44381 – ASSERTION FAILED: m_type == Uninitialized || m_type == Character

Bug 44381 - ASSERTION FAILED: m_type == Uninitialized || m_type == Character

Summary: ASSERTION FAILED: m_type == Uninitialized || m_type == Character

Status:	RESOLVED DUPLICATE of bug 44209

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2010-08-21 09:20 PDT by Tony Gentilcore
Modified:	2010-08-21 09:49 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
Testcase (45 bytes, text/html) 2010-08-21 09:20 PDT, Tony Gentilcore	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tony Gentilcore 2010-08-21 09:20:37 PDT

Created attachment 65027 [details]
Testcase

This DOM triggers an ASSERT:

FAIL<iframe onload="document.write('PASS')">

ASSERTION FAILED: m_type == Uninitialized || m_type == Character
(/work/WebKit/WebCore/html/HTMLToken.h:117 void WebCore::HTMLToken::ensureIsCharacterToken())

I suspect this is closely related to the fix from bug 43055. Adding a document.open() before the document.write() avoids the ASSERT. I haven't debugged, but it looks like Document::open() bails out if parser->isExecutingScript().

I'll be on vacation next week, so I probably won't be able to get to this in a timely manner.

Comment 1 Eric Seidel (no email) 2010-08-21 09:49:07 PDT


*** This bug has been marked as a duplicate of bug 44209 ***