Bug 54884

Summary:

plugins/get-url-with-javascript-destroying-plugin.html crashing on Windows since it was added

Product:

WebKit

Reporter:

Adam Roben (:aroben) <aroben>

Component:

Plug-ins

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

andersca, jhoneycutt, ossy

Priority:

Keywords:

InRadar, LayoutTestFailure, PlatformOnly

Version:

528+ (Nightly build)

Hardware:

OS:

Windows XP

URL:

http://build.webkit.org/results/Windows%207%20Release%20(Tests)/r79222%20(9584)/results.html

Bug Depends on:

Bug Blocks:

54863

Attachments:

Description	Flags
Protect the PluginView when evaluating javascript: URLs	sam: review+

Description Adam Roben (:aroben) 2011-02-21 09:05:57 PST

plugins/get-url-with-javascript-destroying-plugin.html has been crashing on Windows since it was added in r79157. run-webkit-tests is falsely saying that the test immediately following this one is crashing. But plugins/get-url-with-javascript-destroying-plugin.html is the culprit; if you run it on its own it crashes.

Comment 1 Adam Roben (:aroben) 2011-02-21 09:06:15 PST

Here's the backtrace:


 	ntdll.dll!_RtlpWaitForCriticalSection@4()  + 0x5b bytes	
 	ntdll.dll!_RtlEnterCriticalSection@4()  + 0x46 bytes	
>	JavaScriptCore.dll!WTF::Mutex::lock()  Line 290 + 0xc bytes	C++
 	WebKit.dll!WTF::Locker<WTF::Mutex>::Locker<WTF::Mutex>(WTF::Mutex & lockable={...})  Line 38 + 0x20 bytes	C++
 	WebKit.dll!WTF::HashTable<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::IdentityExtractor<WTF::RefPtr<WebCore::PluginStream> >,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> > >::invalidateIterators()  Line 1054	C++
 	WebKit.dll!WTF::HashTable<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::IdentityExtractor<WTF::RefPtr<WebCore::PluginStream> >,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> > >::add<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::IdentityHashTranslator<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> > > >(const WTF::RefPtr<WebCore::PluginStream> & key=0x06cac300 {m_resourceRequest={...} m_resourceResponse={...} m_client=0x06c80bb8 ...}, const WTF::RefPtr<WebCore::PluginStream> & extra=0x06cac300 {m_resourceRequest={...} m_resourceResponse={...} m_client=0x06c80bb8 ...})  Line 634	C++
 	WebKit.dll!WTF::HashTable<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::IdentityExtractor<WTF::RefPtr<WebCore::PluginStream> >,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> > >::add(const WTF::RefPtr<WebCore::PluginStream> & value=0x06cac300 {m_resourceRequest={...} m_resourceResponse={...} m_client=0x06c80bb8 ...})  Line 317 + 0x2b bytes	C++
 	WebKit.dll!WTF::HashSet<WTF::RefPtr<WebCore::PluginStream>,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> > >::add(const WTF::RefPtr<WebCore::PluginStream> & value=0x06cac300 {m_resourceRequest={...} m_resourceResponse={...} m_client=0x06c80bb8 ...})  Line 180 + 0x10 bytes	C++
 	WebKit.dll!WebCore::PluginView::performRequest(WebCore::PluginRequest * request=0x053858d0)  Line 488 + 0x1c bytes	C++
 	WebKit.dll!WebCore::PluginView::requestTimerFired(WebCore::Timer<WebCore::PluginView> * timer=0x06c80c48)  Line 508	C++
 	WebKit.dll!WebCore::Timer<WebCore::PluginView>::fired()  Line 100 + 0x29 bytes	C++
 	WebKit.dll!WebCore::ThreadTimers::sharedTimerFiredInternal()  Line 112 + 0xf bytes	C++
 	WebKit.dll!WebCore::ThreadTimers::sharedTimerFired()  Line 91	C++
 	WebKit.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x00130af6, unsigned int message=49590, unsigned int wParam=0, long lParam=0)  Line 103 + 0x8 bytes	C++
 	user32.dll!_InternalCallWinProc@20()  + 0x28 bytes	
 	user32.dll!_UserCallWinProcCheckWow@32()  + 0xb7 bytes	
 	user32.dll!_DispatchMessageWorker@8()  + 0xdc bytes	
 	user32.dll!_DispatchMessageW@4()  + 0xf bytes	
 	DumpRenderTree.exe!runTest(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & testPathOrURL="c:\Documents and Settings\Adam Roben\dev\WebKit\OpenSource\LayoutTests\plugins\get-url-with-javascript-destroying-plugin.html")  Line 993 + 0xf bytes	C++
 	DumpRenderTree.exe!main(int argc=2, char * * argv=0x050febc8)  Line 1370 + 0x28 bytes	C++
 	DumpRenderTree.exe!__tmainCRTStartup()  Line 597 + 0x17 bytes	C
 	kernel32.dll!_BaseProcessStart@4()  + 0x23 bytes

Comment 2 Adam Roben (:aroben) 2011-02-21 09:07:13 PST

Presumably the call to ScriptController::executeScript in PluginView::performRequest caused the plugin to be deleted.

Comment 3 Adam Roben (:aroben) 2011-02-21 09:23:36 PST

We could probably fix this by reffing the PluginView inside requestTimerFired. But that feels icky.

Comment 4 Adam Roben (:aroben) 2011-02-21 09:24:19 PST

<rdar://problem/9030864>

Comment 5 Adam Roben (:aroben) 2011-02-21 09:40:16 PST

Created attachment 83174 [details]
Protect the PluginView when evaluating javascript: URLs

Comment 6 Adam Roben (:aroben) 2011-02-21 09:49:44 PST

Committed r79231: <http://trac.webkit.org/changeset/79231>

Comment 7 Alejandro G. Castro 2011-02-21 09:55:57 PST

*** Bug 54863 has been marked as a duplicate of this bug. ***