Bug 54884

Summary: plugins/get-url-with-javascript-destroying-plugin.html crashing on Windows since it was added
Product: WebKit Reporter: Adam Roben (:aroben) <aroben>
Component: Plug-insAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: andersca, jhoneycutt, ossy
Priority: P2 Keywords: InRadar, LayoutTestFailure, PlatformOnly
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows XP   
URL: http://build.webkit.org/results/Windows%207%20Release%20(Tests)/r79222%20(9584)/results.html
Bug Depends on:    
Bug Blocks: 54863    
Attachments:
Description Flags
Protect the PluginView when evaluating javascript: URLs sam: review+

Adam Roben (:aroben)
Reported 2011-02-21 09:05:57 PST
plugins/get-url-with-javascript-destroying-plugin.html has been crashing on Windows since it was added in r79157. run-webkit-tests is falsely saying that the test immediately following this one is crashing. But plugins/get-url-with-javascript-destroying-plugin.html is the culprit; if you run it on its own it crashes.
Attachments
Protect the PluginView when evaluating javascript: URLs (2.13 KB, patch)
2011-02-21 09:40 PST, Adam Roben (:aroben) 		sam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Adam Roben (:aroben)
Comment 1 2011-02-21 09:06:15 PST
Here's the backtrace: ntdll.dll!_RtlpWaitForCriticalSection@4() + 0x5b bytes ntdll.dll!_RtlEnterCriticalSection@4() + 0x46 bytes > JavaScriptCore.dll!WTF::Mutex::lock() Line 290 + 0xc bytes C++ WebKit.dll!WTF::Locker<WTF::Mutex>::Locker<WTF::Mutex>(WTF::Mutex & lockable={...}) Line 38 + 0x20 bytes C++ WebKit.dll!WTF::HashTable<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::IdentityExtractor<WTF::RefPtr<WebCore::PluginStream> >,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> > >::invalidateIterators() Line 1054 C++ WebKit.dll!WTF::HashTable<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::IdentityExtractor<WTF::RefPtr<WebCore::PluginStream> >,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> > >::add<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::IdentityHashTranslator<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> > > >(const WTF::RefPtr<WebCore::PluginStream> & key=0x06cac300 {m_resourceRequest={...} m_resourceResponse={...} m_client=0x06c80bb8 ...}, const WTF::RefPtr<WebCore::PluginStream> & extra=0x06cac300 {m_resourceRequest={...} m_resourceResponse={...} m_client=0x06c80bb8 ...}) Line 634 C++ WebKit.dll!WTF::HashTable<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::IdentityExtractor<WTF::RefPtr<WebCore::PluginStream> >,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> > >::add(const WTF::RefPtr<WebCore::PluginStream> & value=0x06cac300 {m_resourceRequest={...} m_resourceResponse={...} m_client=0x06c80bb8 ...}) Line 317 + 0x2b bytes C++ WebKit.dll!WTF::HashSet<WTF::RefPtr<WebCore::PluginStream>,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> > >::add(const WTF::RefPtr<WebCore::PluginStream> & value=0x06cac300 {m_resourceRequest={...} m_resourceResponse={...} m_client=0x06c80bb8 ...}) Line 180 + 0x10 bytes C++ WebKit.dll!WebCore::PluginView::performRequest(WebCore::PluginRequest * request=0x053858d0) Line 488 + 0x1c bytes C++ WebKit.dll!WebCore::PluginView::requestTimerFired(WebCore::Timer<WebCore::PluginView> * timer=0x06c80c48) Line 508 C++ WebKit.dll!WebCore::Timer<WebCore::PluginView>::fired() Line 100 + 0x29 bytes C++ WebKit.dll!WebCore::ThreadTimers::sharedTimerFiredInternal() Line 112 + 0xf bytes C++ WebKit.dll!WebCore::ThreadTimers::sharedTimerFired() Line 91 C++ WebKit.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x00130af6, unsigned int message=49590, unsigned int wParam=0, long lParam=0) Line 103 + 0x8 bytes C++ user32.dll!_InternalCallWinProc@20() + 0x28 bytes user32.dll!_UserCallWinProcCheckWow@32() + 0xb7 bytes user32.dll!_DispatchMessageWorker@8() + 0xdc bytes user32.dll!_DispatchMessageW@4() + 0xf bytes DumpRenderTree.exe!runTest(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & testPathOrURL="c:\Documents and Settings\Adam Roben\dev\WebKit\OpenSource\LayoutTests\plugins\get-url-with-javascript-destroying-plugin.html") Line 993 + 0xf bytes C++ DumpRenderTree.exe!main(int argc=2, char * * argv=0x050febc8) Line 1370 + 0x28 bytes C++ DumpRenderTree.exe!__tmainCRTStartup() Line 597 + 0x17 bytes C kernel32.dll!_BaseProcessStart@4() + 0x23 bytes
Adam Roben (:aroben)
Comment 2 2011-02-21 09:07:13 PST
Presumably the call to ScriptController::executeScript in PluginView::performRequest caused the plugin to be deleted.
Adam Roben (:aroben)
Comment 3 2011-02-21 09:23:36 PST
We could probably fix this by reffing the PluginView inside requestTimerFired. But that feels icky.
Adam Roben (:aroben)
Comment 4 2011-02-21 09:24:19 PST
<rdar://problem/9030864>
Adam Roben (:aroben)
Comment 5 2011-02-21 09:40:16 PST
Created attachment 83174 [details] Protect the PluginView when evaluating javascript: URLs
Adam Roben (:aroben)
Comment 6 2011-02-21 09:49:44 PST
Committed r79231: <http://trac.webkit.org/changeset/79231>
Alejandro G. Castro
Comment 7 2011-02-21 09:55:57 PST
*** Bug 54863 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.