RESOLVED FIXED 121458
Layout Test http/tests/security/canvas-remote-read-remote-image-redirect.html is flaky 
https://bugs.webkit.org/show_bug.cgi?id=121458
Summary Layout Test http/tests/security/canvas-remote-read-remote-image-redirect.html...
Alexey Proskuryakov
Reported 2013-09-16 15:33:02 PDT
The following layout test is flaky on all platforms: http/tests/security/canvas-remote-read-remote-image-redirect.html. The diff is: -CONSOLE MESSAGE: Unable to get image data from canvas because the canvas has been tainted by cross-origin data. -CONSOLE MESSAGE: Unable to get image data from canvas because the canvas has been tainted by cross-origin data. -CONSOLE MESSAGE: Unable to get image data from canvas because the canvas has been tainted by cross-origin data. -CONSOLE MESSAGE: Unable to get image data from canvas because the canvas has been tainted by cross-origin data. +CONSOLE MESSAGE: line 108: Unable to get image data from canvas because the canvas has been tainted by cross-origin data. +CONSOLE MESSAGE: line 108: Unable to get image data from canvas because the canvas has been tainted by cross-origin data. +CONSOLE MESSAGE: line 108: Unable to get image data from canvas because the canvas has been tainted by cross-origin data. +CONSOLE MESSAGE: line 108: Unable to get image data from canvas because the canvas has been tainted by cross-origin data. Line 108 is the last empty line of the test, after </script>. I think that that this is caused by automatic line number generation introduced in r136657. I could never reproduce the failure locally. In success case, here is what performs the logging: #0 0x00000001042b6e1e in WebCore::PageConsole::addMessage(WebCore::MessageSource, WebCore::MessageLevel, WTF::String const&, unsigned long, WebCore::Document*) at /Users/ap/Safari/OpenSource/Source/WebCore/page/PageConsole.cpp:141 #1 0x00000001035802be in WebCore::Document::addConsoleMessage(WebCore::MessageSource, WebCore::MessageLevel, WTF::String const&, unsigned long) at /Users/ap/Safari/OpenSource/Source/WebCore/dom/Document.cpp:4819 #2 0x000000010328e1eb in WebCore::CanvasRenderingContext2D::getImageData(WebCore::ImageBuffer::CoordinateSystem, float, float, float, float, int&) const at /Users/ap/Safari/OpenSource/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:1844 #3 0x000000010328e0bb in WebCore::CanvasRenderingContext2D::getImageData(float, float, float, float, int&) const at /Users/ap/Safari/OpenSource/Source/WebCore/html/canvas/CanvasRenderingContext2D.cpp:1832 #4 0x0000000103c74ccf in WebCore::jsCanvasRenderingContext2DPrototypeFunctionGetImageData(JSC::ExecState*) at /Users/ap/Safari/OpenSource/WebKitBuild/Debug/DerivedSources/WebCore/JSCanvasRenderingContext2D.cpp:2601 #5 0x00002706bb201045 in 0x2706bb201045 () #6 0x000000010190c5f7 in JSC::JITCode::execute(JSC::JSStack*, JSC::ExecState*, JSC::VM*) at /Users/ap/Safari/OpenSource/Source/JavaScriptCore/jit/JITCode.cpp:46 #7 0x00000001018efe2f in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) at /Users/ap/Safari/OpenSource/Source/JavaScriptCore/interpreter/Interpreter.cpp:957 #8 0x000000010167343e in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) at /Users/ap/Safari/OpenSource/Source/JavaScriptCore/runtime/CallData.cpp:39 #9 0x0000000103c5d4ab in WebCore::JSMainThreadExecState::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) at /Users/ap/Safari/OpenSource/Source/WebCore/bindings/js/JSMainThreadExecState.h:52 #10 0x0000000103d907bf in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) at /Users/ap/Safari/OpenSource/Source/WebCore/bindings/js/JSEventListener.cpp:132 #11 0x00000001037337f2 in WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul, WTF::CrashOnOverflow>&) at /Users/ap/Safari/OpenSource/Source/WebCore/dom/EventTarget.cpp:272 #12 0x000000010373321e in WebCore::EventTarget::fireEventListeners(WebCore::Event*) at /Users/ap/Safari/OpenSource/Source/WebCore/dom/EventTarget.cpp:228 #13 0x000000010426fad2 in WebCore::Node::handleLocalEvents(WebCore::Event*) at /Users/ap/Safari/OpenSource/Source/WebCore/dom/Node.cpp:2078 #14 0x00000001036ffd11 in WebCore::EventContext::handleLocalEvents(WebCore::Event*) const at /Users/ap/Safari/OpenSource/Source/WebCore/dom/EventContext.cpp:58 #15 0x0000000103701729 in WebCore::EventDispatcher::dispatchEventAtTarget() at /Users/ap/Safari/OpenSource/Source/WebCore/dom/EventDispatcher.cpp:161 #16 0x0000000103700ee9 in WebCore::EventDispatcher::dispatch() at /Users/ap/Safari/OpenSource/Source/WebCore/dom/EventDispatcher.cpp:118 #17 0x0000000103702c2f in WebCore::EventDispatchMediator::dispatchEvent(WebCore::EventDispatcher*) const at /Users/ap/Safari/OpenSource/Source/WebCore/dom/EventDispatchMediator.cpp:54 #18 0x00000001037004a2 in WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::EventDispatchMediator>) at /Users/ap/Safari/OpenSource/Source/WebCore/dom/EventDispatcher.cpp:52 #19 0x000000010426fc4b in WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) at /Users/ap/Safari/OpenSource/Source/WebCore/dom/Node.cpp:2099 #20 0x00000001039abdb4 in WebCore::HTMLImageLoader::dispatchLoadEvent() at /Users/ap/Safari/OpenSource/Source/WebCore/html/HTMLImageLoader.cpp:58 #21 0x0000000103a9aefc in WebCore::ImageLoader::dispatchPendingLoadEvent() at /Users/ap/Safari/OpenSource/Source/WebCore/loader/ImageLoader.cpp:435 #22 0x0000000103a9ae26 in WebCore::ImageLoader::dispatchPendingEvent(WebCore::EventSender<WebCore::ImageLoader>*) at /Users/ap/Safari/OpenSource/Source/WebCore/loader/ImageLoader.cpp:393 #23 0x0000000103a9b6ac in WebCore::EventSender<WebCore::ImageLoader>::dispatchPendingEvents() at /Users/ap/Safari/OpenSource/Source/WebCore/dom/EventSender.h:106 #24 0x0000000103a9b011 in WebCore::ImageLoader::dispatchPendingLoadEvents() at /Users/ap/Safari/OpenSource/Source/WebCore/loader/ImageLoader.cpp:462 #25 0x0000000103574647 in WebCore::Document::implicitClose() at /Users/ap/Safari/OpenSource/Source/WebCore/dom/Document.cpp:2430 #26 0x00000001037f69cb in WebCore::FrameLoader::checkCallImplicitClose() at /Users/ap/Safari/OpenSource/Source/WebCore/loader/FrameLoader.cpp:850 #27 0x00000001037f6646 in WebCore::FrameLoader::checkCompleted() at /Users/ap/Safari/OpenSource/Source/WebCore/loader/FrameLoader.cpp:793 #28 0x00000001037f6815 in WebCore::FrameLoader::loadDone() at /Users/ap/Safari/OpenSource/Source/WebCore/loader/FrameLoader.cpp:739 #29 0x00000001032764d2 in WebCore::CachedResourceLoader::loadDone(WebCore::CachedResource*) at /Users/ap/Safari/OpenSource/Source/WebCore/loader/cache/CachedResourceLoader.cpp:772 #30 0x000000010480ba80 in WebCore::SubresourceLoader::notifyDone() at /Users/ap/Safari/OpenSource/Source/WebCore/loader/SubresourceLoader.cpp:351 #31 0x000000010480b99c in WebCore::SubresourceLoader::didFinishLoading(double) at /Users/ap/Safari/OpenSource/Source/WebCore/loader/SubresourceLoader.cpp:290 #32 0x0000000104637db5 in WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*, double) at /Users/ap/Safari/OpenSource/Source/WebCore/loader/ResourceLoader.cpp:489
Attachments
patch for EWS (1.77 KB, patch)
2013-09-17 16:50 PDT, Alexey Proskuryakov 		buildbot: commit-queue-
DetailsFormatted DiffDiff
Archive of layout-test-results from webkit-ews-03 for mac-mountainlion (627.47 KB, application/zip)
2013-09-18 11:22 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from webkit-ews-15 for mac-mountainlion-wk2 (608.19 KB, application/zip)
2013-09-18 11:58 PDT, Build Bot 		no flags
Details
Archive of layout-test-results from webkit-ews-07 for mac-mountainlion (633.42 KB, application/zip)
2013-09-18 12:25 PDT, Build Bot 		no flags
Details
proposed fix (24.35 KB, patch)
2013-09-19 14:38 PDT, Alexey Proskuryakov 		no flags
DetailsFormatted DiffDiff
Show Obsolete (4) View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2013-09-16 16:49:12 PDT
I can reproduce reliably if I convert this test to a .cgi, and add a sleep() at the last line. Makes good sense - all the checks in PageConsole::addMessage() pass, so we generate a line number from current parser line. I can't make sense of the checks though. Why do we generate a line number for the script when _not_ running a script? This seems opposite to what it should be.
Alexey Proskuryakov
Comment 2 2013-09-16 16:50:16 PDT
This is pretty much the same as bug 105280.
Alexey Proskuryakov
Comment 3 2013-09-16 17:02:21 PDT
So here is the reason why the check is what it is. This code is meant to produce line numbers for parser generated console messages (like e.g. frame sandbox attribute parsing errors). In the case of this particular test, I think that parser->isExecutingScript() may be giving a wrong result. But then there are tons of addConsoleMessage calls everywhere in WebKit that are neither. Consider for example WebSocketChannel::fail(), which is triggered by network level errors. If this happens during parsing, then current parser location will be randomly assigned as error line!
Alexey Proskuryakov
Comment 4 2013-09-16 17:15:36 PDT
> I think that parser->isExecutingScript() may be giving a wrong result. This function only tells you if parser is executing a script, not if a script is being executed for any other reason.
Mike West
Comment 5 2013-09-16 23:28:43 PDT
(In reply to comment #4) > > I think that parser->isExecutingScript() may be giving a wrong result. > > This function only tells you if parser is executing a script, not if a script is being executed for any other reason. You're entirely correct; this code is broken as written. My apologies. :/ I plan to resolve it in Blink by distinguishing between console messages that relate to parsing, and those that don't. After a not-terribly-deep audit, it looks like SecurityMessageSource is the only MessageSource that refers both to parsing errors and non-parsing errors. An initial attempt to separate those out is up at https://codereview.chromium.org/20890003/. I've abandoned that patch after discussion with pfeldman@, and I'd now like to just split SecurityMessageSource into two sources: ParsingSecurityMessageSource and NonparsingSecurityMessageSource (not with those names, of course :) ).
Alexey Proskuryakov
Comment 6 2013-09-17 16:50:13 PDT
Created attachment 211956 [details] patch for EWS Not trying to fix everything, just flakiness. Let's see what happens (not tested locally).
Build Bot
Comment 7 2013-09-18 11:22:34 PDT
Comment on attachment 211956 [details] patch for EWS Attachment 211956 [details] did not pass mac-ews (mac): Output: http://webkit-queues.appspot.com/results/1928203 New failing tests: fast/frames/sandboxed-iframe-attribute-parsing-14.html http/tests/security/contentSecurityPolicy/sandbox-empty.html http/tests/security/isolatedWorld/sandboxed-iframe.html fast/frames/sandboxed-iframe-attribute-parsing-07.html fast/frames/sandboxed-iframe-attribute-parsing-10.html http/tests/security/contentSecurityPolicy/sandbox-in-http-header.html http/tests/security/contentSecurityPolicy/sandbox-invalid-header.html fast/frames/sandboxed-iframe-attribute-parsing-06.html http/tests/security/mixedContent/insecure-script-in-iframe.html fast/frames/sandboxed-iframe-attribute-parsing-12.html fast/frames/sandboxed-iframe-scripting-04.html fast/frames/sandboxed-iframe-parsing-space-characters.html fast/frames/sandboxed-iframe-attribute-parsing-13.html fast/frames/sandboxed-iframe-attribute-parsing-09.html fast/frames/sandboxed-iframe-attribute-parsing-11.html fast/frames/sandboxed-iframe-attribute-parsing-08.html http/tests/security/contentSecurityPolicy/sandbox-empty-subframe.html http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe.html media/video-controls-no-scripting.html http/tests/security/contentSecurityPolicy/sandbox-in-http-header-control.html
Build Bot
Comment 8 2013-09-18 11:22:35 PDT
Created attachment 212006 [details] Archive of layout-test-results from webkit-ews-03 for mac-mountainlion The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: webkit-ews-03 Port: mac-mountainlion Platform: Mac OS X 10.8.5
Build Bot
Comment 9 2013-09-18 11:58:45 PDT
Comment on attachment 211956 [details] patch for EWS Attachment 211956 [details] did not pass mac-wk2-ews (mac-wk2): Output: http://webkit-queues.appspot.com/results/1835193 New failing tests: fast/frames/sandboxed-iframe-attribute-parsing-14.html http/tests/security/contentSecurityPolicy/sandbox-empty.html http/tests/security/isolatedWorld/sandboxed-iframe.html fast/frames/sandboxed-iframe-attribute-parsing-07.html fast/frames/sandboxed-iframe-attribute-parsing-10.html http/tests/security/contentSecurityPolicy/sandbox-in-http-header.html http/tests/security/contentSecurityPolicy/sandbox-invalid-header.html fast/frames/sandboxed-iframe-attribute-parsing-06.html http/tests/security/mixedContent/insecure-script-in-iframe.html fast/frames/sandboxed-iframe-attribute-parsing-12.html fast/frames/sandboxed-iframe-scripting-04.html fast/frames/sandboxed-iframe-parsing-space-characters.html fast/frames/sandboxed-iframe-attribute-parsing-13.html fast/frames/sandboxed-iframe-attribute-parsing-09.html fast/frames/sandboxed-iframe-attribute-parsing-11.html fast/frames/sandboxed-iframe-attribute-parsing-08.html http/tests/security/contentSecurityPolicy/sandbox-empty-subframe.html http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe.html media/video-controls-no-scripting.html http/tests/security/contentSecurityPolicy/sandbox-in-http-header-control.html
Build Bot
Comment 10 2013-09-18 11:58:46 PDT
Created attachment 212008 [details] Archive of layout-test-results from webkit-ews-15 for mac-mountainlion-wk2 The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews. Bot: webkit-ews-15 Port: mac-mountainlion-wk2 Platform: Mac OS X 10.8.5
Build Bot
Comment 11 2013-09-18 12:25:53 PDT
Comment on attachment 211956 [details] patch for EWS Attachment 211956 [details] did not pass mac-ews (mac): Output: http://webkit-queues.appspot.com/results/1888294 New failing tests: fast/frames/sandboxed-iframe-attribute-parsing-14.html http/tests/security/contentSecurityPolicy/sandbox-empty.html http/tests/security/isolatedWorld/sandboxed-iframe.html fast/frames/sandboxed-iframe-attribute-parsing-07.html fast/frames/sandboxed-iframe-attribute-parsing-10.html http/tests/security/contentSecurityPolicy/sandbox-in-http-header.html http/tests/security/contentSecurityPolicy/sandbox-invalid-header.html fast/frames/sandboxed-iframe-attribute-parsing-06.html http/tests/security/mixedContent/insecure-script-in-iframe.html fast/frames/sandboxed-iframe-attribute-parsing-12.html fast/frames/sandboxed-iframe-scripting-04.html fast/frames/sandboxed-iframe-parsing-space-characters.html fast/frames/sandboxed-iframe-attribute-parsing-13.html fast/frames/sandboxed-iframe-attribute-parsing-09.html fast/frames/sandboxed-iframe-attribute-parsing-11.html fast/frames/sandboxed-iframe-attribute-parsing-08.html http/tests/security/contentSecurityPolicy/sandbox-empty-subframe.html http/tests/security/mixedContent/redirect-http-to-https-script-in-iframe.html media/video-controls-no-scripting.html http/tests/security/contentSecurityPolicy/sandbox-in-http-header-control.html
Build Bot
Comment 12 2013-09-18 12:25:55 PDT
Created attachment 212011 [details] Archive of layout-test-results from webkit-ews-07 for mac-mountainlion The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: webkit-ews-07 Port: mac-mountainlion Platform: Mac OS X 10.8.5
Alexey Proskuryakov
Comment 13 2013-09-19 14:38:31 PDT
Created attachment 212098 [details] proposed fix This is a very targeted fix. I expect it to fix flakiness on this test, but not necessarily everywhere. It also happened to make us get line numbers where we didn't use to before, which is nice.
Alexey Proskuryakov
Comment 14 2013-09-19 15:54:56 PDT
Comment on attachment 212098 [details] proposed fix EWS is green, let's see how it goes.
WebKit Commit Bot
Comment 15 2013-09-19 16:18:52 PDT
Comment on attachment 212098 [details] proposed fix Clearing flags on attachment: 212098 Committed r156130: <http://trac.webkit.org/changeset/156130>
WebKit Commit Bot
Comment 16 2013-09-19 16:18:55 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.