RESOLVED FIXED 106412
REGRESSION(r139141): Assertion failure in WebCore::HTMLConstructionSite::HTMLConstructionSite 
https://bugs.webkit.org/show_bug.cgi?id=106412
Summary REGRESSION(r139141): Assertion failure in WebCore::HTMLConstructionSite::HTML...
Stephanie Lewis
Reported 2013-01-08 20:54:43 PST
Created attachment 181836 [details] crash log Occurs on Mac Debug WK1 and WK2 Mountain Lion and Lion Failing tests: [540/1529] editing/style/justify-without-enclosing-block.xhtml failed unexpectedly (DumpRenderTree crashed [pid=8563]) [1134/1529] editing/execCommand/insert-list-xml.xhtml failed unexpectedly (DumpRenderTree crashed [pid=8566]) [1173/1529] editing/pasteboard/paste-noscript-xhtml.xhtml failed unexpectedly (DumpRenderTree crashed [pid=8572]) [1287/1529] editing/pasteboard/paste-xml.xhtml failed unexpectedly (DumpRenderTree crashed [pid=8598]) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef VM Regions Near 0xbbadbeef: --> __TEXT 000000010089a000-000000010089b000 [ 4K] r-x/rwx SM=COW /Volumes/VOLUME/*/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Application Specific Information: objc[40866]: garbage collection is OFF CRASHING TEST: editing/pasteboard/paste-noscript-xhtml.xhtml Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010342b0d4 WebCore::HTMLConstructionSite::HTMLConstructionSite(WebCore::DocumentFragment*, WebCore::FragmentScriptingPermission, unsigned int) + 276 (HTMLConstructionSite.cpp:161) 1 com.apple.WebCore 0x000000010342afb9 WebCore::HTMLConstructionSite::HTMLConstructionSite(WebCore::DocumentFragment*, WebCore::FragmentScriptingPermission, unsigned int) + 41 (HTMLConstructionSite.cpp:162) 2 com.apple.WebCore 0x000000010350db69 WebCore::HTMLTreeBuilder::HTMLTreeBuilder(WebCore::HTMLDocumentParser*, WebCore::DocumentFragment*, WebCore::Element*, WebCore::FragmentScriptingPermission, WebCore::HTMLParserOptions const&) + 121 (HTMLTreeBuilder.cpp:301) 3 com.apple.WebCore 0x000000010350dadd WebCore::HTMLTreeBuilder::HTMLTreeBuilder(WebCore::HTMLDocumentParser*, WebCore::DocumentFragment*, WebCore::Element*, WebCore::FragmentScriptingPermission, WebCore::HTMLParserOptions const&) + 61 (HTMLTreeBuilder.cpp:320) 4 com.apple.WebCore 0x000000010344ad99 WebCore::HTMLTreeBuilder::create(WebCore::HTMLDocumentParser*, WebCore::DocumentFragment*, WebCore::Element*, WebCore::FragmentScriptingPermission, WebCore::HTMLParserOptions const&) + 89 (HTMLTreeBuilder.h:67) 5 com.apple.WebCore 0x0000000103448560 WebCore::HTMLDocumentParser::HTMLDocumentParser(WebCore::DocumentFragment*, WebCore::Element*, WebCore::FragmentScriptingPermission) + 352 (HTMLDocumentParser.cpp:92) 6 com.apple.WebCore 0x00000001034483eb WebCore::HTMLDocumentParser::HTMLDocumentParser(WebCore::DocumentFragment*, WebCore::Element*, WebCore::FragmentScriptingPermission) + 43 (HTMLDocumentParser.cpp:99) 7 com.apple.WebCore 0x000000010344bb37 WebCore::HTMLDocumentParser::create(WebCore::DocumentFragment*, WebCore::Element*, WebCore::FragmentScriptingPermission) + 71 (HTMLDocumentParser.h:93) 8 com.apple.WebCore 0x000000010344a801 WebCore::HTMLDocumentParser::parseDocumentFragment(WTF::String const&, WebCore::DocumentFragment*, WebCore::Element*, WebCore::FragmentScriptingPermission) + 49 (HTMLDocumentParser.cpp:547) 9 com.apple.WebCore 0x00000001030463cb WebCore::DocumentFragment::parseHTML(WTF::String const&, WebCore::Element*, WebCore::FragmentScriptingPermission) + 43 (DocumentFragment.cpp:82) 10 com.apple.WebCore 0x0000000103ceefa7 WebCore::createFragmentFromMarkup(WebCore::Document*, WTF::String const&, WTF::String const&, WebCore::FragmentScriptingPermission) + 231 (markup.cpp:673) 11 com.apple.WebCore 0x0000000103e1cdcc WebCore::Pasteboard::documentFragment(WebCore::Frame*, WTF::PassRefPtr<WebCore::Range>, bool, bool&) + 1660 (PasteboardMac.mm:470) 12 com.apple.WebCore 0x00000001031f6824 WebCore::Editor::pasteWithPasteboard(WebCore::Pasteboard*, bool) + 308 (EditorMac.mm:87) 13 com.apple.WebCore 0x00000001031de6d9 WebCore::Editor::paste() + 265 (Editor.cpp:1031) 14 com.apple.WebCore 0x00000001031f0da1 _ZN7WebCoreL12executePasteEPNS_5FrameEPNS_5EventENS_19EditorCommandSourceERKN3WTF6StringE + 97 (EditorCommand.cpp:915) 15 com.apple.WebCore 0x00000001031ed2f0 WebCore::Editor::Command::execute(WTF::String const&, WebCore::Event*) const + 208 (EditorCommand.cpp:1704) 16 com.apple.WebCore 0x0000000102ffe54e WebCore::Document::execCommand(WTF::String const&, bool, WTF::String const&) + 78 (Document.cpp:4177) 17 com.apple.WebCore 0x00000001037c82c2 WebCore::jsDocumentPrototypeFunctionExecCommand(JSC::ExecState*) + 978 (JSDocument.cpp:2602) 18 ??? 0x0000397ec9201045 0 + 63216702984261 19 com.apple.JavaScriptCore 0x0000000101e2ca04 JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::JSGlobalData*) + 84 (JITCode.h:134) 20 com.apple.JavaScriptCore 0x0000000101e29c7f JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1519 (Interpreter.cpp:1055) 21 com.apple.JavaScriptCore 0x0000000101c476f2 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 306 (CallData.cpp:39) 22 com.apple.WebCore 0x0000000103739c12 WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 146 (JSMainThreadExecState.h:56) 23 com.apple.WebCore 0x000000010387b366 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1238 (JSEventListener.cpp:129) 24 com.apple.WebCore 0x00000001032520c3 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 499 (EventTarget.cpp:211) 25 com.apple.WebCore 0x0000000103251e95 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 325 (EventTarget.cpp:177) 26 com.apple.WebCore 0x000000010319b4c0 WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 272 (DOMWindow.cpp:1686) 27 com.apple.WebCore 0x00000001031a24d8 WebCore::DOMWindow::dispatchLoadEvent() + 296 (DOMWindow.cpp:1660) 28 com.apple.WebCore 0x0000000102ff76ef WebCore::Document::dispatchWindowLoadEvent() + 143 (Document.cpp:3663) 29 com.apple.WebCore 0x0000000102ff51ad WebCore::Document::implicitClose() + 493 (Document.cpp:2421) 30 com.apple.WebCore 0x00000001033196fb WebCore::FrameLoader::checkCallImplicitClose() + 155 (FrameLoader.cpp:834) 31 com.apple.WebCore 0x00000001033193c3 WebCore::FrameLoader::checkCompleted() + 323 (FrameLoader.cpp:778) 32 com.apple.WebCore 0x00000001033197c9 WebCore::FrameLoader::completed() + 185 (FrameLoader.cpp:1084) 33 com.apple.WebCore 0x00000001033193e0 WebCore::FrameLoader::checkCompleted() + 352 (FrameLoader.cpp:781) 34 com.apple.WebCore 0x0000000103319565 WebCore::FrameLoader::loadDone() + 21 (FrameLoader.cpp:723) 35 com.apple.WebCore 0x0000000102d3d652 WebCore::CachedResourceLoader::loadDone(WebCore::CachedResource*) + 114 (CachedResourceLoader.cpp:723) 36 com.apple.WebCore 0x00000001043ae1ff WebCore::SubresourceLoader::releaseResources() + 191 (SubresourceLoader.cpp:320) 37 com.apple.WebCore 0x00000001041826eb WebCore::ResourceLoader::didFail(WebCore::ResourceError const&) + 283 (ResourceLoader.cpp:356) 38 com.apple.WebCore 0x00000001043adfc5 WebCore::SubresourceLoader::didFail(WebCore::ResourceError const&) + 453 (SubresourceLoader.cpp:296) 39 com.apple.WebCore 0x0000000104182d35 WebCore::ResourceLoader::didFail(WebCore::ResourceHandle*, WebCore::ResourceError const&) + 101 (ResourceLoader.cpp:465) 40 com.apple.WebCore 0x000000010417fa25 -[WebCoreResourceHandleAsDelegate connection:didFailWithError:] + 245 (ResourceHandleMac.mm:834) 41 com.apple.Foundation 0x00007fff83187b3b ___NSURLConnectionDidFail_block_invoke_1 + 125 42 com.apple.Foundation 0x00007fff83187ab8 _NSURLConnectionDidFail + 85 43 com.apple.CFNetwork 0x00007fff8a37f75d URLConnectionClient::_clientDidFailWithError(__CFError*, URLConnectionClient::ClientConnectionEventQueue*) + 667 44 com.apple.CFNetwork 0x00007fff8a37e915 URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 885 45 com.apple.CFNetwork 0x00007fff8a2a9231 URLConnectionClient::processEvents() + 185 46 com.apple.CFNetwork 0x00007fff8a2a90d6 MultiplexerSource::perform() + 212 47 com.apple.CoreFoundation 0x00007fff854734f1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 48 com.apple.CoreFoundation 0x00007fff85472d5d __CFRunLoopDoSources0 + 253 49 com.apple.CoreFoundation 0x00007fff85499b49 __CFRunLoopRun + 905 50 com.apple.CoreFoundation 0x00007fff85499486 CFRunLoopRunSpecific + 230 51 com.apple.HIToolbox 0x00007fff867f02bf RunCurrentEventLoopInMode + 277 52 com.apple.HIToolbox 0x00007fff867f756d ReceiveNextEventCommon + 355 53 com.apple.HIToolbox 0x00007fff867f73fa BlockUntilNextEventMatchingListInMode + 62 54 com.apple.AppKit 0x00007fff84312779 _DPSNextEvent + 659 55 com.apple.AppKit 0x00007fff8431207d -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 135 56 com.apple.AppKit 0x00007fff8430e9b9 -[NSApplication run] + 470 57 com.apple.WebCore 0x00000001041b939c WebCore::RunLoop::run() + 92 (RunLoopMac.mm:37) 58 com.apple.WebKit2 0x0000000100c65eaf int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebProcessMainDelegate>(WebKit::CommandLine const&) + 815 (ChildProcessMain.h:106) 59 com.apple.WebKit2 0x0000000100c65b75 WebKit::WebProcessMain(WebKit::CommandLine const&) + 21 (WebProcessMainMac.mm:152) 60 com.apple.WebKit2 0x0000000100b5f279 _ZL10WebKitMainRKN6WebKit11CommandLineE + 201 (WebKitMain.cpp:56) 61 com.apple.WebKit2 0x0000000100b5f189 WebKitMain + 153 (WebKitMain.cpp:86) 62 com.apple.WebProcess 0x000000010089ad92 main + 274 63 com.apple.WebProcess 0x000000010089ac74 start + 52
Attachments
crash log (353.64 KB, application/octet-stream)
2013-01-08 20:54 PST, Stephanie Lewis 		no flags
Details
Patch (2.17 KB, patch)
2013-01-09 09:56 PST, Tony Gentilcore 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Stephanie Lewis
Comment 1 2013-01-08 20:58:46 PST
Started failing here: http://trac.webkit.org/projects/webkit/changeset/139141
Stephanie Lewis
Comment 2 2013-01-08 21:24:56 PST
Landed expectations changes in http://trac.webkit.org/projects/webkit/changeset/139155
Geoffrey Garen
Comment 3 2013-01-08 23:09:57 PST
Should we roll out r139141?
Csaba Osztrogonác
Comment 4 2013-01-09 06:39:42 PST
Same assertion on Qt.
Tony Gentilcore
Comment 5 2013-01-09 09:56:09 PST
Created attachment 181939 [details] Patch
WebKit Review Bot
Comment 6 2013-01-09 12:03:09 PST
Comment on attachment 181939 [details] Patch Clearing flags on attachment: 181939 Committed r139217: <http://trac.webkit.org/changeset/139217>
WebKit Review Bot
Comment 7 2013-01-09 12:03:13 PST
All reviewed patches have been landed. Closing bug.
Adam Barth
Comment 8 2013-01-09 12:34:24 PST
Comment on attachment 181939 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=181939&action=review > Source/WebCore/html/parser/HTMLConstructionSite.cpp:149 > - ASSERT(m_document->isHTMLDocument()); > + ASSERT(m_document->isHTMLDocument() || m_document->isXHTMLDocument()); Is this change needed as well? The stack in the bug looks like only the fragment case, which should flow though the ASSERT on line 161.
Adam Barth
Comment 9 2013-01-09 12:34:48 PST
Interesting. The editing code uses the HTML parser when editing XHTML documents? That seems strange. @rniwa: Is that expected?
Ryosuke Niwa
Comment 10 2013-01-09 12:37:00 PST
(In reply to comment #9) > Interesting. The editing code uses the HTML parser when editing XHTML documents? That seems strange. > > @rniwa: Is that expected? Yes, that is expected.
Adam Barth
Comment 11 2013-01-09 12:59:53 PST
Thanks!
Note You need to log in before you can comment on or make changes to this bug.