17878 – REGRESSION: Acid3 sometimes crashes Webkit under WebCore::Loader::Host::cancelRequests

Bug 17878 - REGRESSION: Acid3 sometimes crashes Webkit under WebCore::Loader::Host::cancelRequests

Summary: REGRESSION: Acid3 sometimes crashes Webkit under WebCore::Loader::Host::cance...

Status:	VERIFIED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Page Loading (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Mac OS X 10.5

Importance:	P1 Major
Assignee:	Antti Koivisto

URL:	http://acid3.acidtests.org
Keywords:	Regression

Duplicates (1):	17910 (view as bug list)
Depends on:
Blocks:	Acid3
	Show dependency tree / graph

Reported:	2008-03-16 10:18 PDT by Robert Blaut
Modified:	2008-03-18 10:47 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
crash log (26.70 KB, text/plain) 2008-03-16 10:19 PDT, Robert Blaut	no flags	Details
crash log (r31090) (28.78 KB, text/plain) 2008-03-17 00:22 PDT, Robert Blaut	no flags	Details
speculative patch (1.54 KB, patch) 2008-03-17 02:26 PDT, Antti Koivisto	darin: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Blaut 2008-03-16 10:18:16 PDT

Acid3 during performing many reloads crashes Webkit r31078 under WebCore::Loader::Host::cancelRequests(WebCore::DocLoader*)

Steps to reproduce:
1) Load http://acid3.acidtests.org
2) Try to reload Acid3 test several times until crash ;)

Crash log attached

Comment 1 Robert Blaut 2008-03-16 10:19:19 PDT

Created attachment 19796 [details]
crash log

Comment 2 Antti Koivisto 2008-03-16 13:00:00 PDT


*** This bug has been marked as a duplicate of 17862 ***

Comment 3 Robert Blaut 2008-03-17 00:22:03 PDT

I reopen the bug. I'm still able to reproduce the crash in Webkit r31090. Fix for bug 17862 doesn't fix this bug, so probably this crash has different reason.

Comment 4 Robert Blaut 2008-03-17 00:22:38 PDT

Created attachment 19827 [details]
crash log (r31090)

Comment 5 Antti Koivisto 2008-03-17 01:40:41 PDT

I can't reproduce this with the current ToT no matter how much I reload.

Comment 6 Robert Blaut 2008-03-17 01:51:23 PDT

It's easier to reproduce if you frequently stop loading in the middle of loading the test and repeat loading. It will crash for sure. It often crashes around 60/100 - 69/100 score.

Comment 7 Antti Koivisto 2008-03-17 02:26:23 PDT

Created attachment 19828 [details]
speculative patch

I can't reproduce the crash or make a test case for this one but I'm pretty sure this is the problem. Essentially the same bug as 17862 except in didFail() instead of didFinishLoading().

Comment 8 Darin Adler 2008-03-17 07:41:53 PDT

Comment on attachment 19828 [details]
speculative patch

r=me

Comment 9 Antti Koivisto 2008-03-17 10:38:40 PDT

Sending        WebCore/ChangeLog
Sending        WebCore/loader/loader.cpp
Transmitting file data ..
Committed revision 31099.

Comment 10 Mark Rowe (bdash) 2008-03-18 10:47:03 PDT

*** Bug 17910 has been marked as a duplicate of this bug. ***