Bug 138057 - Crash when navigating to a new page while MathJax is still loading
Summary: Crash when navigating to a new page while MathJax is still loading
Status: NEW
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-24 14:05 PDT by Patrick Ward
Modified: 2016-01-08 17:04 PST (History)
7 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Patrick Ward 2014-10-24 14:05:38 PDT 
Pages with a significant amount of rendering being done with MathJax, like http://es.wikipedia.org/wiki/Constante_de_Planck, can cause libjavascriptcoregtk to hang and eventually crash if a link is clicked on the page while MathJax is still being rendered.

Steps to reproduce:

1) Navigate to http://es.wikipedia.org/wiki/Constante_de_Planck
2) While the page is still rendering MathJax, very quickly click on another link
3) If the hang does not happen right away, then keep trying to quickly clik on another link on the same page or any other page with a significant amount of rendering being done with MathJax

I am able to reliably reproduce the crash with the following stack trace:

(epiphany-browser:2321): GLib-CRITICAL **: Source ID 6706 was not found when attempting to remove it
1   0xb5637890 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(WTFCrash+0x20) [0xb5637890]
2   0xb5643458 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF11fastReallocEPvj+0x658) [0xb5643458]
3   0xb566f8b6 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF10StringImpl10reallocateENS_10PassRefPtrIS0_EEjRPh+0x46) [0xb566f8b6]
4   0xb5667f12 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF13StringBuilder16reallocateBufferIhEEvj+0x82) [0xb5667f12]
5   0xb566830a /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF13StringBuilder6appendEPKhj+0x14a) [0xb566830a]
6   0xb53a507e /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3JSC11Interpreter18stackTraceAsStringEPNS_9ExecStateEN3WTF6VectorINS_10StackFrameELj0ENS3_15CrashOnOverflowEEE+0x7e) [0xb53a507e]
7   0xb5504e56 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3JSC13ErrorInstance14finishCreationERNS_2VMERKN3WTF6StringENS3_6VectorINS_10StackFrameELj0ENS3_15CrashOnOverflowEEE+0x2e6) [0xb5504e56]
8   0xb55012ce /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3JSC11Interpreter20callErrorConstructorEPNS_9ExecStateE+0x16e) [0xb55012ce]
9   0xb53f3446 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(+0x339446) [0xb53f3446]
10  0xb53f4dee /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(linkFor+0x5e) [0xb53f4dee]
11  0xb53f3775 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(+0x339775) [0xb53f3775]

Note that the hang and crash do not happen when I navigate to the same page and quickly click on links in Chromium. Chromium still hangs briefly, but it does not crash and it correctly navigates to the next page. In one such instance, I saw a small notification in the lower left-hand corner of Chromium that a MathJax file failed to load. Chromium still successfully navigated to the next page.
Comment 1 Patrick Ward 2014-10-24 14:30:32 PDT 
Adding a few people to the CC list who might be interested, according to the git log.
Comment 2 Philip Chimento 2016-01-08 17:04:12 PST 
With 2.10.2 I'm not able to reproduce this; instead, I get the behaviour that Patrick reported for Chromium:

> hangs briefly, but it does not crash and it correctly navigates to the next page.