RESOLVED FIXED 83578
[Qt][WK2] fast/loader/create-frame-in-DOMContentLoaded.html crashes 
https://bugs.webkit.org/show_bug.cgi?id=83578
Summary [Qt][WK2] fast/loader/create-frame-in-DOMContentLoaded.html crashes
Csaba Osztrogonác
Reported 2012-04-10 06:47:29 PDT
This test was skipped long long time ago, and was unskipped by http://trac.webkit.org/changeset/113427, but unfortunately it crashes on Qt5-WK2 platform (pass with Qt4.8-WK1 and Qt5-WK2) crash log for WebProcess (pid <unknown>): STDOUT: <empty> STDERR: 1 0x7f8e51a15048 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libWTRInjectedBundle.so(+0x34048) [0x7f8e51a15048] STDERR: 2 0x7f8e9dde7420 /lib/x86_64-linux-gnu/libc.so.6(+0x36420) [0x7f8e9dde7420] STDERR: 3 0x7f8ea02c33cd /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::WebFrameNetworkingContext::WebFrameNetworkingContext(WebKit::WebFrame*)+0x5d) [0x7f8ea02c33cd] STDERR: 4 0x7f8ea02c3491 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::WebFrameNetworkingContext::create(WebKit::WebFrame*)+0x31) [0x7f8ea02c3491] STDERR: 5 0x7f8ea02b2964 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebKit::WebFrameLoaderClient::createNetworkingContext()+0x14) [0x7f8ea02b2964] STDERR: 6 0x7f8ea0881df1 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::FrameLoader::init()+0x7f1) [0x7f8ea0881df1] STDERR: 7 0x7f8ea02cf1a2 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebKit::WebFrame::init(WebKit::WebPage*, WTF::String const&, WebCore::HTMLFrameOwnerElement*)+0xe2) [0x7f8ea02cf1a2] STDERR: 8 0x7f8ea02cfc2f /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebKit::WebFrame::createSubframe(WebKit::WebPage*, WTF::String const&, WebCore::HTMLFrameOwnerElement*)+0xef) [0x7f8ea02cfc2f] STDERR: 9 0x7f8ea02b22ee /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebKit::WebFrameLoaderClient::createFrame(WebCore::KURL const&, WTF::String const&, WebCore::HTMLFrameOwnerElement*, WTF::String const&, bool, int, int)+0x4e) [0x7f8ea02b22ee] STDERR: 10 0x7f8ea08b6171 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::SubframeLoader::loadSubframe(WebCore::HTMLFrameOwnerElement*, WebCore::KURL const&, WTF::String const&, WTF::String const&)+0x181) [0x7f8ea08b6171] STDERR: 11 0x7f8ea08b648f /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::SubframeLoader::loadOrRedirectSubframe(WebCore::HTMLFrameOwnerElement*, WebCore::KURL const&, WTF::AtomicString const&, bool, bool)+0xff) [0x7f8ea08b648f] STDERR: 12 0x7f8ea08b69c7 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::SubframeLoader::requestFrame(WebCore::HTMLFrameOwnerElement*, WTF::String const&, WTF::AtomicString const&, bool, bool)+0x207) [0x7f8ea08b69c7] STDERR: 13 0x7f8ea06e9022 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::HTMLFrameElementBase::openURL(bool, bool)+0xe2) [0x7f8ea06e9022] STDERR: 14 0x7f8ea0544202 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xfc7202) [0x7f8ea0544202] STDERR: 15 0x7f8ea05443d9 /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(+0xfc73d9) [0x7f8ea05443d9] STDERR: 16 0x7f8ea05479cc /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::ContainerNode::appendChild(WTF::PassRefPtr<WebCore::Node>, int&, bool)+0x19c) [0x7f8ea05479cc] STDERR: 17 0x7f8ea059c87c /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::Node::appendChild(WTF::PassRefPtr<WebCore::Node>, int&, bool)+0x3c) [0x7f8ea059c87c] STDERR: 18 0x7f8ea03fbabb /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::JSNode::appendChild(JSC::ExecState*)+0x4b) [0x7f8ea03fbabb] STDERR: 19 0x7f8ea0f35a0b /home/webkitbuildbot/slaves/release64bitWebKit2_EC2/buildslave/qt-linux-64-release-webkit2/build/WebKitBuild/Release/lib/libQtWebKit.so.5(WebCore::jsNodePrototypeFunctionAppendChild(JSC::ExecState*)+0x5b) [0x7f8ea0f35a0b] STDERR: 20 0x7f8e52431258 [0x7f8e52431258]
Attachments
Patch (1.64 KB, patch)
2012-05-14 18:27 PDT, Dinu Jacob 		no flags
DetailsFormatted DiffDiff
Patch (2.38 KB, patch)
2012-05-14 18:34 PDT, Dinu Jacob 		no flags
DetailsFormatted DiffDiff
Patch (2.91 KB, patch)
2012-05-14 18:55 PDT, Dinu Jacob 		hausmann: review-
DetailsFormatted DiffDiff
Patch (3.16 KB, patch)
2012-05-15 06:24 PDT, Dinu Jacob 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Csaba Osztrogonác
Comment 1 2012-04-10 06:53:42 PDT
Skipped by http://trac.webkit.org/changeset/113712 Please unskip it with the proper fix.
Dinu Jacob
Comment 2 2012-05-14 18:19:44 PDT
DOMContentLoaded event handler adds an iframe. loadEvent handler removes this iframe and this causes the page to be detached from the frame. WebFrameNetworkingContext constructor tries to access the page of the frame resulting in the crash.
Dinu Jacob
Comment 3 2012-05-14 18:27:44 PDT
Created attachment 141833 [details] Patch
Dinu Jacob
Comment 4 2012-05-14 18:34:13 PDT
Created attachment 141834 [details] Patch
Dinu Jacob
Comment 5 2012-05-14 18:55:51 PDT
Created attachment 141839 [details] Patch
alan
Comment 6 2012-05-15 04:25:46 PDT
Comment on attachment 141839 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=141839&action=review > Source/WebKit2/WebProcess/WebCoreSupport/qt/WebFrameNetworkingContext.cpp:39 > + m_originatingObject->setProperty("pageID", qulonglong(frame->page()->pageID())); I think it's better to not to initiate the m_originatingObject, if we can't set the property on it. the caller, QtNetworkAccessManager::obtainOriginatingWebPage(), looks to handle the NULL case properly, while we would be querying an invalid pageID on the webprocess. Also if you check for frame here (and expecting it to be NULL), you should also be checking it a few lines above, when the parent c'tor is called with WebCore::Frame. However I think it's only the WebKit::WebPage which could be NULL (detached) here and not the WebKit::WebFrame. So if(frame->page()) should just do.
Simon Hausmann
Comment 7 2012-05-15 05:05:02 PDT
Comment on attachment 141839 [details] Patch I agree with Zalan, it's better to avoid constructing m_originatingObject. Otherwise it seems like a valid case/situation.
Dinu Jacob
Comment 8 2012-05-15 06:24:51 PDT
Created attachment 141946 [details] Patch
Dinu Jacob
Comment 9 2012-05-15 06:29:31 PDT
Thanks for the reviews. New patch attached.
Simon Hausmann
Comment 10 2012-05-15 06:51:55 PDT
Comment on attachment 141946 [details] Patch Thanks :)
WebKit Review Bot
Comment 11 2012-05-15 08:15:07 PDT
Comment on attachment 141946 [details] Patch Clearing flags on attachment: 141946 Committed r117070: <http://trac.webkit.org/changeset/117070>
WebKit Review Bot
Comment 12 2012-05-15 08:15:16 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.