Bug 22073

Summary: REGRESSION(r33544): Palace in the Sky crashes WebKit
Product: WebKit Reporter: Trevor Downs <cyberskull>
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: blair.thiessen, i_nick, jchaffraix, koivisto, kristoffer
Priority: P1 Keywords: InRadar, Regression
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
URL: http://www.palaceinthesky.com/top-humor-webcomics.php
Attachments:
Description Flags
This is the page that crashed.
none
Crash log
none
patch darin: review+

Description Trevor Downs 2008-11-04 21:52:18 PST 
http://www.palaceinthesky.com/top-humor-webcomics.php has caused WebKit to crash repeatedly. Attached will be a copy of the page and the crash logs.

To recreate: Go to http://www.palaceinthesky.com/top-humor-webcomics.php
Browser should crash before page finishes loading.
Comment 1 Trevor Downs 2008-11-04 21:53:25 PST 
Created attachment 24903 [details]
This is the page that crashed.
Comment 2 Trevor Downs 2008-11-04 21:55:37 PST 
Created attachment 24904 [details]
Crash log

These are some of the crash logs from trying to open this site.
Comment 3 Trevor Downs 2008-11-07 02:15:09 PST 
It looks like I am getting the same crash from http://galaxioncomics.com/?p=232
Comment 4 Julien Chaffraix 2008-11-23 17:11:08 PST 
Confirmed on Tip-Of-Trunk: the page attached to the bug does not crash for me but one of the link pasted does. Trying it with a debug build, I get an assertion failure:

ASSERTION FAILED: !m_pendingScripts.isEmpty()
(/Users/jchaffraix/WebKitTrunk/WebCore/html/HTMLTokenizer.cpp:1954 virtual void WebCore::HTMLTokenizer::notifyFinished(WebCore::CachedResource*))

Moving it to P1 as it is a crasher.
Comment 5 Mark Rowe (bdash) 2008-11-24 03:23:12 PST 
*** Bug 22447 has been marked as a duplicate of this bug. ***
Comment 6 Mark Rowe (bdash) 2008-11-24 05:32:03 PST 
Regressed in r33544: <http://trac.webkit.org/changeset/33544>.
Comment 7 Mark Rowe (bdash) 2008-11-24 05:32:17 PST 
<rdar://problem/6396330>
Comment 8 Antti Koivisto 2008-11-24 19:56:38 PST 
Created attachment 25468 [details]
patch
Comment 9 Darin Adler 2008-11-24 22:13:35 PST 
Comment on attachment 25468 [details]
patch

r=me
Comment 10 Antti Koivisto 2008-11-25 00:13:26 PST 
Sending        LayoutTests/ChangeLog
Adding         LayoutTests/fast/tokenizer/nested-cached-scripts-and-stylesheet-expected.txt
Adding         LayoutTests/fast/tokenizer/nested-cached-scripts-and-stylesheet.html
Adding         LayoutTests/fast/tokenizer/resources/load-stylesheet-and-document-write-script.js
Sending        WebCore/ChangeLog
Sending        WebCore/html/HTMLTokenizer.cpp
Transmitting file data ......
Committed revision 38748.
Comment 11 Antti Koivisto 2008-11-27 12:13:02 PST 
*** Bug 21992 has been marked as a duplicate of this bug. ***
Comment 12 Cameron Zwarich (cpst) 2008-11-30 09:47:51 PST 
*** Bug 19518 has been marked as a duplicate of this bug. ***