Bug 22073

Summary:

REGRESSION(r33544): Palace in the Sky crashes WebKit

Product:

WebKit

Reporter:

Trevor Downs <cyberskull>

Component:

Page Loading

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

blair.thiessen, i_nick, jchaffraix, koivisto, kristoffer

Priority:

Keywords:

InRadar, Regression

Version:

528+ (Nightly build)

Hardware:

Mac

OS:

OS X 10.5

URL:

http://www.palaceinthesky.com/top-humor-webcomics.php

Attachments:

Description	Flags
This is the page that crashed.	none
Crash log	none
patch	darin: review+

Trevor Downs

Reported 2008-11-04 21:52:18 PST

http://www.palaceinthesky.com/top-humor-webcomics.php has caused WebKit to crash repeatedly. Attached will be a copy of the page and the crash logs. To recreate: Go to http://www.palaceinthesky.com/top-humor-webcomics.php Browser should crash before page finishes loading.

Attachments
This is the page that crashed. (3.83 KB, text/html) 2008-11-04 21:53 PST, Trevor Downs	no flags	Details
Crash log (105.92 KB, text/plain) 2008-11-04 21:55 PST, Trevor Downs	no flags	Details
patch (5.21 KB, patch) 2008-11-24 19:56 PST, Antti Koivisto	darin: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Trevor Downs

Comment 1 2008-11-04 21:53:25 PST

Created attachment 24903 [details] This is the page that crashed.

Trevor Downs

Comment 2 2008-11-04 21:55:37 PST

Created attachment 24904 [details] Crash log These are some of the crash logs from trying to open this site.

Trevor Downs

Comment 3 2008-11-07 02:15:09 PST

It looks like I am getting the same crash from http://galaxioncomics.com/?p=232

Julien Chaffraix

Comment 4 2008-11-23 17:11:08 PST

Confirmed on Tip-Of-Trunk: the page attached to the bug does not crash for me but one of the link pasted does. Trying it with a debug build, I get an assertion failure: ASSERTION FAILED: !m_pendingScripts.isEmpty() (/Users/jchaffraix/WebKitTrunk/WebCore/html/HTMLTokenizer.cpp:1954 virtual void WebCore::HTMLTokenizer::notifyFinished(WebCore::CachedResource*)) Moving it to P1 as it is a crasher.

Mark Rowe (bdash)

Comment 5 2008-11-24 03:23:12 PST

*** Bug 22447 has been marked as a duplicate of this bug. ***

Mark Rowe (bdash)

Comment 6 2008-11-24 05:32:03 PST

Regressed in r33544: <http://trac.webkit.org/changeset/33544>.

Mark Rowe (bdash)

Comment 7 2008-11-24 05:32:17 PST

<rdar://problem/6396330>

Antti Koivisto

Comment 8 2008-11-24 19:56:38 PST

Created attachment 25468 [details] patch

Darin Adler

Comment 9 2008-11-24 22:13:35 PST

Comment on attachment 25468 [details] patch r=me

Antti Koivisto

Comment 10 2008-11-25 00:13:26 PST

Sending LayoutTests/ChangeLog Adding LayoutTests/fast/tokenizer/nested-cached-scripts-and-stylesheet-expected.txt Adding LayoutTests/fast/tokenizer/nested-cached-scripts-and-stylesheet.html Adding LayoutTests/fast/tokenizer/resources/load-stylesheet-and-document-write-script.js Sending WebCore/ChangeLog Sending WebCore/html/HTMLTokenizer.cpp Transmitting file data ...... Committed revision 38748.

Antti Koivisto

Comment 11 2008-11-27 12:13:02 PST

*** Bug 21992 has been marked as a duplicate of this bug. ***

Cameron Zwarich (cpst)

Comment 12 2008-11-30 09:47:51 PST

*** Bug 19518 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.