HTMLDocumentParser::didReceiveParsedChunkFromBackgroundParser can trigger ASSERT(m_speculations.isEmpty())
Unpossible! There can be no bügs!
Created attachment 190454 [details] Patch
Comment on attachment 190454 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=190454&action=review > Source/WebCore/html/parser/HTMLDocumentParser.cpp:311 > + if (isWaitingForScripts() || !m_speculations.isEmpty()) { I see. So we've yielded all the way out to the event loop and are getting more data from teh background parser. I'm sure we hit this all the time in the wild and may be a source of all sorts of bad behavior!
Yep.
Comment on attachment 190454 [details] Patch Clearing flags on attachment: 190454 Committed r144158: <http://trac.webkit.org/changeset/144158>
All reviewed patches have been landed. Closing bug.