<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - ASSERTION FAILED: m_imageElements.find(e) == notFound in WebCore::HTMLFormElement::registerImgElement"
href="https://bugs.webkit.org/show_bug.cgi?id=152225">152225</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>ASSERTION FAILED: m_imageElements.find(e) == notFound in WebCore::HTMLFormElement::registerImgElement
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Local Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>HTML DOM
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>rhodovan.u-szeged@partner.samsung.com
</td>
</tr>
<tr>
<th>CC</th>
<td>darin@apple.com, eric@webkit.org
</td>
</tr>
<tr>
<th>Blocks</th>
<td>116980
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=267259" name="attach_267259" title="Test">attachment 267259</a> <a href="attachment.cgi?id=267259&action=edit" title="Test">[details]</a></span>
Test
Load the attached test with debug MiniBrowser:
<!DOCTYPE html>
<template>
<form>
<code>
<p><img></img>
</code>
</form>
</template>
OS: Ubuntu 15.10 x86_64
Checked build: debug EFL
Checked version: 37be9b0
Backtrace:
ASSERTION FAILED: m_imageElements.find(e) == notFound
../../Source/WebCore/html/HTMLFormElement.cpp(626) : void WebCore::HTMLFormElement::registerImgElement(WebCore::HTMLImageElement*)
1 0x7fa014cbcecc WTFCrash
2 0x7fa013487948 WebCore::HTMLFormElement::registerImgElement(WebCore::HTMLImageElement*)
3 0x7fa0134910a2 WebCore::HTMLImageElement::insertedInto(WebCore::ContainerNode&)
4 0x7fa01322a1d6 WebCore::notifyNodeInsertedIntoTree(WebCore::ContainerNode&, WebCore::ContainerNode&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&)
5 0x7fa01322a349 WebCore::notifyChildNodeInserted(WebCore::ContainerNode&, WebCore::Node&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&)
6 0x7fa01321b479 WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource)
7 0x7fa01321d142 WebCore::ContainerNode::parserAppendChild(WTF::Ref<WebCore::Node>&&)
8 0x7fa01321a60a WebCore::ContainerNode::takeAllChildrenFrom(WebCore::ContainerNode*)
9 0x7fa0145ee4ac
10 0x7fa0145ee518
11 0x7fa0145ee87e WebCore::HTMLConstructionSite::executeQueuedTasks()
12 0x7fa0135a6b41 WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken&)
13 0x7fa0135839a4 WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&)
14 0x7fa013583683 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode)
15 0x7fa013582f61 WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode)
16 0x7fa013583f07 WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl>&&)
17 0x7fa014547dab WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&)
18 0x7fa0136a2546 WebCore::DocumentWriter::end()
19 0x7fa01368b9be WebCore::DocumentLoader::finishedLoading(double)
20 0x7fa01368b718 WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*)
21 0x7fa013731ca3 WebCore::CachedResource::checkNotify()
22 0x7fa013731db8 WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*)
23 0x7fa01372dfe6 WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*)
24 0x7fa0136f60e5 WebCore::SubresourceLoader::didFinishLoading(double)
25 0x7fa012da731e WebKit::WebResourceLoader::didFinishResourceLoad(double)
26 0x7fa01304141b void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::tuple<double>&&, std::index_sequence<0ul>)
27 0x7fa013040d5a void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::tuple<double>, std::make_index_sequence<1ul> >(std::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double))
28 0x7fa0130408b4 void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double))
29 0x7fa013040132 WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&)
30 0x7fa012d9d4c3 WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&)
31 0x7fa012a9c7ce IPC::Connection::dispatchMessage(IPC::MessageDecoder&)
Aborted (core dumped)
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00007fa014cbced1 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
321 *(int *)(uintptr_t)0xbbadbeef = 0;
[Current thread is 1 (Thread 0x7fa0187f7a80 (LWP 29377))]
#0 0x00007fa014cbced1 in WTFCrash () at ../../Source/WTF/wtf/Assertions.cpp:321
#1 0x00007fa013487948 in WebCore::HTMLFormElement::registerImgElement(WebCore::HTMLImageElement*) () at ../../Source/WebCore/html/HTMLFormElement.cpp:626
#2 0x00007fa0134910a2 in WebCore::HTMLImageElement::insertedInto(WebCore::ContainerNode&) () at ../../Source/WebCore/html/HTMLImageElement.cpp:307
#3 0x00007fa01322a1d6 in WebCore::notifyNodeInsertedIntoTree(WebCore::ContainerNode&, WebCore::ContainerNode&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) () at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:82
#4 0x00007fa01322a349 in WebCore::notifyChildNodeInserted(WebCore::ContainerNode&, WebCore::Node&, WTF::Vector<WTF::Ref<WebCore::Node>, 11ul, WTF::CrashOnOverflow, 16ul>&) () at ../../Source/WebCore/dom/ContainerNodeAlgorithms.cpp:99
#5 0x00007fa01321b479 in WebCore::ContainerNode::notifyChildInserted(WebCore::Node&, WebCore::ContainerNode::ChildChangeSource) () at ../../Source/WebCore/dom/ContainerNode.cpp:338
#6 0x00007fa01321d142 in WebCore::ContainerNode::parserAppendChild(WTF::Ref<WebCore::Node>&&) () at ../../Source/WebCore/dom/ContainerNode.cpp:730
#7 0x00007fa01321a60a in WebCore::ContainerNode::takeAllChildrenFrom(WebCore::ContainerNode*) () at ../../Source/WebCore/dom/ContainerNode.cpp:132
#8 0x00007fa0145ee4ac in WebCore::executeTakeAllChildrenTask(WebCore::HTMLConstructionSiteTask&) () at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:143
#9 0x00007fa0145ee518 in WebCore::executeTask(WebCore::HTMLConstructionSiteTask&) () at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:162
#10 0x00007fa0145ee87e in WebCore::HTMLConstructionSite::executeQueuedTasks() () at ../../Source/WebCore/html/parser/HTMLConstructionSite.cpp:202
#11 0x00007fa0135a6b41 in WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken&) () at ../../Source/WebCore/html/parser/HTMLTreeBuilder.cpp:355
#12 0x00007fa0135839a4 in WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&) () at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:312
#13 0x00007fa013583683 in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) () at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:269
#14 0x00007fa013582f61 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) () at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:166
#15 0x00007fa013583f07 in WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl>&&) () at ../../Source/WebCore/html/parser/HTMLDocumentParser.cpp:382
#16 0x00007fa014547dab in WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&) () at ../../Source/WebCore/dom/DecodedDataDocumentParser.cpp:60
#17 0x00007fa0136a2546 in WebCore::DocumentWriter::end (this=0x7f9ff442ef20) at ../../Source/WebCore/loader/DocumentWriter.cpp:254
#18 0x00007fa01368b9be in WebCore::DocumentLoader::finishedLoading(double) () at ../../Source/WebCore/loader/DocumentLoader.cpp:434
#19 0x00007fa01368b718 in WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*) () at ../../Source/WebCore/loader/DocumentLoader.cpp:381
#20 0x00007fa013731ca3 in WebCore::CachedResource::checkNotify() () at ../../Source/WebCore/loader/cache/CachedResource.cpp:296
#21 0x00007fa013731db8 in WebCore::CachedResource::finishLoading(WebCore::SharedBuffer*) () at ../../Source/WebCore/loader/cache/CachedResource.cpp:312
#22 0x00007fa01372dfe6 in WebCore::CachedRawResource::finishLoading(WebCore::SharedBuffer*) () at ../../Source/WebCore/loader/cache/CachedRawResource.cpp:103
#23 0x00007fa0136f60e5 in WebCore::SubresourceLoader::didFinishLoading(double) () at ../../Source/WebCore/loader/SubresourceLoader.cpp:372
#24 0x00007fa012da731e in WebKit::WebResourceLoader::didFinishResourceLoad(double) () at ../../Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp:153
#25 0x00007fa01304141b in void IPC::callMemberFunctionImpl<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::tuple<double>, 0ul>(WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double), std::tuple<double>&&, std::index_sequence<0ul>) () at ../../Source/WebKit2/Platform/IPC/HandleMessage.h:16
#26 0x00007fa013040d5a in void IPC::callMemberFunction<WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double), std::tuple<double>, std::make_index_sequence<1ul> >(std::tuple<double>&&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) () at ../../Source/WebKit2/Platform/IPC/HandleMessage.h:22
#27 0x00007fa0130408b4 in void IPC::handleMessage<Messages::WebResourceLoader::DidFinishResourceLoad, WebKit::WebResourceLoader, void (WebKit::WebResourceLoader::*)(double)>(IPC::MessageDecoder&, WebKit::WebResourceLoader*, void (WebKit::WebResourceLoader::*)(double)) () at ../../Source/WebKit2/Platform/IPC/HandleMessage.h:92
#28 0x00007fa013040132 in WebKit::WebResourceLoader::didReceiveWebResourceLoaderMessage(IPC::Connection&, IPC::MessageDecoder&) () at DerivedSources/WebKit2/WebResourceLoaderMessageReceiver.cpp:65
#29 0x00007fa012d9d4c3 in WebKit::NetworkProcessConnection::didReceiveMessage(IPC::Connection&, IPC::MessageDecoder&) () at ../../Source/WebKit2/WebProcess/Network/NetworkProcessConnection.cpp:58
#30 0x00007fa012a9c7ce in IPC::Connection::dispatchMessage(IPC::MessageDecoder&) () at ../../Source/WebKit2/Platform/IPC/Connection.cpp:900
#31 0x00007fa012a9c932 in IPC::Connection::dispatchMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >) () at ../../Source/WebKit2/Platform/IPC/Connection.cpp:931
#32 0x00007fa012a9cb1f in IPC::Connection::dispatchOneMessage() () at ../../Source/WebKit2/Platform/IPC/Connection.cpp:962
#33 0x00007fa012a9c5e1 in IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >)::{lambda()#1}::operator()() const () at ../../Source/WebKit2/Platform/IPC/Connection.cpp:894
#34 0x00007fa012a9e0ef in std::_Function_handler<void (), IPC::Connection::enqueueIncomingMessage(std::unique_ptr<IPC::MessageDecoder, std::default_delete<IPC::MessageDecoder> >)::{lambda()#1}>::_M_invoke(std::_Any_data const&) () at /usr/include/c++/5/functional:1871
#35 0x00007fa012a0b4b8 in std::function<void()>::operator()(void) const (this=0x7ffc70bd05d0) at /usr/include/c++/5/functional:2271
#36 0x00007fa014cdadc3 in WTF::RunLoop::performWork (this=0x7f9ff45f9000) at ../../Source/WTF/wtf/RunLoop.cpp:121
#37 0x00007fa014d1b5d9 in WTF::RunLoop::wakeUpEvent (data=0x7f9ff45f9000) at ../../Source/WTF/wtf/efl/RunLoopEfl.cpp:66
#38 0x00007fa00ce8efee in _ecore_pipe_handler_call (p=p@entry=0x22e75b0, buf=0x234d400 "W\323\064\002", len=<optimized out>) at lib/ecore/ecore_pipe.c:533
#39 0x00007fa00ce8f779 in _ecore_pipe_read (data=0x22e75b0, fd_handler=<optimized out>) at lib/ecore/ecore_pipe.c:660
#40 0x00007fa00ce8e441 in _ecore_call_fd_cb (fd_handler=0x22e57c0, data=<optimized out>, func=<optimized out>) at lib/ecore/ecore_private.h:414
#41 _ecore_main_fd_handlers_call () at lib/ecore/ecore_main.c:1684
#42 _ecore_main_loop_iterate_internal (once_only=once_only@entry=0) at lib/ecore/ecore_main.c:1940
#43 0x00007fa00ce8e827 in ecore_main_loop_begin () at lib/ecore/ecore_main.c:988
#44 0x00007fa014d1b55b in WTF::RunLoop::run () at ../../Source/WTF/wtf/efl/RunLoopEfl.cpp:49
#45 0x00007fa012fbc456 in int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMain>(int, char**) () at ../../Source/WebKit2/Shared/unix/ChildProcessMain.h:61
#46 0x00007fa012fbc064 in WebProcessMainUnix () at ../../Source/WebKit2/WebProcess/efl/WebProcessMainEfl.cpp:161
#47 0x000000000040089a in main () at ../../Source/WebKit2/WebProcess/EntryPoint/unix/WebProcessMain.cpp:44</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>