RESOLVED FIXED 22073
REGRESSION(r33544): Palace in the Sky crashes WebKit 
https://bugs.webkit.org/show_bug.cgi?id=22073
Summary REGRESSION(r33544): Palace in the Sky crashes WebKit
Trevor Downs
Reported 2008-11-04 21:52:18 PST
http://www.palaceinthesky.com/top-humor-webcomics.php has caused WebKit to crash repeatedly. Attached will be a copy of the page and the crash logs. To recreate: Go to http://www.palaceinthesky.com/top-humor-webcomics.php Browser should crash before page finishes loading.
Attachments
This is the page that crashed. (3.83 KB, text/html)
2008-11-04 21:53 PST, Trevor Downs 		no flags
Details
Crash log (105.92 KB, text/plain)
2008-11-04 21:55 PST, Trevor Downs 		no flags
Details
patch (5.21 KB, patch)
2008-11-24 19:56 PST, Antti Koivisto 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Trevor Downs
Comment 1 2008-11-04 21:53:25 PST
Created attachment 24903 [details] This is the page that crashed.
Trevor Downs
Comment 2 2008-11-04 21:55:37 PST
Created attachment 24904 [details] Crash log These are some of the crash logs from trying to open this site.
Trevor Downs
Comment 3 2008-11-07 02:15:09 PST
It looks like I am getting the same crash from http://galaxioncomics.com/?p=232
Julien Chaffraix
Comment 4 2008-11-23 17:11:08 PST
Confirmed on Tip-Of-Trunk: the page attached to the bug does not crash for me but one of the link pasted does. Trying it with a debug build, I get an assertion failure: ASSERTION FAILED: !m_pendingScripts.isEmpty() (/Users/jchaffraix/WebKitTrunk/WebCore/html/HTMLTokenizer.cpp:1954 virtual void WebCore::HTMLTokenizer::notifyFinished(WebCore::CachedResource*)) Moving it to P1 as it is a crasher.
Mark Rowe (bdash)
Comment 5 2008-11-24 03:23:12 PST
*** Bug 22447 has been marked as a duplicate of this bug. ***
Mark Rowe (bdash)
Comment 6 2008-11-24 05:32:03 PST
Regressed in r33544: <http://trac.webkit.org/changeset/33544>.
Mark Rowe (bdash)
Comment 7 2008-11-24 05:32:17 PST
<rdar://problem/6396330>
Antti Koivisto
Comment 8 2008-11-24 19:56:38 PST
Created attachment 25468 [details] patch
Darin Adler
Comment 9 2008-11-24 22:13:35 PST
Comment on attachment 25468 [details] patch r=me
Antti Koivisto
Comment 10 2008-11-25 00:13:26 PST
Sending LayoutTests/ChangeLog Adding LayoutTests/fast/tokenizer/nested-cached-scripts-and-stylesheet-expected.txt Adding LayoutTests/fast/tokenizer/nested-cached-scripts-and-stylesheet.html Adding LayoutTests/fast/tokenizer/resources/load-stylesheet-and-document-write-script.js Sending WebCore/ChangeLog Sending WebCore/html/HTMLTokenizer.cpp Transmitting file data ...... Committed revision 38748.
Antti Koivisto
Comment 11 2008-11-27 12:13:02 PST
*** Bug 21992 has been marked as a duplicate of this bug. ***
Cameron Zwarich (cpst)
Comment 12 2008-11-30 09:47:51 PST
*** Bug 19518 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.