Bug 18847 - [GTK] crash when closing video that is streaming
Summary: [GTK] crash when closing video that is streaming
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Plug-ins (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC OS X 10.5
: P2 Critical
Assignee: Nobody
URL: http://www.youtube.com
Keywords: Gtk, Soup
Depends on:
Blocks:
 
Reported: 2008-05-02 10:09 PDT by Benjamin Otte
Modified: 2009-03-19 07:02 PDT (History)
5 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Benjamin Otte 2008-05-02 10:09:32 PDT 
1) install swfdec-mozilla's plugin from git (I guess Adobe has the same problem, but didn't test)
2) configure webkit with soup backend (no idea if it'd break with curl, too)
3) go to Youtube
4) watch any video
5) leave site while video is still loading

result:
Program received signal SIGSEGV, Segmentation fault.
0x00000007 in ?? ()
(gdb) where
#0  0x00000007 in ?? ()
#1  0xb7ba9e20 in WebCore::NetscapePlugInStreamLoader::didFinishLoading (this=0xb598a1c0) at WebCore/loader/NetscapePlugInStreamLoader.cpp:97
#2  0xb7baca38 in WebCore::ResourceLoader::didFinishLoading (this=0xb598a1c0) at WebCore/loader/ResourceLoader.cpp:389
#3  0xb7d1eda5 in WebCore::ResourceHandle::cancel (this=0xb2a07818) at WebCore/platform/network/soup/ResourceHandleSoup.cpp:345
#4  0xb7bad7d5 in WebCore::ResourceLoader::didCancel (this=0xb598a1c0, error=@0xbf8e63a0) at WebCore/loader/ResourceLoader.cpp:328
#5  0xb7ba9aa1 in WebCore::NetscapePlugInStreamLoader::didCancel (this=0xb598a1c0, error=@0xbf8e63a0)
    at WebCore/loader/NetscapePlugInStreamLoader.cpp:116
#6  0xb7bad173 in WebCore::ResourceLoader::cancel (this=0xb598a1c0, error=@0xbf8e63e0) at WebCore/loader/ResourceLoader.cpp:349
#7  0xb7bacae7 in WebCore::ResourceLoader::cancel (this=0xb598a1c0) at WebCore/loader/ResourceLoader.cpp:339
#8  0xb7b7e995 in cancelAll (loaders=@0xb22ec03c) at WebCore/loader/DocumentLoader.cpp:126
#9  0xb7b7e9f0 in WebCore::DocumentLoader::stopLoadingPlugIns (this=0xb22ec000) at WebCore/loader/DocumentLoader.cpp:724
#10 0xb7b7fab1 in WebCore::DocumentLoader::stopLoading (this=0xb22ec000) at WebCore/loader/DocumentLoader.cpp:310
#11 0xb7b8ccac in WebCore::FrameLoader::stopAllLoaders (this=0xb591ba24) at WebCore/loader/FrameLoader.cpp:2493
#12 0xb7b95a18 in WebCore::FrameLoader::continueLoadAfterNavigationPolicy (this=0xb591ba24, request=@0xbf8e65dc, formState=@0xbf8e656c, 
    shouldContinue=true) at WebCore/loader/FrameLoader.cpp:3734
#13 0xb7b95b82 in WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy (argument=0xb591ba24, request=@0xbf8e65dc, formState=@0xbf8e65ac, 
    shouldContinue=true) at WebCore/loader/FrameLoader.cpp:3694
#14 0xb7b8c763 in WebCore::PolicyCheck::call (this=0xbf8e65dc, shouldContinue=true) at WebCore/loader/FrameLoader.cpp:4689
#15 0xb7b8c990 in WebCore::FrameLoader::continueAfterNavigationPolicy (this=0xb591ba24, policy=WebCore::PolicyUse)
    at WebCore/loader/FrameLoader.cpp:3687
#16 0xb794d488 in WebKit::FrameLoaderClient::dispatchDecidePolicyForNavigationAction (this=0xb5918f00, 
    policyFunction=0xb7b8c804 <WebCore::FrameLoader::continueAfterNavigationPolicy(WebCore::PolicyAction)>, action=@0xbf8e67d8, 
    resourceRequest=@0xb22f01d8) at WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:283
#17 0xb7b8c671 in WebCore::FrameLoader::checkNavigationPolicy (this=0xb591ba24, request=@0xb22f01d8, loader=0xb22f0000, formState=@0xbf8e686c, 
    function=0xb7b95b3c <WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>, argument=0xb591ba24) at WebCore/loader/FrameLoader.cpp:3656
#18 0xb7b8d7f7 in WebCore::FrameLoader::load (this=0xb591ba24, loader=0xb22f0000, type=WebCore::FrameLoadTypeStandard, formState=@0xbf8e6918)
    at WebCore/loader/FrameLoader.cpp:2241
#19 0xb7b8e37a in WebCore::FrameLoader::load (this=0xb591ba24, request=@0xbf8e695c, action=@0xbf8e69e8, type=WebCore::FrameLoadTypeStandard, 
    formState=@0xbf8e6a3c) at WebCore/loader/FrameLoader.cpp:2194
#20 0xb7b8e9c2 in WebCore::FrameLoader::load (this=0xb591ba24, newURL=@0xbf8e6bb4, referrer=@0xbf8e6b2c, 
    newLoadType=WebCore::FrameLoadTypeStandard, frameName=@0xbf8e6c40, event=0xb17ff310, formState=@0xbf8e6b04)
    at WebCore/loader/FrameLoader.cpp:2142
#21 0xb7b8fa53 in WebCore::FrameLoader::load (this=0xb591ba24, request=@0xbf8e6bb4, lockHistory=false, userGesture=true, event=0xb17ff310, 
    submitForm=0xb5948ea0, formValues=@0xb591bb9c) at WebCore/loader/FrameLoader.cpp:2078
#22 0xb7b8fdf7 in WebCore::FrameLoader::submitForm (this=0xb591ba24, request=@0xbf8e6bb4, event=0xb17ff310) at WebCore/loader/FrameLoader.cpp:3253
#23 0xb7b903cc in WebCore::FrameLoader::submitForm (this=0xb591ba24, action=0xb7edd6ea "GET", url=@0xb5948f0c, formData=@0xbf8e6d38, 
    target=@0xb5948f10, contentType=@0xbf8e6d34, boundary=@0xbf8e6d30, event=0xb17ff310) at WebCore/loader/FrameLoader.cpp:567
#24 0xb7b26a58 in WebCore::HTMLFormElement::submit (this=0xb5948ea0, event=0xb17ff310, activateSubmitButton=true)
    at WebCore/html/HTMLFormElement.cpp:494
#25 0xb7b26c17 in WebCore::HTMLFormElement::prepareSubmit (this=0xb5948ea0, event=0xb17ff310) at WebCore/html/HTMLFormElement.cpp:365
#26 0xb7b38705 in WebCore::HTMLInputElement::defaultEventHandler (this=0xb5918280, evt=0xb17ff310) at WebCore/html/HTMLInputElement.cpp:1160
#27 0xb7a72910 in WebCore::EventTarget::dispatchGenericEvent (this=0xb59182a8, referenceNode=0xb5918280, e=@0xbf8e701c, tempEvent=true)
    at WebCore/dom/EventTarget.cpp:262
#28 0xb7a7397f in WebCore::EventTargetNode::dispatchEvent (this=0xb5918280, e=@0xbf8e7074, ec=@0xbf8e7084, tempEvent=true)
    at WebCore/dom/EventTargetNode.cpp:121
...
Comment 1 Alp Toker 2008-05-02 18:50:50 PDT 
This seems to be a bug in the soup backend, caused by didFinishLoading() calls in cancel().
Comment 2 Alp Toker 2008-05-02 18:52:43 PDT 
This fixes the issue in ResourceHandleSoup.cpp, but I'm not too sure what the correct fix will be:

void ResourceHandle::cancel()
{
    d->m_cancelled = true;
    if (d->m_msg) {
        soup_session_cancel_message(session, d->m_msg, SOUP_STATUS_CANCELLED);
        // For re-entrancy troubles we call didFinishLoading when the message hasn't been handled yet.
        // FIXME: Temporarily disabled to work around plugin crash
        // http://bugs.webkit.org/show_bug.cgi?id=18847
        //d->client()->didFinishLoading(this);
    } else if (d->m_cancellable) {
        g_cancellable_cancel(d->m_cancellable);
        // FIXME: Temporarily disabled to work around plugin crash
        // http://bugs.webkit.org/show_bug.cgi?id=18847
        //d->client()->didFinishLoading(this);
    }
}
Comment 3 Hiroyuki Ikezoe 2009-01-05 20:46:11 PST 
I confirmed this bug is fixed by the patch bug #23116.
Comment 4 Gustavo Noronha (kov) 2009-03-19 07:02:34 PDT 
I hadn't seen that bug before =/. Yeah, that was exactly the fix that was actually landed: http://trac.webkit.org/changeset/41453.