Bug 138057
| Summary: | Crash when navigating to a new page while MathJax is still loading | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Patrick Ward <patrick> |
| Component: | JavaScriptCore | Assignee: | Nobody <webkit-unassigned> |
| Status: | NEW | ||
| Severity: | Normal | CC: | ap, fpizlo, mario, mark.lam, msaboff, patrick, philip.chimento |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
Patrick Ward
Pages with a significant amount of rendering being done with MathJax, like http://es.wikipedia.org/wiki/Constante_de_Planck, can cause libjavascriptcoregtk to hang and eventually crash if a link is clicked on the page while MathJax is still being rendered.
Steps to reproduce:
1) Navigate to http://es.wikipedia.org/wiki/Constante_de_Planck
2) While the page is still rendering MathJax, very quickly click on another link
3) If the hang does not happen right away, then keep trying to quickly clik on another link on the same page or any other page with a significant amount of rendering being done with MathJax
I am able to reliably reproduce the crash with the following stack trace:
(epiphany-browser:2321): GLib-CRITICAL **: Source ID 6706 was not found when attempting to remove it
1 0xb5637890 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(WTFCrash+0x20) [0xb5637890]
2 0xb5643458 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF11fastReallocEPvj+0x658) [0xb5643458]
3 0xb566f8b6 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF10StringImpl10reallocateENS_10PassRefPtrIS0_EEjRPh+0x46) [0xb566f8b6]
4 0xb5667f12 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF13StringBuilder16reallocateBufferIhEEvj+0x82) [0xb5667f12]
5 0xb566830a /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF13StringBuilder6appendEPKhj+0x14a) [0xb566830a]
6 0xb53a507e /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3JSC11Interpreter18stackTraceAsStringEPNS_9ExecStateEN3WTF6VectorINS_10StackFrameELj0ENS3_15CrashOnOverflowEEE+0x7e) [0xb53a507e]
7 0xb5504e56 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3JSC13ErrorInstance14finishCreationERNS_2VMERKN3WTF6StringENS3_6VectorINS_10StackFrameELj0ENS3_15CrashOnOverflowEEE+0x2e6) [0xb5504e56]
8 0xb55012ce /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3JSC11Interpreter20callErrorConstructorEPNS_9ExecStateE+0x16e) [0xb55012ce]
9 0xb53f3446 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(+0x339446) [0xb53f3446]
10 0xb53f4dee /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(linkFor+0x5e) [0xb53f4dee]
11 0xb53f3775 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(+0x339775) [0xb53f3775]
Note that the hang and crash do not happen when I navigate to the same page and quickly click on links in Chromium. Chromium still hangs briefly, but it does not crash and it correctly navigates to the next page. In one such instance, I saw a small notification in the lower left-hand corner of Chromium that a MathJax file failed to load. Chromium still successfully navigated to the next page.
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Patrick Ward
Adding a few people to the CC list who might be interested, according to the git log.
Philip Chimento
With 2.10.2 I'm not able to reproduce this; instead, I get the behaviour that Patrick reported for Chromium:
> hangs briefly, but it does not crash and it correctly navigates to the next page.