Bug 110949

Summary: HTMLDocumentParser::didReceiveParsedChunkFromBackgroundParser can trigger ASSERT(m_speculations.isEmpty())
Product: WebKit Reporter: Adam Barth <abarth>
Component: New BugsAssignee: Adam Barth <abarth>
Status: RESOLVED FIXED    
Severity: Normal CC: eric, esprehn+autocc, ojan.autocc, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 106127    
Attachments:
Description Flags
Patch none

Description Adam Barth 2013-02-26 23:44:39 PST 
HTMLDocumentParser::didReceiveParsedChunkFromBackgroundParser can trigger ASSERT(m_speculations.isEmpty())
Comment 1 Eric Seidel (no email) 2013-02-26 23:46:39 PST 
Unpossible!  There can be no bügs!
Comment 2 Adam Barth 2013-02-26 23:50:37 PST 
Created attachment 190454 [details]
Patch
Comment 3 Eric Seidel (no email) 2013-02-26 23:59:45 PST 
Comment on attachment 190454 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=190454&action=review

> Source/WebCore/html/parser/HTMLDocumentParser.cpp:311
> +    if (isWaitingForScripts() || !m_speculations.isEmpty()) {

I see.  So we've yielded all the way out to the event loop and are getting more data from teh background parser.  I'm sure we hit this all the time in the wild and may be a source of all sorts of bad behavior!
Comment 4 Adam Barth 2013-02-27 00:02:24 PST 
Yep.
Comment 5 WebKit Review Bot 2013-02-27 01:23:50 PST 
Comment on attachment 190454 [details]
Patch

Clearing flags on attachment: 190454

Committed r144158: <http://trac.webkit.org/changeset/144158>
Comment 6 WebKit Review Bot 2013-02-27 01:23:54 PST 
All reviewed patches have been landed.  Closing bug.