Bug 14149 - multipart/x-mixed-replace responses that switch content-types are not handled properly
Summary: multipart/x-mixed-replace responses that switch content-types are not handled...
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: 523.x (Safari 3)
Hardware: Mac OS X 10.4
: P2 Normal
Assignee: Nobody
URL:
Keywords: HasReduction, InRadar
: 31015 (view as bug list)
Depends on:
Blocks:
 
Reported: 2007-06-14 14:35 PDT by David Kilzer (:ddkilzer)
Modified: 2010-08-16 10:26 PDT (History)
5 users (show)

See Also:


Attachments
Test case (CGI script) (610 bytes, text/perl)
2007-06-14 14:37 PDT, David Kilzer (:ddkilzer)
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description David Kilzer (:ddkilzer) 2007-06-14 14:35:37 PDT
* SUMMARY
An http response that switches between different content-types is not handled correctly.  The first example goes from text/plain to text/html to text/plain.  (This may be related to Bug 4151.)

* STEPS TO REPRODUCE
1. Launch Safari/WebKit.
2. Access CGI script attachment on a web server.

* EXPECTED RESULTS
The URL should display a text/plain page with "1. text/plain", then a text/html page with "2. text/html", and finally a text/plain page with "3. text/plain".

* ACTUAL RESULTS
On a debug build of WebKit r23528 with Safari 3.0 (522.11) on Mac OS X 10.4.9 (8P135), an assert fires.

On Safari 3.0 (522.11) on Mac OS X 10.4.9 (8P135), it prints "--", then "2. text/html", then adds a plain text "--" to the page with "2. text/html".

* REGRESSION
Not tested with Safari 2.0.4 (419.3) yet.

* NOTES
This may be related to Bug 4151.

Console output from debug build:

ASSERTION FAILED: m_frame->document()->parsing()
(/path/to/WebKit/WebCore/loader/FrameLoader.cpp:1597 addData)
Segmentation fault

Stack trace from debug build:

Version:        3.0 (522.11)
Build Version:  2
Project Name:   WebBrowser
Source Version: 45221100

PID:    9319
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0xbbadbeef

Thread 0 Crashed:
0   com.apple.WebCore        	0x0149f1d0 WebCore::FrameLoader::addData(char const*, int) + 296 (FrameLoader.cpp:1597)
1   com.apple.WebCore        	0x0111f6a8 -[WebCoreFrameBridge addData:] + 232 (WebCoreFrameBridge.mm:290)
2   com.apple.WebCore        	0x011282dc -[WebCoreFrameBridge receivedData:textEncodingName:] + 316 (WebCoreFrameBridge.mm:1432)
3   com.apple.WebKit         	0x00343aa4 -[WebHTMLRepresentation finishedLoadingWithDataSource:] + 368 (WebHTMLRepresentation.mm:236)
4   com.apple.WebKit         	0x0033a9b8 -[WebDataSource(WebInternal) _finishedLoading] + 112 (WebDataSource.mm:169)
5   com.apple.WebKit         	0x003c7ad0 WebFrameLoaderClient::finishedLoading(WebCore::DocumentLoader*) + 76
6   com.apple.WebCore        	0x014939e0 WebCore::FrameLoader::finishedLoadingDocument(WebCore::DocumentLoader*) + 76 (FrameLoader.cpp:2660)
7   com.apple.WebCore        	0x014ab6cc WebCore::DocumentLoader::finishedLoading() + 84 (DocumentLoader.cpp:318)
8   com.apple.WebCore        	0x0149cc3c WebCore::FrameLoader::finishedLoading() + 96 (FrameLoader.cpp:2602)
9   com.apple.WebCore        	0x014abd3c WebCore::MainResourceLoader::didFinishLoading() + 272 (MainResourceLoader.cpp:304)
10  com.apple.WebCore        	0x014adeb8 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) + 60
11  com.apple.WebCore        	0x01482a60 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 144 (ResourceHandleMac.mm:370)
12  com.apple.Foundation     	0x92c1589c -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 188
13  com.apple.Foundation     	0x92c13b08 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 556
14  com.apple.Foundation     	0x92c13860 _sendCallbacks + 156
15  com.apple.CoreFoundation 	0x907df4fc __CFRunLoopDoSources0 + 384
16  com.apple.CoreFoundation 	0x907dea2c __CFRunLoopRun + 452
17  com.apple.CoreFoundation 	0x907de4ac CFRunLoopRunSpecific + 268
18  com.apple.HIToolbox      	0x9329bb20 RunCurrentEventLoopInMode + 264
19  com.apple.HIToolbox      	0x9329b1b4 ReceiveNextEventCommon + 380
20  com.apple.HIToolbox      	0x9329b020 BlockUntilNextEventMatchingListInMode + 96
21  com.apple.AppKit         	0x937a1ae4 _DPSNextEvent + 384
22  com.apple.AppKit         	0x937a17a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
23  com.apple.Safari         	0x00006770 0x1000 + 22384
24  com.apple.AppKit         	0x9379dcec -[NSApplication run] + 472
25  com.apple.AppKit         	0x9388e87c NSApplicationMain + 452
26  com.apple.Safari         	0x0000244c 0x1000 + 5196
27  com.apple.Safari         	0x0004f1b0 0x1000 + 319920
Comment 1 David Kilzer (:ddkilzer) 2007-06-14 14:37:44 PDT
Created attachment 15032 [details]
Test case (CGI script)

This is a Perl script that should be saved on a web server and executed as a CGI script.

It requires Perl and the CGI.pm module.
Comment 2 David Kilzer (:ddkilzer) 2007-06-14 14:39:48 PDT
Note that this works fine in Firefox 2.0.0.4 and Opera 9.21 on Mac OS X 10.4.9 (8P135).

It would be interesting to know if this works on MSIE 6/7.

Comment 3 Mark Rowe (bdash) 2007-06-14 15:27:15 PDT
<rdar://problem/5271175>
Comment 4 David Kilzer (:ddkilzer) 2007-06-14 22:34:24 PDT
(In reply to comment #0)
> * NOTES
> This may be related to Bug 4151.

It is not related to Bug 4151.

Comment 5 Matt Lilek 2007-08-30 18:26:29 PDT
I'm hitting this when I click either of the links at <http://nerget.com/editable_svg.html>.
Comment 6 mitz 2007-08-30 23:49:17 PDT
If I remember correctly, you also hit that assert if you load a standalone multipart/x-mixed-replace image in an iframe.
Comment 7 David Kilzer (:ddkilzer) 2007-12-18 05:20:48 PST
May  be related to Bug 14392.

Comment 8 David Levin 2009-11-02 10:33:15 PST
*** Bug 31015 has been marked as a duplicate of this bug. ***