Bug 43117

Summary: Chromium regression when viewing a plugin document with plugins disabled
Product: WebKit Reporter: Bernhard Bauer <bauerb>
Component: Plug-insAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WONTFIX    
Severity: Normal CC: abarth, eric, fishd, schenney, tonyg
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: OS X 10.5   
Bug Depends on:    
Bug Blocks: 43797    
Attachments:
Description Flags
Remove assertion from PluginDocumentParser::appendBytes
eric: review-
Call DocumentWriter::addData only once. abarth: review-

Bernhard Bauer
Reported 2010-07-28 06:26:30 PDT
There's a renderer crash in Chromium when opening a plugin document with plugins disabled (http://crbug.com/50497). I've bisected it to http://trac.webkit.org/changeset/61913 (ignore the commit message, it has nothing to do with the change).
Attachments
Remove assertion from PluginDocumentParser::appendBytes (970 bytes, patch)
2010-08-05 07:23 PDT, Bernhard Bauer 		eric: review-
DetailsFormatted DiffDiff
Call DocumentWriter::addData only once. (1.54 KB, patch)
2010-08-10 10:05 PDT, Bernhard Bauer 		abarth: review-
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Bernhard Bauer
Comment 1 2010-07-28 06:41:11 PDT
The crash is a failed ASSERT(!m_embedElement) in PluginDocumentParser::appendBytes. It seems that this method is called more than once, but it sets m_embedElement, so the assertion fails the second time.
Eric Seidel (no email)
Comment 2 2010-07-28 07:16:34 PDT
Thank you! I'll take a look later today.
Bernhard Bauer
Comment 3 2010-08-05 07:23:53 PDT
Created attachment 63588 [details] Remove assertion from PluginDocumentParser::appendBytes I looked into it a bit, and I think that simply removing the failing ASSERT would be the right thing to do. appendBytes is called from FrameLoader::addData and from DocumentWriter::endIfNotLoadingMainResource (with a NULL string in the latter case), so the assumption that appendBytes is not called more than once is definitely not true. On the next line is a check that returns if m_embedElement already exists, so we also don't end up creating the document more than once.
Adam Barth
Comment 4 2010-08-05 09:45:51 PDT
Comment on attachment 63588 [details] Remove assertion from PluginDocumentParser::appendBytes LGTM. Eric might want to look too. Do we not have a way of testing with plugins disabled?
Eric Seidel (no email)
Comment 5 2010-08-05 10:37:47 PDT
Comment on attachment 63588 [details] Remove assertion from PluginDocumentParser::appendBytes If the "fix" is to remove the ASSERT, we should instead replace it with: ASSERT_ARG(length, !m_embedElement || !length);
Eric Seidel (no email)
Comment 6 2010-08-05 10:39:01 PDT
That ASSERT predates my touching this code. It was wrong of me to cause this to be called twice, since that ASSERT was trying to guard against that. I'm not sure if both calls make sense. The reason why it's being called twice now is that before "raw" parsers had their own special call which was only made in one place. Now all parsers get the raw bytes and only DecodedDataDocumentParsers bother to decode the raw bytes.
Bernhard Bauer
Comment 7 2010-08-10 10:05:30 PDT
Created attachment 64022 [details] Call DocumentWriter::addData only once. Okay, how about we do the simplest thing that could work, and just call addData only once?
Adam Barth
Comment 8 2010-08-10 11:09:17 PDT
Comment on attachment 64022 [details] Call DocumentWriter::addData only once. Please add a test and more descriptive ChangeLog entry. That line you're removing is required for the old parser to function properly. We're not quite ready to remove the old parser. There are still a couple things left that depend on it. Eric and I are working to remove all the dependencies so we can remove it.
Eric Seidel (no email)
Comment 9 2010-11-03 14:34:17 PDT
The old parser is gone.
Eric Seidel (no email)
Comment 10 2010-11-03 14:39:52 PDT
I don't think your patch still applies. But I suspect this approach could be OK. I'm not sure how we get the decoder to flush if we don't use this fake addData call.
Note You need to log in before you can comment on or make changes to this bug.