Bug 49084

Summary: Crash in documentWillBecomeInactive() when closing window with Reader showing content with SVG
Product: WebKit Reporter: Matthew Delaney <mdelaney7>
Component: SVGAssignee: Matthew Delaney <mdelaney7>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, ap, mdelaney7, simon.fraser, zimmermann
Priority: P1 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: All   
OS: OS X 10.6   
Bug Depends on:    
Bug Blocks: 49346    
Attachments:
Description Flags
Simplified testcase
none
crash log
none
Patch darin: review+

Matthew Delaney
Reported 2010-11-05 11:51:30 PDT
Crash from these steps: 1. Load http://webkit.org/blog/1273/the-html5-parsing-algorithm/ 2. Enter Reader 3. Close window. Currently only seeing this in a debug build of webkit. <rdar://problem/8422888>
Attachments
Simplified testcase (2.27 KB, application/zip)
2010-11-05 11:56 PDT, Matthew Delaney 		no flags
Details
crash log (40.90 KB, text/plain)
2010-11-09 13:06 PST, Alexey Proskuryakov 		no flags
Details
Patch (4.25 KB, patch)
2010-11-10 11:20 PST, Matthew Delaney 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Matthew Delaney
Comment 1 2010-11-05 11:56:12 PDT
Created attachment 73095 [details] Simplified testcase Here's a simplified testcase using iframes.
Matthew Delaney
Comment 2 2010-11-05 14:04:26 PDT
I lied. That testcase doesn't work. I have the code fix, but still working on creating a reduced testcase for the bots to use.
Alexey Proskuryakov
Comment 3 2010-11-05 23:18:35 PDT
Could you please attach a crash log?
Alexey Proskuryakov
Comment 4 2010-11-09 13:06:12 PST
Created attachment 73403 [details] crash log Attaching crash log. Unlike Matt's, it doesn't have documentWillBecomeInactive() in top frame - perhaps just a tools difference.
Alexey Proskuryakov
Comment 5 2010-11-09 13:07:33 PST
This is a regression on this page - shipping WebKit (of course) doesn't parse svg in html, and doesn't crash.
Simon Fraser (smfr)
Comment 6 2010-11-09 13:08:03 PST
Matt has a patch, but is still working on the testcase I think.
Matthew Delaney
Comment 7 2010-11-09 13:09:58 PST
Yea, I'll just the post the patch in a second w/o "r?". I quit on Friday evening trying to make a test case and will try again today.
Matthew Delaney
Comment 8 2010-11-10 11:20:22 PST
Created attachment 73517 [details] Patch
Alexey Proskuryakov
Comment 9 2010-11-10 11:39:38 PST
Manual tests are almost useless, they are rarely if ever run.
Nikolas Zimmermann
Comment 10 2010-11-10 11:59:14 PST
(In reply to comment #9) > Manual tests are almost useless, they are rarely if ever run. Agreed. Matthew, can you try reproducing the crash using location.reload, maybe? Not sure if we have existing tests covering this...
Matthew Delaney
Comment 11 2010-11-10 14:45:04 PST
Committed r71772: <http://trac.webkit.org/changeset/71772>
Matthew Delaney
Comment 12 2010-11-18 15:16:51 PST
Forgot to mention, but I created this bug (and had it blocking on this one) for getting an eventual automated version of the manual test. https://bugs.webkit.org/show_bug.cgi?id=49346 So far, all the ideas from #ksvg and others haven't panned out, but I'm sure there's some clever way. Perhaps having a way in the layout tests to create a new window, load the manual test, and then close the window and see if it crashes would be another idea. I'm not aware of any current tests doing anything like this.
Note You need to log in before you can comment on or make changes to this bug.