RESOLVED INVALID 113090
Web Inspector: Page crash in ScriptPreprocessor if content scripts are present 
https://bugs.webkit.org/show_bug.cgi?id=113090
Summary Web Inspector: Page crash in ScriptPreprocessor if content scripts are present
johnjbarton
Reported 2013-03-22 12:21:50 PDT
Regarding ScriptPreprocessor see also bug 111889 Bug 80992 and Bug 104384 Bug 112926 When the script preprocessor is active and we have Chrome extensions with content scripts, we crash. Here is some tracing output. First we enter the preprocessor code, then, in V8 we print the script just before the onBeforeCompile() call, using: -------------------- script->Print(stdout); // Notify debugger isolate->debugger()->OnBeforeCompile(script); printf("----- return from OnBeforeCompile -----\n"); ----------------- Notice that we are recursing, we are in the onBeforeCompile event for the preprocessor itself. The crash occurs because we are trying to lookup the World for the utility context set up for the preprocessor, see v8/bindings/V8Binding.cpp WrapperWorldType worldTypeInMainThread(v8::Isolate* isolate) { if (!DOMWrapperWorld::isolatedWorldsExist()) return MainWorld; ASSERT(!v8::Context::GetEntered().IsEmpty()); DOMWrapperWorld* isolatedWorld = DOMWrapperWorld::isolatedWorld(v8::Context::GetEntered()); if (isolatedWorld) return IsolatedWorld; return MainWorld; } In particular, without content scripts we'll take the first return and never call DOMWrapperWorld::isolatedWorld(). ERROR: setScriptPreprocessor: ------------------------------ preprocessor clear ------------------------------ ../../third_party/WebKit/Source/WebCore/bindings/v8/ScriptDebugServer.cpp(405) : void WebCore::ScriptDebugServer::setScriptPreprocessor(const WTF::String&, WebCore::DOMWindow*) 0x256b47cdc089: [Script] - source: 0x2ba751f04101 <Very long string[876129]> - name: 0x2ba751fd9f81 <String[23]: $preprocessingScript.js> - line_offset: 0 - column_offset: 0 - type: 2 - id: 67 - data: 0x258114804121 <undefined> - context data: 0x258114804121 <undefined> - wrapper: 0x25229152fb51 <Foreign> - compilation type: 0 - line ends: 0x258114804121 <undefined> - eval from shared: 0x258114804121 <undefined> - eval from instructions offset: 0 ASSERTION FAILED: contextHasCorrectPrototype(context) ../../third_party/WebKit/Source/WebCore/bindings/v8/DOMWrapperWorld.h(67) : static WebCore::DOMWrapperWorld* WebCore::DOMWrapperWorld::isolatedWorld(v8::Handle<v8::Context>) 1 0x7f8898b7c62f 2 0x7f8898bc99ae 3 0x7f8898b98586 4 0x7f8898b99313 5 0x7f8898ba7c8e 6 0x7f8898ba7b56 7 0x7f889aa3b4b1 8 0x7f889aa3b3f7 9 0x7f889aa3b2c7 10 0x7f889aa3acaf 11 0x7f889aa25bfd 12 0x7f889aa2663d 13 0x7f889a9ce7bb 14 0x7f889a9ceab4 15 0x7f8898baa70f 16 0x7f8898ba7436 17 0x7f8898e563de 18 0x7f8898df1d79 19 0x7f8898e96b36 20 0x7f8898e94c29 21 0x7f8898e94b1a 22 0x7f8898e88a21 23 0x7f8898e6af34 24 0x7f88979bdc55 25 0x7f8897a31ebe 26 0x7f8898e6ad73 27 0x7f8898e6b674 28 0x7f8898ea857e 29 0x7f8898ed4425 30 0x7f8898ebad0d 31 0x7f8898ebaad3 Received signal 11 SEGV_MAPERR 0000bbadbeef [0x7f8897cb43e8] base::debug::StackTrace::StackTrace() [0x7f8897cb3cef] base::debug::(anonymous namespace)::StackDumpSignalHandler() [0x7f8892145cb0] <unknown> [0x7f8898b7c639] WebCore::DOMWrapperWorld::isolatedWorld() [0x7f8898bc99ae] WebCore::worldTypeInMainThread() [0x7f8898b98586] WebCore::retrieveFrameWithGlobalObjectCheck() [0x7f8898b99313] WebCore::PageScriptDebugServer::getDebugListenerForContext() [0x7f8898ba7c8e] WebCore::ScriptDebugServer::handleV8DebugEvent() [0x7f8898ba7b56] WebCore::ScriptDebugServer::v8DebugEventCallback() [0x7f889aa3b4b1] v8::internal::Debugger::CallCEventCallback() [0x7f889aa3b3f7] v8::internal::Debugger::CallEventCallback() [0x7f889aa3b2c7] v8::internal::Debugger::ProcessDebugEvent() [0x7f889aa3acaf] v8::internal::Debugger::OnBeforeCompile() [0x7f889aa25bfd] v8::internal::MakeFunctionInfo() [0x7f889aa2663d] v8::internal::Compiler::Compile() [0x7f889a9ce7bb] v8::Script::New() [0x7f889a9ceab4] v8::Script::Compile() [0x7f8898baa70f] WebCore::ScriptDebugServer::ScriptPreprocessor::ScriptPreprocessor() [0x7f8898ba7436] WebCore::ScriptDebugServer::setScriptPreprocessor() [0x7f8898e563de] WebCore::PageDebuggerAgent::didClearMainFrameWindowObject() [0x7f8898df1d79] WebCore::InspectorInstrumentation::didClearWindowObjectInWorldImpl() [0x7f8898e96b36] WebCore::InspectorInstrumentation::didClearWindowObjectInWorld() [0x7f8898e94c29] WebCore::FrameLoader::dispatchDidClearWindowObjectInWorld() [0x7f8898e94b1a] WebCore::FrameLoader::dispatchDidClearWindowObjectsInAllWorlds() [0x7f8898e88a21] WebCore::FrameLoader::receivedFirstData() [0x7f8898e6af34] WebCore::DocumentLoader::commitData() [0x7f88979bdc55] WebKit::WebFrameImpl::commitDocumentData() [0x7f8897a31ebe] WebKit::FrameLoaderClientImpl::committedLoad() [0x7f8898e6ad73] WebCore::DocumentLoader::commitLoad() [0x7f8898e6b674] WebCore::DocumentLoader::receivedData() [0x7f8898ea857e] WebCore::MainResourceLoader::dataReceived() [0x7f8898ed4425] WebCore::CachedRawResource::data() [0x7f8898ebad0d] WebCore::SubresourceLoader::sendDataToResource() [0x7f8898ebaad3] WebCore::SubresourceLoader::didReceiveDataOrBuffer() [0x7f8898eba80b] WebCore::SubresourceLoader::didReceiveData() [0x7f8898eb624f] WebCore::ResourceLoader::didReceiveData() [0x7f889a8a084c] WebCore::ResourceHandleInternal::didReceiveData() [0x7f889b1b9718] webkit_glue::WebURLLoaderImpl::Context::OnReceivedData() [0x7f889984316c] content::ResourceDispatcher::OnReceivedData() [0x7f8899846143] ResourceMsg_DataReceived::Dispatch<>() [0x7f889984444c] content::ResourceDispatcher::DispatchMessage() [0x7f8899842951] content::ResourceDispatcher::OnMessageReceived() [0x7f8899747931] content::ChildThread::OnMessageReceived() [0x7f889766d125] IPC::ChannelProxy::Context::OnDispatchMessage() [0x7f8897670812] base::internal::RunnableAdapter<>::Run() [0x7f88976702f0] base::internal::InvokeHelper<>::MakeItSo() [0x7f889766fbba] base::internal::Invoker<>::Run() [0x7f8896bbb7a5] base::Callback<>::Run() [0x7f8897ce49c7] MessageLoop::RunTask() [0x7f8897ce4ade] MessageLoop::DeferOrRunPendingTask() [0x7f8897ce5345] MessageLoop::DoWork() [0x7f8897cece0a] base::MessagePumpDefault::Run() [0x7f8897ce45cf] MessageLoop::RunInternal() [0x7f8897ce448a] MessageLoop::RunHandler() [0x7f8897d0c270] base::RunLoop::Run() [0x7f8897ce3dc2] MessageLoop::Run() [0x7f889a06ee92] content::RendererMain() [0x7f889a0098c5] content::RunZygote() [0x7f889a009ae6] content::RunNamedProcessTypeMain() [0x7f889a00a8f8] content::ContentMainRunnerImpl::Run() [0x7f889a009043] content::ContentMain() [0x7f8896b3694d] ChromeMain r8: 00007f88962fd980 r9: 00007f88963422d0 r10: 000000000601fa4d r11: 0000000000000000 r12: 000001e148156020 r13: 00007fff43ad3980 r14: 0000000000000000 r15: 0000000000000000 di: 0000000000000000 si: 00000000efcdab90 bp: 00007fff43acf090 bx: 000001e14814d0e0 dx: 00007f889050daa0 ax: 00000000bbadbeef cx: 00007f889023991d sp: 00007fff43acf020 ip: 00007f8898b7c639 efl: 0000000000010246 cgf: 0000000000000033 erf: 0000000000000006 trp: 000000000000000e msk: 0000000000000000 cr2: 00000000bbadbeef [27709:27723:0322/120735:WARNING:crl_set_fetcher.cc(182)] Failed to parse delta CRL set
Attachments
Patch (4.03 KB, patch)
2013-03-22 15:11 PDT, johnjbarton 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
johnjbarton
Comment 1 2013-03-22 15:11:50 PDT
Created attachment 194639 [details] Patch
johnjbarton
Comment 2 2013-03-22 15:13:21 PDT
TODO figure out how to test preprocessor in the presence of content-scripts.
johnjbarton
Comment 3 2013-03-27 15:45:16 PDT
Filtering out content scripts was necessary but not sufficient. The Inspector adds scripts for several reasons and none of these should go thru the preprocessor. (Another cool way to crash here is to report an error while preprocessing the Inspector's console support script (injectedscript) since reporting an error requires the console support script...). So I now have additional cases waiting in a patch built this bug and on Bug 113331.
Note You need to log in before you can comment on or make changes to this bug.