54884 2011-02-21 09:05:57 -0800 plugins/get-url-with-javascript-destroying-plugin.html crashing on Windows since it was added 2011-02-21 10:39:55 -0800 1 1 1 Unclassified WebKit Plug-ins 528+ (Nightly build) PC Windows XP RESOLVED FIXED http://build.webkit.org/results/Windows%207%20Release%20(Tests)/r79222%20(9584)/results.html InRadar, LayoutTestFailure, PlatformOnly P2 Normal --- 54863 1 aroben webkit-unassigned andersca jhoneycutt ossy oldest_to_newest 354621 0 aroben 2011-02-21 09:05:57 -0800 plugins/get-url-with-javascript-destroying-plugin.html has been crashing on Windows since it was added in r79157. run-webkit-tests is falsely saying that the test immediately following this one is crashing. But plugins/get-url-with-javascript-destroying-plugin.html is the culprit; if you run it on its own it crashes. 354622 1 aroben 2011-02-21 09:06:15 -0800 Here's the backtrace: ntdll.dll!_RtlpWaitForCriticalSection@4() + 0x5b bytes ntdll.dll!_RtlEnterCriticalSection@4() + 0x46 bytes > JavaScriptCore.dll!WTF::Mutex::lock() Line 290 + 0xc bytes C++ WebKit.dll!WTF::Locker<WTF::Mutex>::Locker<WTF::Mutex>(WTF::Mutex & lockable={...}) Line 38 + 0x20 bytes C++ WebKit.dll!WTF::HashTable<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::IdentityExtractor<WTF::RefPtr<WebCore::PluginStream> >,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> > >::invalidateIterators() Line 1054 C++ WebKit.dll!WTF::HashTable<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::IdentityExtractor<WTF::RefPtr<WebCore::PluginStream> >,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> > >::add<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::IdentityHashTranslator<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> > > >(const WTF::RefPtr<WebCore::PluginStream> & key=0x06cac300 {m_resourceRequest={...} m_resourceResponse={...} m_client=0x06c80bb8 ...}, const WTF::RefPtr<WebCore::PluginStream> & extra=0x06cac300 {m_resourceRequest={...} m_resourceResponse={...} m_client=0x06c80bb8 ...}) Line 634 C++ WebKit.dll!WTF::HashTable<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::IdentityExtractor<WTF::RefPtr<WebCore::PluginStream> >,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> > >::add(const WTF::RefPtr<WebCore::PluginStream> & value=0x06cac300 {m_resourceRequest={...} m_resourceResponse={...} m_client=0x06c80bb8 ...}) Line 317 + 0x2b bytes C++ WebKit.dll!WTF::HashSet<WTF::RefPtr<WebCore::PluginStream>,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> > >::add(const WTF::RefPtr<WebCore::PluginStream> & value=0x06cac300 {m_resourceRequest={...} m_resourceResponse={...} m_client=0x06c80bb8 ...}) Line 180 + 0x10 bytes C++ WebKit.dll!WebCore::PluginView::performRequest(WebCore::PluginRequest * request=0x053858d0) Line 488 + 0x1c bytes C++ WebKit.dll!WebCore::PluginView::requestTimerFired(WebCore::Timer<WebCore::PluginView> * timer=0x06c80c48) Line 508 C++ WebKit.dll!WebCore::Timer<WebCore::PluginView>::fired() Line 100 + 0x29 bytes C++ WebKit.dll!WebCore::ThreadTimers::sharedTimerFiredInternal() Line 112 + 0xf bytes C++ WebKit.dll!WebCore::ThreadTimers::sharedTimerFired() Line 91 C++ WebKit.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x00130af6, unsigned int message=49590, unsigned int wParam=0, long lParam=0) Line 103 + 0x8 bytes C++ user32.dll!_InternalCallWinProc@20() + 0x28 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_DispatchMessageWorker@8() + 0xdc bytes user32.dll!_DispatchMessageW@4() + 0xf bytes DumpRenderTree.exe!runTest(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & testPathOrURL="c:\Documents and Settings\Adam Roben\dev\WebKit\OpenSource\LayoutTests\plugins\get-url-with-javascript-destroying-plugin.html") Line 993 + 0xf bytes C++ DumpRenderTree.exe!main(int argc=2, char * * argv=0x050febc8) Line 1370 + 0x28 bytes C++ DumpRenderTree.exe!__tmainCRTStartup() Line 597 + 0x17 bytes C kernel32.dll!_BaseProcessStart@4() + 0x23 bytes 354624 2 aroben 2011-02-21 09:07:13 -0800 Presumably the call to ScriptController::executeScript in PluginView::performRequest caused the plugin to be deleted. 354632 3 aroben 2011-02-21 09:23:36 -0800 We could probably fix this by reffing the PluginView inside requestTimerFired. But that feels icky. 354633 4 aroben 2011-02-21 09:24:19 -0800 <rdar://problem/9030864> 354641 5 83174 aroben 2011-02-21 09:40:16 -0800 Created attachment 83174 Protect the PluginView when evaluating javascript: URLs 354648 6 aroben 2011-02-21 09:49:44 -0800 Committed r79231: <http://trac.webkit.org/changeset/79231> 354650 7 alex 2011-02-21 09:55:57 -0800 *** Bug 54863 has been marked as a duplicate of this bug. *** 83174 2011-02-21 09:40:16 -0800 2011-02-21 09:44:01 -0800 Protect the PluginView when evaluating javascript: URLs bug-54884-20110221124017.patch text/plain 2179 aroben U3VidmVyc2lvbiBSZXZpc2lvbjogNzkyMjUKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwppbmRleCBiMGQwMDQ5MGJhNTdlMmQz MWM4MmE2NzIwMjU1YWM5MmYxZjM0OTg1Li45YWMxODY0NTA0NjhlZjk5MjM4ZTYxZTg4NDY5OWU0 OGFlZjA4ZDI1IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvU291 cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTcgQEAKKzIwMTEtMDItMjEgIEFkYW0g Um9iZW4gIDxhcm9iZW5AYXBwbGUuY29tPgorCisgICAgICAgIFByb3RlY3QgdGhlIFBsdWdpblZp ZXcgd2hlbiBldmFsdWF0aW5nIGphdmFzY3JpcHQ6IFVSTHMKKworICAgICAgICBGaXhlcyA8aHR0 cDovL3dlYmtpdC5vcmcvYi81NDg4ND4gPHJkYXI6Ly9wcm9ibGVtLzkwMzA4NjQ+CisgICAgICAg IHBsdWdpbnMvZ2V0LXVybC13aXRoLWphdmFzY3JpcHQtZGVzdHJveWluZy1wbHVnaW4uaHRtbCBj cmFzaGluZyBvbiBXaW5kb3dzIHNpbmNlIGl0IHdhcworICAgICAgICBhZGRlZAorCisgICAgICAg IFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgICogcGx1Z2lucy9QbHVnaW5W aWV3LmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OlBsdWdpblZpZXc6OnBlcmZvcm1SZXF1ZXN0KTog UHJvdGVjdCB0aGUgUGx1Z2luVmlldywgbm90IGp1c3QgaXRzIHBhcmVudCBmcmFtZSwKKyAgICAg ICAgd2hlbiBldmFsdWF0aW5nIGphdmFzY3JpcHQ6IFVSTHMuCisKIDIwMTEtMDItMDggIEFudG9u IE11aGluICA8YW50b25tQGNocm9taXVtLm9yZz4KIAogICAgICAgIFJldmlld2VkIGJ5IEFkYW0g QmFydGggYW5kIEFsZXhleSBQcm9za3VyeWFrb3YuCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29y ZS9wbHVnaW5zL1BsdWdpblZpZXcuY3BwIGIvU291cmNlL1dlYkNvcmUvcGx1Z2lucy9QbHVnaW5W aWV3LmNwcAppbmRleCA5ZTE5ZTNlYmZjNDUwOTgzNzQwYTg2NGMwOTJlZGNiZDJhZmM1YTA1Li4x MmVjYjg2NDE0MzlkM2NlNDMyM2U3MjkxMjk2MDE0OTY0MDJlNGM3IDEwMDY0NAotLS0gYS9Tb3Vy Y2UvV2ViQ29yZS9wbHVnaW5zL1BsdWdpblZpZXcuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL3Bs dWdpbnMvUGx1Z2luVmlldy5jcHAKQEAgLTQ2OCwxNSArNDY4LDE1IEBAIHZvaWQgUGx1Z2luVmll dzo6cGVyZm9ybVJlcXVlc3QoUGx1Z2luUmVxdWVzdCogcmVxdWVzdCkKICAgICAvLyBhbmQgdGhp cyBoYXMgYmVlbiBtYWRlIHN1cmUgaW4gOjpsb2FkLgogICAgIEFTU0VSVCh0YXJnZXRGcmFtZU5h bWUuaXNFbXB0eSgpIHx8IG1fcGFyZW50RnJhbWUtPnRyZWUoKS0+ZmluZCh0YXJnZXRGcmFtZU5h bWUpID09IG1fcGFyZW50RnJhbWUpOwogICAgIAotICAgIC8vIEV4ZWN1dGluZyBhIHNjcmlwdCBj YW4gY2F1c2UgdGhlIHBsdWdpbiB2aWV3IHRvIGJlIGRlc3Ryb3llZCwgc28gd2Uga2VlcCBhIHJl ZmVyZW5jZSB0byB0aGUgcGFyZW50IGZyYW1lLgotICAgIFJlZlB0cjxGcmFtZT4gcGFyZW50RnJh bWUgPSBtX3BhcmVudEZyYW1lOworICAgIC8vIEV4ZWN1dGluZyBhIHNjcmlwdCBjYW4gY2F1c2Ug dGhlIHBsdWdpbiB2aWV3IHRvIGJlIGRlc3Ryb3llZCwgc28gd2Uga2VlcCBhIHJlZmVyZW5jZSB0 byBpdC4KKyAgICBSZWZQdHI8UGx1Z2luVmlldz4gcHJvdGVjdG9yKHRoaXMpOwogICAgIFNjcmlw dFZhbHVlIHJlc3VsdCA9IG1fcGFyZW50RnJhbWUtPnNjcmlwdCgpLT5leGVjdXRlU2NyaXB0KGpz U3RyaW5nLCByZXF1ZXN0LT5zaG91bGRBbGxvd1BvcHVwcygpKTsKIAogICAgIGlmICh0YXJnZXRG cmFtZU5hbWUuaXNOdWxsKCkpIHsKICAgICAgICAgU3RyaW5nIHJlc3VsdFN0cmluZzsKIAogI2lm IFVTRShKU0MpCi0gICAgICAgIFNjcmlwdFN0YXRlKiBzY3JpcHRTdGF0ZSA9IHBhcmVudEZyYW1l LT5zY3JpcHQoKS0+Z2xvYmFsT2JqZWN0KHBsdWdpbldvcmxkKCkpLT5nbG9iYWxFeGVjKCk7Cisg ICAgICAgIFNjcmlwdFN0YXRlKiBzY3JpcHRTdGF0ZSA9IG1fcGFyZW50RnJhbWUtPnNjcmlwdCgp LT5nbG9iYWxPYmplY3QocGx1Z2luV29ybGQoKSktPmdsb2JhbEV4ZWMoKTsKICNlbGlmIFVTRShW OCkKICAgICAgICAgU2NyaXB0U3RhdGUqIHNjcmlwdFN0YXRlID0gMDsgLy8gTm90IHVzZWQgd2l0 aCBWOAogI2VuZGlmCg==