Bug 17878

Summary: REGRESSION: Acid3 sometimes crashes Webkit under WebCore::Loader::Host::cancelRequests
Product: WebKit Reporter: Robert Blaut <webkit>
Component: Page LoadingAssignee: Antti Koivisto <koivisto>
Status: VERIFIED FIXED    
Severity: Major CC: koivisto, michael.zedler
Priority: P1 Keywords: Regression
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
URL: http://acid3.acidtests.org
Bug Depends on:    
Bug Blocks: 17064    
Attachments:
Description Flags
crash log
none
crash log (r31090)
none
speculative patch darin: review+

Description Robert Blaut 2008-03-16 10:18:16 PDT 
Acid3 during performing many reloads crashes Webkit r31078 under WebCore::Loader::Host::cancelRequests(WebCore::DocLoader*)

Steps to reproduce:
1) Load http://acid3.acidtests.org
2) Try to reload Acid3 test several times until crash ;)

Crash log attached
Comment 1 Robert Blaut 2008-03-16 10:19:19 PDT 
Created attachment 19796 [details]
crash log
Comment 2 Antti Koivisto 2008-03-16 13:00:00 PDT 

*** This bug has been marked as a duplicate of 17862 ***
Comment 3 Robert Blaut 2008-03-17 00:22:03 PDT 
I reopen the bug. I'm still able to reproduce the crash in Webkit r31090. Fix for bug 17862 doesn't fix this bug, so probably this crash has different reason.
Comment 4 Robert Blaut 2008-03-17 00:22:38 PDT 
Created attachment 19827 [details]
crash log (r31090)
Comment 5 Antti Koivisto 2008-03-17 01:40:41 PDT 
I can't reproduce this with the current ToT no matter how much I reload.
Comment 6 Robert Blaut 2008-03-17 01:51:23 PDT 
It's easier to reproduce if you frequently stop loading in the middle of loading the test and repeat loading. It will crash for sure. It often crashes around 60/100 - 69/100 score.
Comment 7 Antti Koivisto 2008-03-17 02:26:23 PDT 
Created attachment 19828 [details]
speculative patch

I can't reproduce the crash or make a test case for this one but I'm pretty sure this is the problem. Essentially the same bug as 17862 except in didFail() instead of didFinishLoading().
Comment 8 Darin Adler 2008-03-17 07:41:53 PDT 
Comment on attachment 19828 [details]
speculative patch

r=me
Comment 9 Antti Koivisto 2008-03-17 10:38:40 PDT 
Sending        WebCore/ChangeLog
Sending        WebCore/loader/loader.cpp
Transmitting file data ..
Committed revision 31099.
Comment 10 Mark Rowe (bdash) 2008-03-18 10:47:03 PDT 
*** Bug 17910 has been marked as a duplicate of this bug. ***