Bug 54462

Summary:

XSLT with output method HTML and images crashes in debug mode

Product:

WebKit

Reporter:

Vsevolod Vlasov <vsevik>

Component:

XML

Assignee:

Adam Barth <abarth>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

abarth, eric, kbr, pfeldman, vsevik

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
Failing XML example	none
Failing XSL example	none
Patch	darin: review+, darin: commit-queue+

Vsevolod Vlasov

Reported 2011-02-15 08:06:41 PST

If 1) XML file links to XSLT 2) XSLT has output method set to html 3) Resulting HTML has images then Webkit crashes on assertion in debug mode (DocumentParser:56). ASSERTION FAILED: m_state == ParsingState .../webkit/Source/WebCore/dom/DocumentParser.cpp(56) : virtual void WebCore::DocumentParser::prepareToStopParsing() -> WebCore::DocumentParser::prepareToStopParsing() -> WebCore::HTMLDocumentParser::prepareToStopParsing() -> WebCore::HTMLDocumentParser::attemptToEnd() -> WebCore::HTMLDocumentParser::finish() -> WebCore::Document::finishParsing() -> WebCore::DocumentWriter::endIfNotLoadingMainResource() -> WebCore::Document::explicitClose() -> WebCore::Document::setContent(WTF::String const&) -> WebCore::XSLTProcessor::createDocumentFromSource(WTF::String const&, WTF::String const&, WTF::String const&, WebCore::Node*, WebCore::Frame*) -> WebCore::Document::applyXSLTransform(WebCore::ProcessingInstruction*) -> WebCore::Document::recalcStyleSelector() -> WebCore::Document::styleSelectorChanged(WebCore::StyleSelectorUpdateFlag) -> WebCore::Document::removePendingSheet() -> WebCore::ProcessingInstruction::sheetLoaded() -> WebCore::XSLStyleSheet::checkLoaded() -> WebCore::ProcessingInstruction::parseStyleSheet(WTF::String const&) -> WebCore::ProcessingInstruction::setXSLStyleSheet(WTF::String const&, WebCore::KURL const&, WTF::String const&) -> WebCore::CachedXSLStyleSheet::checkNotify() -> WebCore::CachedXSLStyleSheet::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) -> WebCore::CachedResourceRequest::didFinishLoading(WebCore::SubresourceLoader*) -> WebCore::SubresourceLoader::didFinishLoading(double) -> WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) -> -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] -> _NSURLConnectionDidFinishLoading -> URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue*) -> URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) -> URLConnectionClient::processEvents() -> MultiplexerSource::perform() -> __CFRunLoopDoSources0 -> __CFRunLoopRun -> CFRunLoopRunSpecific

Attachments
Failing XML example (96 bytes, text/xml) 2011-02-15 08:07 PST, Vsevolod Vlasov	no flags	Details
Failing XSL example (242 bytes, application/xslt+xml) 2011-02-15 08:07 PST, Vsevolod Vlasov	no flags	Details
Patch (4.35 KB, patch) 2011-02-15 16:25 PST, Adam Barth	darin: review+ darin: commit-queue+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Vsevolod Vlasov

Comment 1 2011-02-15 08:07:19 PST

Created attachment 82458 [details] Failing XML example

Vsevolod Vlasov

Comment 2 2011-02-15 08:07:38 PST

Created attachment 82459 [details] Failing XSL example

Vsevolod Vlasov

Comment 3 2011-02-15 08:14:44 PST

see https://bugs.webkit.org/show_bug.cgi?id=50253

Pavel Feldman

Comment 4 2011-02-15 08:18:23 PST

*** This bug has been marked as a duplicate of bug 50253 ***

Adam Barth

Comment 5 2011-02-15 14:41:39 PST

This is not a duplicate of Bug 50253. Testing a patch now.

Adam Barth

Comment 6 2011-02-15 16:15:42 PST

This is a regression caused by http://trac.webkit.org/changeset/75577

Adam Barth

Comment 7 2011-02-15 16:25:13 PST

Created attachment 82548 [details] Patch

Darin Adler

Comment 8 2011-02-15 16:26:38 PST

Comment on attachment 82548 [details] Patch Is this single test case enough coverage?

Adam Barth

Comment 9 2011-02-15 16:30:55 PST

> Is this single test case enough coverage? We more or less would like test coverage for each code path touched in http://trac.webkit.org/changeset/75577. 1) DOMParser::parseFromString <-- We have tests for this one. 2) WebCore/xml/XMLHttpRequest.cpp <-- We have lots of test for this one. :) 3) WebCore/xml/XSLTProcessor.cpp <-- Added in this patch. 4) CachedFont.cpp <-- This is for SVG fonts. I don't know whether this is covered.

Adam Barth

Comment 10 2011-02-15 16:36:45 PST

Committed r78644: <http://trac.webkit.org/changeset/78644>

Eric Seidel (no email)

Comment 11 2011-02-15 16:38:07 PST

Comment on attachment 82548 [details] Patch LGTM too thanks.

Adam Barth

Comment 12 2011-02-15 17:04:21 PST

*** Bug 52929 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.