Bug 110949

Summary: HTMLDocumentParser::didReceiveParsedChunkFromBackgroundParser can trigger ASSERT(m_speculations.isEmpty())
Product: WebKit Reporter: Adam Barth <abarth>
Component: New BugsAssignee: Adam Barth <abarth>
Severity: Normal CC: eric, esprehn+autocc, ojan.autocc, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 106127    
Description Flags
Patch none

Description Adam Barth 2013-02-26 23:44:39 PST
HTMLDocumentParser::didReceiveParsedChunkFromBackgroundParser can trigger ASSERT(m_speculations.isEmpty())
Comment 1 Eric Seidel (no email) 2013-02-26 23:46:39 PST
Unpossible!  There can be no bügs!
Comment 2 Adam Barth 2013-02-26 23:50:37 PST
Created attachment 190454 [details]
Comment 3 Eric Seidel (no email) 2013-02-26 23:59:45 PST
Comment on attachment 190454 [details]

View in context: https://bugs.webkit.org/attachment.cgi?id=190454&action=review

> Source/WebCore/html/parser/HTMLDocumentParser.cpp:311
> +    if (isWaitingForScripts() || !m_speculations.isEmpty()) {

I see.  So we've yielded all the way out to the event loop and are getting more data from teh background parser.  I'm sure we hit this all the time in the wild and may be a source of all sorts of bad behavior!
Comment 4 Adam Barth 2013-02-27 00:02:24 PST
Comment 5 WebKit Review Bot 2013-02-27 01:23:50 PST
Comment on attachment 190454 [details]

Clearing flags on attachment: 190454

Committed r144158: <http://trac.webkit.org/changeset/144158>
Comment 6 WebKit Review Bot 2013-02-27 01:23:54 PST
All reviewed patches have been landed.  Closing bug.