RESOLVED INVALID 111558
Background HTML Parser hitting !s.escaped assertion in SegmentedString::append 
https://bugs.webkit.org/show_bug.cgi?id=111558
Summary Background HTML Parser hitting !s.escaped assertion in SegmentedString::append
John Knottenbelt
Reported 2013-03-06 04:13:59 PST
One of Chrome on Android's downstream bots is seeing this assertion failure: ASSERTION FAILED: !s.escaped() ../../third_party/WebKit/Source/WebCore/platform/text/SegmentedString.cpp(169) : void WebCore::SegmentedString::append(const WebCore::SegmentedString&) The stack trace is as follows: 0163e67a WebCore::SegmentedString::append(WebCore::SegmentedString const&)+82 Source/WebCore/platform/text/SegmentedString.cpp:169 0071e2e5 WebCore::HTMLSourceTracker::start(WebCore::SegmentedString&, WebCore::HTMLTokenizer*, WebCore::HTMLToken&)+72 Source/WebCore/html/parser/HTMLSourceTracker.cpp:44 00710dc3 WebCore::BackgroundHTMLParser::pumpTokenizer()+62 Source/WebCore/html/parser/BackgroundHTMLParser.cpp:250 v------> WTF::FunctionWrapper<void (WebCore::BackgroundHTMLParser::*)(WTF::String const&)>::operator()(WTF::WeakPtr<WebCore::BackgroundHTMLParser> const&, WTF::String const&) Source/WTF/wtf/Functional.h:254 00717551 WTF::BoundFunctionImpl<WTF::FunctionWrapper<void (WebCore::BackgroundHTMLParser::*)(WTF::String const&)>, void (WTF::WeakPtr<WebCore::BackgroundHTMLParser>, WTF::String)>::operator()()+38 Source/WTF/wtf/Functional.h:522 v------> WTF::Function<void ()>::operator()() const Source/WTF/wtf/Functional.h:704 0071c1e3 WebCore::HTMLParserThread::runLoop()+98 Source/WebCore/html/parser/HTMLParserThread.cpp:93 00698541 WTF::threadEntryPoint(void*)+44 Source/WTF/wtf/Threading.cpp:69 00698883 WTF::wtfThreadEntryPoint(void*)+30 Source/WTF/wtf/ThreadingPthreads.cpp:196 0000e3d8 __thread_entry+72 /system/lib/libc.so 0000dac4 pthread_create+160 /system/lib/libc.so
Attachments
Add attachment proposed patch, testcase, etc.
Eric Seidel (no email)
Comment 1 2013-03-06 09:45:31 PST
So we're appending an "escaped" string. Not yet sure what that means: http://trac.webkit.org/browser/trunk/Source/WebCore/platform/text/SegmentedString.cpp#L166
Eric Seidel (no email)
Comment 2 2013-03-06 09:46:58 PST
HTMLSourceTracker::start: http://trac.webkit.org/browser/trunk/Source/WebCore/html/parser/HTMLSourceTracker.cpp#L37
Adam Barth
Comment 4 2013-03-06 09:56:38 PST
which version of WebKit is that bot running?
John Knottenbelt
Comment 5 2013-03-06 10:29:04 PST
(In reply to comment #4) > which version of WebKit is that bot running? The most recent build was from revision 144825, Chromium platform, Android OS.
Adam Barth
Comment 6 2013-03-06 10:39:43 PST
bool escaped() const { return m_pushedChar1; } I'll study the code further.
Eric Seidel (no email)
Comment 7 2013-03-06 10:58:11 PST
We should clearly rename escaped() once we figure out what it does. :) Maybe this is for surrogate pairs?
Adam Barth
Comment 8 2013-03-06 10:59:58 PST
m_pushedChar1 is about rewinding the SegmentedString slightly. There are some rare cases where we need to put back one or two characters (usually involving entities). There's probably a code path where we do that and then append, which I guess isn't supported.
Joel Jirak
Comment 9 2014-09-03 10:26:29 PDT
This chromium bug appears to analyze and fix the same problem: http://crbug.com/345726 I applied those changes to webkit @r167356, and it fixed a crash caused by the assert described in this bug. Joel
Ryosuke Niwa
Comment 11 2022-08-19 15:32:27 PDT
Background HTML parser isn't a thing anymore.
Note You need to log in before you can comment on or make changes to this bug.