Bug 138057

Summary: Crash when navigating to a new page while MathJax is still loading
Product: WebKit Reporter: Patrick Ward <patrick>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: ap, fpizlo, mario, mark.lam, msaboff, patrick, philip.chimento
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   

Description Patrick Ward 2014-10-24 14:05:38 PDT 
Pages with a significant amount of rendering being done with MathJax, like http://es.wikipedia.org/wiki/Constante_de_Planck, can cause libjavascriptcoregtk to hang and eventually crash if a link is clicked on the page while MathJax is still being rendered.

Steps to reproduce:

1) Navigate to http://es.wikipedia.org/wiki/Constante_de_Planck
2) While the page is still rendering MathJax, very quickly click on another link
3) If the hang does not happen right away, then keep trying to quickly clik on another link on the same page or any other page with a significant amount of rendering being done with MathJax

I am able to reliably reproduce the crash with the following stack trace:

(epiphany-browser:2321): GLib-CRITICAL **: Source ID 6706 was not found when attempting to remove it
1   0xb5637890 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(WTFCrash+0x20) [0xb5637890]
2   0xb5643458 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF11fastReallocEPvj+0x658) [0xb5643458]
3   0xb566f8b6 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF10StringImpl10reallocateENS_10PassRefPtrIS0_EEjRPh+0x46) [0xb566f8b6]
4   0xb5667f12 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF13StringBuilder16reallocateBufferIhEEvj+0x82) [0xb5667f12]
5   0xb566830a /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF13StringBuilder6appendEPKhj+0x14a) [0xb566830a]
6   0xb53a507e /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3JSC11Interpreter18stackTraceAsStringEPNS_9ExecStateEN3WTF6VectorINS_10StackFrameELj0ENS3_15CrashOnOverflowEEE+0x7e) [0xb53a507e]
7   0xb5504e56 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3JSC13ErrorInstance14finishCreationERNS_2VMERKN3WTF6StringENS3_6VectorINS_10StackFrameELj0ENS3_15CrashOnOverflowEEE+0x2e6) [0xb5504e56]
8   0xb55012ce /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3JSC11Interpreter20callErrorConstructorEPNS_9ExecStateE+0x16e) [0xb55012ce]
9   0xb53f3446 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(+0x339446) [0xb53f3446]
10  0xb53f4dee /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(linkFor+0x5e) [0xb53f4dee]
11  0xb53f3775 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(+0x339775) [0xb53f3775]

Note that the hang and crash do not happen when I navigate to the same page and quickly click on links in Chromium. Chromium still hangs briefly, but it does not crash and it correctly navigates to the next page. In one such instance, I saw a small notification in the lower left-hand corner of Chromium that a MathJax file failed to load. Chromium still successfully navigated to the next page.
Comment 1 Patrick Ward 2014-10-24 14:30:32 PDT 
Adding a few people to the CC list who might be interested, according to the git log.
Comment 2 Philip Chimento 2016-01-08 17:04:12 PST 
With 2.10.2 I'm not able to reproduce this; instead, I get the behaviour that Patrick reported for Chromium:

> hangs briefly, but it does not crash and it correctly navigates to the next page.