Bug 24133 - Crash when loading GMail and stop loading
Summary: Crash when loading GMail and stop loading
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: 528+ (Nightly build)
Hardware: Other All
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-02-24 13:27 PST by Adam Treat
Modified: 2009-02-26 12:10 PST (History)
1 user (show)

See Also:

Attachments
Fixes crash (3.09 KB, patch)
2009-02-24 13:57 PST, Adam Treat 		no flags Details | Formatted Diff | Diff
New version that includes a layout test (5.26 KB, patch)
2009-02-26 10:56 PST, Adam Treat 		no flags Details | Formatted Diff | Diff
New version crashes more reliably (5.92 KB, patch)
2009-02-26 11:52 PST, Adam Treat 		koivisto: review+
Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Treat 2009-02-24 13:27:51 PST 
Loading up Gmail.com and then canceling the load while it is still loading results in a crash and ASSERT:

ASSERTION FAILED: docLoader->requestCount() == 0
(../../../../WebCore/loader/loader.cpp:178 void WebCore::Loader::cancelRequests(WebCore::DocLoader*))

Patch forthcoming.
Comment 1 Adam Treat 2009-02-24 13:57:55 PST 
Created attachment 27933 [details]
Fixes crash

I'm trying to come up with reproducible test, but if not this is the fix.
Comment 2 Alexey Proskuryakov 2009-02-25 06:56:20 PST 
This is exactly the kind of fix that really needs automated tests.

We have some examples of slow loading e.g. in http/tests/incremental
Comment 3 Adam Treat 2009-02-25 07:11:33 PST 
I've been working on a test all morning.  In fact, I did all of this precisely to try and generate a layout test:

http://trac.webkit.org/changeset/41211

However, now that the Qt port can do such a slow loading tests, I haven't been able to come up with one that causes the crash.  Here's why:

The theory behind the crash is that if the user stops the loading while the preloader is active, then this results in a crash.

However, with a layout test I can not automate this stoppage of loading since I'd have to be able to do it via JavaScript.  Well, no JavaScript is executed in this preloading stage.  That's the whole point of the preloader actually.  While a script is loading the preloader goes ahead and continues tokenizing and initiates the network loading of other resources, but it does not allow to execute scripts out of order.  Thus, while a script is loading and the tokenizer is thus blocked, I can not programmatically stop the load via JavaScript.

I don't know how to get around this.
Comment 4 Alexey Proskuryakov 2009-02-25 07:16:03 PST 
Could preloading be stopped with JS running in a different frame?
Comment 5 Adam Treat 2009-02-26 10:56:17 PST 
Created attachment 28022 [details]
New version that includes a layout test

I've added a layout test that crashes reproducibly and reliably without this patch.
Comment 6 Adam Treat 2009-02-26 11:52:04 PST 
Created attachment 28029 [details]
New version crashes more reliably
Comment 7 Darin Adler 2009-02-26 11:53:51 PST 
Comment on attachment 28029 [details]
New version crashes more reliably

Too bad we have to add another function to DocLoader! Good fix, though, and great to have a high quality test for it.

r=me
Comment 8 Alexey Proskuryakov 2009-02-26 11:57:54 PST 
Comment on attachment 28029 [details]
New version crashes more reliably

> +        * http/tests/misc/slow-preload-cancel-expected.txt: Added.
> +        * http/tests/misc/slow-preload-cancel.html: Added.

Please fix the ChangeLog to mention new files.

> +</script>
> \ No newline at end of file

Please add one.
Comment 9 Adam Treat 2009-02-26 12:10:48 PST 
Fixed with r41265.