_signal_emit
30 0x7f2c845516c5
31 0x7f2c84553c71 g_object_notify
Aborted (core dumped)
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007f2c881fff9c in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321 *(int *)(uintptr_t)0xbbadbeef = 0;
#0 0x00007f2c881fff9c in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1 0x00007f2c8e5702fb in WebCore::HTMLFrameOwnerElement::setContentFrame (this=0x7f2c6f6a9708, frame=0x7f2c24aec000) at ../../Source/WebCore/html/HTMLFrameOwnerElement.cpp:57
#2 0x00007f2c8e8c55e6 in WebCore::Frame::Frame (this=0x7f2c24aec000, page=..., ownerElement=0x7f2c6f6a9708, frameLoaderClient=...) at ../../Source/WebCore/page/Frame.cpp:188
#3 0x00007f2c8e8c5805 in WebCore::Frame::create (page=0x7f2c6f403bc0, ownerElement=0x7f2c6f6a9708, client=0x210d7b0) at ../../Source/WebCore/page/Frame.cpp:212
#4 0x00007f2c8df60aac in WebKit::WebFrame::createSubframe (page=0x7f2c6f403440, frameName=..., ownerElement=0x7f2c6f6a9708) at ../../Source/WebKit2/WebProcess/WebPage/WebFrame.cpp:129
#5 0x00007f2c8df2f120 in WebKit::WebFrameLoaderClient::createFrame (this=0x1df8eb0, url=..., name=..., ownerElement=0x7f2c6f6a9708, referrer=...) at ../../Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:1388
#6 0x00007f2c8e7da9d9 in WebCore::SubframeLoader::loadSubframe (this=0x1df9ed0, ownerElement=..., url=..., name=..., referrer=...) at ../../Source/WebCore/loader/SubframeLoader.cpp:326
#7 0x00007f2c8e7da716 in WebCore::SubframeLoader::loadOrRedirectSubframe (this=0x1df9ed0, ownerElement=..., url=..., frameName=..., lockHistory=WebCore::LockHistory::Yes, lockBackForwardList=WebCore::LockBackForwardList::Yes) at ../../Source/WebCore/loader/SubframeLoader.cpp:290
#8 0x00007f2c8e7d9e77 in WebCore::SubframeLoader::requestObject (this=0x1df9ed0, ownerElement=..., url=..., frameName=..., mimeType=..., paramNames=..., paramValues=...) at ../../Source/WebCore/loader/SubframeLoader.cpp:233
#9 0x00007f2c8e5c8975 in WebCore::HTMLPlugInImageElement::requestObject (this=0x7f2c6f6a9708, url=..., mimeType=..., paramNames=..., paramValues=...) at ../../Source/WebCore/html/HTMLPlugInImageElement.cpp:764
#10 0x00007f2c8e5bb2e9 in WebCore::HTMLObjectElement::updateWidget (this=0x7f2c6f6a9708, pluginCreationOption=WebCore::CreateOnlyNonNetscapePlugins) at ../../Source/WebCore/html/HTMLObjectElement.cpp:331
#11 0x00007f2c8e5c5773 in WebCore::HTMLPlugInImageElement::updateWidgetIfNecessary (this=0x7f2c6f6a9708) at ../../Source/WebCore/html/HTMLPlugInImageElement.cpp:287
#12 0x00007f2c8e5c537f in WebCore::HTMLPlugInImageElement::<lambda()>::operator()(void) const (__closure=0x210dbd0) at ../../Source/WebCore/html/HTMLPlugInImageElement.cpp:250
#13 0x00007f2c8e5c8b58 in std::_Function_handler<void(), WebCore::HTMLPlugInImageElement::didAttachRenderers()::<lambda()> >::_M_invoke(const std::_Any_data &) (__functor=...) at /usr/include/c++/4.9/functional:2039
#14 0x00007f2c8db15a82 in std::function<void ()>::operator()() const (this=0x7f2c6f644220) at /usr/include/c++/4.9/functional:2439
#15 0x00007f2c8edce28d in WebCore::Style::PostResolutionCallbackDisabler::~PostResolutionCallbackDisabler (this=0x7fff26af1cbd, __in_chrg=<optimized out>) at ../../Source/WebCore/style/StyleResolveTree.cpp:966
#16 0x00007f2c8e332428 in WebCore::Document::recalcStyle (this=0x7f2c6f426a40, change=WebCore::Style::NoChange) at ../../Source/WebCore/dom/Document.cpp:1849
#17 0x00007f2c8e332713 in WebCore::Document::updateStyleIfNeeded (this=0x7f2c6f426a40) at ../../Source/WebCore/dom/Document.cpp:1892
#18 0x00007f2c8e332810 in WebCore::Document::updateLayout (this=0x7f2c6f426a40) at ../../Source/WebCore/dom/Document.cpp:1911
#19 0x00007f2c8e332992 in WebCore::Document::updateLayoutIgnorePendingStylesheets (this=0x7f2c6f426a40, runPostLayoutTasks=WebCore::Document::RunPostLayoutTasks::Asynchronously) at ../../Source/WebCore/dom/Document.cpp:1949
#20 0x00007f2c8e22d4eb in WebCore::AccessibilityObject::updateBackingStore (this=0x7f2c6f7e5cc0) at ../../Source/WebCore/accessibility/AccessibilityObject.cpp:1591
#21 0x00007f2c8eedd13c in webkitAccessibleGetParent (object=0x20b0060) at ../../Source/WebCore/accessibility/atk/WebKitAccessibleWrapperAtk.cpp:301
#22 0x00007f2c8223af70 in atk_object_real_get_property (object=0x20b0060, prop_id=3, value=0x7fff26af1f60, pspec=0x1deed30) at atkobject.c:1365
#23 0x00007f2c8455594b in object_get_property (value=<optimized out>, pspec=<optimized out>, object=<optimized out>) at gobject.c:1370
#24 g_object_get_property (object=0x20b0060, property_name=0x7fff26af1f60 "0\363\340\001", value=0x7fff26af1f60) at gobject.c:2438
#25 0x00007f2c8223a05b in atk_object_notify (obj=0x20b0060, pspec=0x1deed30) at atkobject.c:1531
#26 0x00007f2c8454cf15 in g_closure_invoke (closure=0x1dddb30, return_value=0x0, n_param_values=2, param_values=0x7fff26af2170, invocation_hint=0x7fff26af2110) at gclosure.c:768
#27 0x00007f2c8455ef6b in signal_emit_unlocked_R (node=node@entry=0x1dddbc0, detail=detail@entry=199, instance=instance@entry=0x20b0060, emission_return=emission_return@entry=0x0, instance_and_params=instance_and_params@entry=0x7fff26af2170) at gsignal.c:3483
#28 0x00007f2c84568198 in g_signal_emit_valist (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>, var_args=var_args@entry=0x7fff26af2300) at gsignal.c:3309
#29 0x00007f2c845683ff in g_signal_emit (instance=<optimized out>, signal_id=<optimized out>, detail=<optimized out>) at gsignal.c:3365
#30 0x00007f2c845516c5 in g_object_dispatch_properties_changed (object=0x0, n_pspecs=0, pspecs=0x1d755f8) at gobject.c:1056
#31 0x00007f2c84553c71 in g_object_notify_by_spec_internal (pspec=<optimized out>, object=0x20b0060) at gobject.c:1149
#32 g_object_notify (object=0x20b0060, property_name=<optimized out>) at gobject.c:1197
#33 0x00007f2c8e0b82fd in webPageAccessibilityObjectRefresh (accessible=0x1e7fcf0) at ../../Source/WebKit2/WebProcess/WebPage/atk/WebPageAccessibilityObjectAtk.cpp:146
#34 0x00007f2c8e0b84f2 in WebKit::WebPage::updateAccessibilityTree (this=0x7f2c6f403440) at ../../Source/WebKit2/WebProcess/WebPage/efl/WebPageEfl.cpp:76
#35 0x00007f2c8df301b7 in WebKit::WebFrameLoaderClient::dispatchDidClearWindowObjectInWorld (this=0x1df8eb0, world=...) at ../../Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:1581
#36 0x00007f2c8e7a6a27 in WebCore::FrameLoader::dispatchDidClearWindowObjectInWorld (this=0x7f2c6f6e4098, world=...) at ../../Source/WebCore/loader/FrameLoader.cpp:3359
#37 0x00007f2c8e2a52a2 in WebCore::ScriptController::initScript (this=0x7f2c6f7fcc80, world=...) at ../../Source/WebCore/bindings/js/ScriptController.cpp:270
#38 0x00007f2c8debf833 in WebCore::ScriptController::windowShell (this=0x7f2c6f7fcc80, world=...) at ../../Source/WebCore/bindings/js/ScriptController.h:90
#39 0x00007f2c8debf8bd in WebCore::ScriptController::globalObject (this=0x7f2c6f7fcc80, world=...) at ../../Source/WebCore/bindings/js/ScriptController.h:99
#40 0x00007f2c8e59cd1b in WebCore::HTMLMediaElement::ensureMediaControlsInjectedScript (this=0x7f2c6f55e740) at ../../Source/WebCore/html/HTMLMediaElement.cpp:6226
#41 0x00007f2c8e59d166 in WebCore::HTMLMediaElement::didAddUserAgentShadowRoot (this=0x7f2c6f55e740, root=0x7f2c24bee578) at ../../Source/WebCore/html/HTMLMediaElement.cpp:6266
#42 0x00007f2c8e3a44e6 in WebCore::Element::addShadowRoot(WTF::Ref<WebCore::ShadowRoot>&&) (this=0x7f2c6f55e740, newShadowRoot=<unknown type in webkit/WebKitBuild/Debug/lib/libewebkit2.so.1, CU 0x15efcef9, DIE 0x1614a574>) at ../../Source/WebCore/dom/Element.cpp:1655
#43 0x00007f2c8e3a4a5f in WebCore::Element::ensureUserAgentShadowRoot (this=0x7f2c6f55e740) at ../../Source/WebCore/dom/Element.cpp:1737
#44 0x00007f2c8e59aa16 in WebCore::HTMLMediaElement::configureMediaControls (this=0x7f2c6f55e740) at ../../Source/WebCore/html/HTMLMediaElement.cpp:5601
#45 0x00007f2c8e5869c5 in WebCore::HTMLMediaElement::insertedInto (this=0x7f2c6f55e740, insertionPoint=...) at ../../Source/WebCore/html/HTMLMediaElement.cpp:740
#46 0x00007f2c8e31c8d1 in WebCore::notifyNodeInsertedIntoDocument (insertionPoint=..., node=..., postInsertionNotificationTargets=...) at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:71
#47 0x00007f2c8e31c677 in WebCore::notifyDescendantInsertedIntoDocument (insertionPoint=..., node=..., postInsertionNotificationTargets=...) at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:45
#48 0x00007f2c8e31c920 in WebCore::notifyNodeInsertedIntoDocument (insertionPoint=..., node=..., postInsertionNotificationTargets=...) at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:74
#49 0x00007f2c8e31cae4 in WebCore::notifyChildNodeInserted (insertionPoint=..., node=..., postInsertionNotificationTargets=...) at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:97
#50 0x00007f2c8e30df43 in WebCore::ContainerNode::notifyChildInserted (this=0x7f2c6f7e36e8, child=..., source=WebCore::ContainerNode::ChildChangeSourceAPI) at ../../Source/WebCore/dom/ContainerNode.cpp:339
#51 0x00007f2c8e3109ae in WebCore::ContainerNode::updateTreeAfterInsertion (this=0x7f2c6f7e36e8, child=...) at ../../Source/WebCore/dom/ContainerNode.cpp:823
#52 0x00007f2c8e30f910 in WebCore::ContainerNode::appendChild(WTF::Ref<WebCore::Node>&&, int&) (this=0x7f2c6f7e36e8, newChild=<unknown type in webkit/WebKitBuild/Debug/lib/libewebkit2.so.1, CU 0x15745c20, DIE 0x1590b3c5>, ec=@0x7fff26af2df0: 0) at ../../Source/WebCore/dom/ContainerNode.cpp:704
#53 0x00007f2c8fc949b7 in WebCore::AppendNodeCommand::doApply (this=0x7f2c24bf1288) at ../../Source/WebCore/editing/AppendNodeCommand.cpp:70
#54 0x00007f2c8f62d6c4 in WebCore::CompositeEditCommand::applyCommandToComposite (this=0x7f2c6f6cc738, prpCommand=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:278
#55 0x00007f2c8f62e884 in WebCore::CompositeEditCommand::appendNode (this=0x7f2c6f6cc738, node=..., parent=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:399
#56 0x00007f2c8f62e123 in WebCore::CompositeEditCommand::insertNodeAfter (this=0x7f2c6f6cc738, insertChild=..., refChild=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:358
#57 0x00007f2c8f6343b6 in WebCore::CompositeEditCommand::cloneParagraphUnderNewElement (this=0x7f2c6f6cc738, start=..., end=..., passedOuterNode=0x7f2c6f7f6a00, blockElement=0x7f2c6f7e36e8) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:1105
#58 0x00007f2c8f634ceb in WebCore::CompositeEditCommand::moveParagraphWithClones (this=0x7f2c6f6cc738, startOfParagraphToMove=..., endOfParagraphToMove=..., blockElement=0x7f2c6f7e36e8, outerNode=0x7f2c6f7f6a00) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:1178
#59 0x00007f2c8e4aca33 in WebCore::IndentOutdentCommand::indentIntoBlockquote (this=0x7f2c6f6cc738, start=..., end=..., targetBlockquote=...) at ../../Source/WebCore/editing/IndentOutdentCommand.cpp:117
#60 0x00007f2c8e4ae2d6 in WebCore::IndentOutdentCommand::formatRange (this=0x7f2c6f6cc738, start=..., end=..., blockquoteForNextIndent=...) at ../../Source/WebCore/editing/IndentOutdentCommand.cpp:236
#61 0x00007f2c8f617f9b in WebCore::ApplyBlockElementCommand::formatSelection (this=0x7f2c6f6cc738, startOfSelection=..., endOfSelection=...) at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:141
#62 0x00007f2c8e4ae259 in WebCore::IndentOutdentCommand::formatSelection (this=0x7f2c6f6cc738, startOfSelection=..., endOfSelection=...) at ../../Source/WebCore/editing/IndentOutdentCommand.cpp:226
#63 0x00007f2c8f61723e in WebCore::ApplyBlockElementCommand::doApply (this=0x7f2c6f6cc738) at ../../Source/WebCore/editing/ApplyBlockElementCommand.cpp:86
#64 0x00007f2c8f62d3f0 in WebCore::CompositeEditCommand::apply (this=0x7f2c6f6cc738) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:227
#65 0x00007f2c8f62d1a1 in WebCore::applyCommand (command=...) at ../../Source/WebCore/editing/CompositeEditCommand.cpp:186
#66 0x00007f2c8e494432 in WebCore::executeIndent (frame=...) at ../../Source/WebCore/editing/EditorCommand.cpp:456
#67 0x00007f2c8e49862a in WebCore::Editor::Command::execute (this=0x7fff26af3bd0, parameter=..., triggeringEvent=0x0) at ../../Source/WebCore/editing/EditorCommand.cpp:1703
#68 0x00007f2c8e33e3b5 in WebCore::Document::execCommand (this=0x7f2c6f426a40, commandName=..., userInterface=true, value=...) at ../../Source/WebCore/dom/Document.cpp:4657
#69 0x00007f2c8fa6c119 in WebCore::jsDocumentPrototypeFunctionExecCommand (state=0x7fff26af3ca0) at DerivedSources/WebCore/JSDocument.cpp:5066
#70 0x00007f2c27fff0c8 in ?? ()
#71 0x00007fff26af3d20 in ?? ()
#72 0x00007f2c881a8764 in llint_entry () from webkit/WebKitBuild/Debug/lib/libjavascriptcore_efl.so.1</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>