Bug 42563 - Assertion failure in ResourceHandle::setDefersLoading when running plugins/return-negative-one-from-write.html on Windows
Summary: Assertion failure in ResourceHandle::setDefersLoading when running plugins/re...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Plug-ins (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Windows XP
: P2 Normal
Assignee: Nobody
URL: http://build.webkit.org/results/Windo...
Keywords: PlatformOnly
Depends on:
Blocks:
 
Reported: 2010-07-19 07:19 PDT by Adam Roben (:aroben)
Modified: 2010-07-19 09:23 PDT (History)
2 users (show)

See Also:

Attachments
Patch (1.88 KB, patch)
2010-07-19 07:39 PDT, Adam Roben (:aroben) 		andersca: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Roben (:aroben) 2010-07-19 07:19:00 PDT 
To reproduce:

1. set-webkit-configuration --debug
2. run-webkit-tests plugins/return-negative-one-from-write.html

You'll hit an assertion in ResourceHandle::setDefersLoading:

    ASSERT(d->m_defersLoading != defers); // Deferring is not counted, so calling setDefersLoading() repeatedly is likely to be in error.

d->m_defersLoading and defers are both true.

I don't know what the effect is in a Release build. The release test bot seems not to be crashing on this test, however.

Here's the backtrace:

>	WebKit.dll!WebCore::ResourceHandle::setDefersLoading(bool defers=true)  Line 148 + 0x36 bytes	C++
 	WebKit.dll!WebCore::ResourceLoader::setDefersLoading(bool defers=true)  Line 155	C++
 	WebKit.dll!WebCore::PluginStream::destroyStream()  Line 271 + 0x22 bytes	C++
 	WebKit.dll!WebCore::PluginStream::destroyStream(short reason=0x0001)  Line 239	C++
 	WebKit.dll!WebCore::PluginStream::cancelAndDestroyStream(short reason=0x0001)  Line 224	C++
 	WebKit.dll!WebCore::PluginStream::deliverData()  Line 360	C++
 	WebKit.dll!WebCore::PluginStream::didReceiveData(WebCore::NetscapePlugInStreamLoader * loader=0x067a2138, const char * data=0x0684d9a8, int length=0x00000004)  Line 432	C++
 	WebKit.dll!WebCore::NetscapePlugInStreamLoader::didReceiveData(const char * data=0x0684d9a8, int length=0x00000004, __int64 lengthReceived=0x0000000000000004, bool allAtOnce=false)  Line 93 + 0x27 bytes	C++
 	WebKit.dll!WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle * __formal=0x06821da0, const char * data=0x0684d9a8, int length=0x00000004, int lengthReceived=0x00000004)  Line 431 + 0x1f bytes	C++
 	WebKit.dll!WebCore::didReceiveData(_CFURLConnection * conn=0x0ace0160, const __CFData * data=0x06780730, long originalLength=0x00000004, const void * clientInfo=0x06821da0)  Line 214 + 0x2a bytes	C++
Comment 1 Adam Roben (:aroben) 2010-07-19 07:22:17 PDT 
It looks like the problem is in PluginStream::deliverData. <http://trac.webkit.org/browser/trunk/WebCore/plugins/PluginStream.cpp?rev=58590#L343> calls setDefersLoading(true), then <http://trac.webkit.org/browser/trunk/WebCore/plugins/PluginStream.cpp?rev=58590#L359> calls cancelAndDestroyStream, which ends up calling setDefersLoading(true) again beneath destroyStream.

(There's actually another problem here: When we return early from deliverData at <http://trac.webkit.org/browser/trunk/WebCore/plugins/PluginStream.cpp?rev=58590#L360>, we never call setDefersLoading(false).)
Comment 2 Adam Roben (:aroben) 2010-07-19 07:24:13 PDT 
This test has been asserting since it was added in r62739.
Comment 3 Adam Roben (:aroben) 2010-07-19 07:25:01 PDT 
Calling setDefersLoading(false) just before calling cancelAndDestroyStream seems like it should fix the problem.
Comment 4 Adam Roben (:aroben) 2010-07-19 07:39:46 PDT 
Created attachment 61949 [details]
Patch
Comment 5 Adam Roben (:aroben) 2010-07-19 09:23:36 PDT 
Committed r63667: <http://trac.webkit.org/changeset/63667>