Bug 61733

Summary: [Chromium] REGRESSION: Crash in WebCore::HTMLLinkElement::onloadTimerFired after r87628
Product: WebKit Reporter: Mikhail Naganov <mnaganov>
Component: DOMAssignee: Mikhail Naganov <mnaganov>
Status: RESOLVED FIXED    
Severity: Normal CC: abarth, ap
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Bug Depends on: 61736    
Bug Blocks:    
Attachments:
Description Flags
patch
none
Updated patch none

Mikhail Naganov
Reported 2011-05-30 09:31:32 PDT
Having r87628 in place, Chrome reliability bot crashes in WebCore::HTMLLinkElement::onloadTimerFired http://build.chromium.org/p/chromium/builders/Win%20Reliability/builds/4073/steps/reliability%3A%20partial%20result%20of%20current%20build/logs/stdio This is because the change makes WebCore::CachedResource::setRequest to call checkNotify on request reset. HTMLLinkElement registers itself as CachedResource client via m_cachedSheet, which can happen even if m_cachedLinkResource wasn't set. As a result, WebCore::HTMLLinkElement::notifyFinished is got called with unset m_cachedLinkResource, which causes a crash in HTMLLinkElement::onloadTimerFired
Attachments
patch (1.10 KB, patch)
2011-05-30 09:37 PDT, Mikhail Naganov 		no flags
DetailsFormatted DiffDiff
Updated patch (2.02 KB, patch)
2011-05-30 10:15 PDT, Adam Barth 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Mikhail Naganov
Comment 1 2011-05-30 09:37:28 PDT
Created attachment 95348 [details] patch
Adam Barth
Comment 2 2011-05-30 09:54:43 PDT
Comment on attachment 95348 [details] patch I'm not sure this patch is correct. Why is notifyFinished being called with a different cached resource?
Adam Barth
Comment 3 2011-05-30 10:15:41 PDT
Created attachment 95351 [details] Updated patch
Adam Barth
Comment 4 2011-05-30 10:19:12 PDT
I'm going to land this patch without a test because this is blocking WebKit => Chromium integration. I'll add the test in Bug 61736.
Adam Barth
Comment 5 2011-05-30 10:21:19 PDT
Committed r87693: <http://trac.webkit.org/changeset/87693>
Alexey Proskuryakov
Comment 6 2011-05-30 12:29:26 PDT
Thanks Adam! I don't have the time to deeply investigate this right now, but the patch looks very reasonable.
Note You need to log in before you can comment on or make changes to this bug.