NEW 138057
Crash when navigating to a new page while MathJax is still loading 
https://bugs.webkit.org/show_bug.cgi?id=138057
Summary Crash when navigating to a new page while MathJax is still loading
Patrick Ward
Reported 2014-10-24 14:05:38 PDT
Pages with a significant amount of rendering being done with MathJax, like http://es.wikipedia.org/wiki/Constante_de_Planck, can cause libjavascriptcoregtk to hang and eventually crash if a link is clicked on the page while MathJax is still being rendered. Steps to reproduce: 1) Navigate to http://es.wikipedia.org/wiki/Constante_de_Planck 2) While the page is still rendering MathJax, very quickly click on another link 3) If the hang does not happen right away, then keep trying to quickly clik on another link on the same page or any other page with a significant amount of rendering being done with MathJax I am able to reliably reproduce the crash with the following stack trace: (epiphany-browser:2321): GLib-CRITICAL **: Source ID 6706 was not found when attempting to remove it 1 0xb5637890 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(WTFCrash+0x20) [0xb5637890] 2 0xb5643458 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF11fastReallocEPvj+0x658) [0xb5643458] 3 0xb566f8b6 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF10StringImpl10reallocateENS_10PassRefPtrIS0_EEjRPh+0x46) [0xb566f8b6] 4 0xb5667f12 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF13StringBuilder16reallocateBufferIhEEvj+0x82) [0xb5667f12] 5 0xb566830a /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF13StringBuilder6appendEPKhj+0x14a) [0xb566830a] 6 0xb53a507e /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3JSC11Interpreter18stackTraceAsStringEPNS_9ExecStateEN3WTF6VectorINS_10StackFrameELj0ENS3_15CrashOnOverflowEEE+0x7e) [0xb53a507e] 7 0xb5504e56 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3JSC13ErrorInstance14finishCreationERNS_2VMERKN3WTF6StringENS3_6VectorINS_10StackFrameELj0ENS3_15CrashOnOverflowEEE+0x2e6) [0xb5504e56] 8 0xb55012ce /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3JSC11Interpreter20callErrorConstructorEPNS_9ExecStateE+0x16e) [0xb55012ce] 9 0xb53f3446 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(+0x339446) [0xb53f3446] 10 0xb53f4dee /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(linkFor+0x5e) [0xb53f4dee] 11 0xb53f3775 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(+0x339775) [0xb53f3775] Note that the hang and crash do not happen when I navigate to the same page and quickly click on links in Chromium. Chromium still hangs briefly, but it does not crash and it correctly navigates to the next page. In one such instance, I saw a small notification in the lower left-hand corner of Chromium that a MathJax file failed to load. Chromium still successfully navigated to the next page.
Attachments
Add attachment proposed patch, testcase, etc.
Patrick Ward
Comment 1 2014-10-24 14:30:32 PDT
Adding a few people to the CC list who might be interested, according to the git log.
Philip Chimento
Comment 2 2016-01-08 17:04:12 PST
With 2.10.2 I'm not able to reproduce this; instead, I get the behaviour that Patrick reported for Chromium: > hangs briefly, but it does not crash and it correctly navigates to the next page.
Note You need to log in before you can comment on or make changes to this bug.