52013 – REGRESSION (r74663): ASSERTION FAILED: m_tokenizer->lineNumber() == line.zeroBasedInt()

RESOLVED FIXED 52013

REGRESSION (r74663): ASSERTION FAILED: m_tokenizer->lineNumber() == line.zeroBasedInt()

https://bugs.webkit.org/show_bug.cgi?id=52013

Summary REGRESSION (r74663): ASSERTION FAILED: m_tokenizer->lineNumber() == line.zero...

Simon Fraser (smfr)

Reported 2011-01-06 13:35:56 PST

When I load http://www.macnn.com, I this this assertion: ASSERTION FAILED: m_tokenizer->lineNumber() == line.zeroBasedInt() at (gdb) bt #0 0x00000001033d6fc8 in WebCore::HTMLDocumentParser::textPosition (this=0x12c89b000) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/parser/HTMLDocumentParser.cpp:413 #1 0x0000000103445bcd in WebCore::HTMLTreeBuilder::processScriptStartTag (this=0x10b3a6db0, token=@0x7fff5fbfd580) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/parser/HTMLTreeBuilder.cpp:2780 #2 0x000000010344e6d2 in WebCore::HTMLTreeBuilder::processStartTagForInHead (this=0x10b3a6db0, token=@0x7fff5fbfd580) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/parser/HTMLTreeBuilder.cpp:2743 #3 0x000000010344f4c2 in WebCore::HTMLTreeBuilder::processStartTagForInBody (this=0x10b3a6db0, token=@0x7fff5fbfd580) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/parser/HTMLTreeBuilder.cpp:733 #4 0x0000000103448521 in WebCore::HTMLTreeBuilder::processStartTag (this=0x10b3a6db0, token=@0x7fff5fbfd580) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/parser/HTMLTreeBuilder.cpp:1212 #5 0x0000000103447d55 in WebCore::HTMLTreeBuilder::processToken (this=0x10b3a6db0, token=@0x7fff5fbfd580) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/parser/HTMLTreeBuilder.cpp:471 #6 0x000000010345115c in WebCore::HTMLTreeBuilder::constructTreeFromAtomicToken (this=0x10b3a6db0, token=@0x7fff5fbfd580) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/parser/HTMLTreeBuilder.cpp:452 #7 0x0000000103451236 in WebCore::HTMLTreeBuilder::constructTreeFromToken (this=0x10b3a6db0, rawToken=@0x12c89b0b0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/parser/HTMLTreeBuilder.cpp:447 #8 0x00000001033d7621 in WebCore::HTMLDocumentParser::pumpTokenizer (this=0x12c89b000, mode=WebCore::HTMLDocumentParser::AllowYield) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/parser/HTMLDocumentParser.cpp:232 #9 0x00000001033d7938 in WebCore::HTMLDocumentParser::pumpTokenizerIfPossible (this=0x12c89b000, mode=WebCore::HTMLDocumentParser::AllowYield) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/parser/HTMLDocumentParser.cpp:169 #10 0x00000001033d79ef in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution (this=0x12c89b000) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/parser/HTMLDocumentParser.cpp:429 #11 0x00000001033d7d19 in WebCore::HTMLDocumentParser::notifyFinished (this=0x12c89b000, cachedResource=0x130469460) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/parser/HTMLDocumentParser.cpp:474 #12 0x0000000102ffa0c0 in WebCore::CachedScript::checkNotify (this=0x130469460) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/loader/cache/CachedScript.cpp:100 #13 0x0000000102ffa1d2 in WebCore::CachedScript::data (this=0x130469460, data=@0x7fff5fbfd760, allDataReceived=true) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/loader/cache/CachedScript.cpp:90 #14 0x0000000102ff919f in WebCore::CachedResourceRequest::didFinishLoading (this=0x13049c250, loader=0x13049ae50) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/loader/cache/CachedResourceRequest.cpp:159 #15 0x0000000103ae0086 in WebCore::SubresourceLoader::didFinishLoading (this=0x13049ae50, finishTime=0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/loader/SubresourceLoader.cpp:181 #16 0x0000000103a22eb4 in WebCore::ResourceLoader::didFinishLoading (this=0x13049ae50, finishTime=0) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/loader/ResourceLoader.cpp:437 #17 0x0000000103a1e341 in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] (self=0x130491aa0, _cmd=0x7fff87d54b96, connection=0x130498a60) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/platform/network/mac/ResourceHandleMac.mm:924 #18 0x00007fff87c2e728 in _NSURLConnectionDidFinishLoading () #19 0x00007fff81edb2ac in URLConnectionClient::_clientDidFinishLoading () #20 0x00007fff81f409c6 in URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload () #21 0x00007fff81f40c32 in URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload () #22 0x00007fff81ec7979 in URLConnectionClient::processEvents () #23 0x00007fff81ec7754 in MultiplexerSource::perform () #24 0x00007fff804b2401 in __CFRunLoopDoSources0 () #25 0x00007fff804b05f9 in __CFRunLoopRun ()

Attachments
Patch (3.26 KB, patch) 2011-01-06 17:56 PST, Adam Barth	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Adam Barth

Comment 1 2011-01-06 15:31:46 PST

I has the repro.

Andy Estes

Comment 2 2011-01-06 16:29:03 PST

*** Bug 52033 has been marked as a duplicate of this bug. ***

Andy Estes

Comment 3 2011-01-06 16:30:08 PST

<rdar://problem/8821575>

Adam Barth

Comment 4 2011-01-06 16:47:18 PST

I've reproed the wikipedia version too.

Adam Barth

Comment 5 2011-01-06 17:28:22 PST

Reduced test case: <script>document.writeln("\n"); </script><script></script>

Adam Barth

Comment 6 2011-01-06 17:36:53 PST

Simon Fraser (smfr)

Comment 7 2011-01-06 17:44:11 PST

Someone fingered this as the commit that caused it: http://trac.webkit.org/changeset/74663

Adam Barth

Comment 8 2011-01-06 17:49:17 PST

Yep. I think I see the bug. Building/testing fix now.

Adam Barth

Comment 9 2011-01-06 17:56:51 PST

Created attachment 78194 [details] Patch

WebKit Commit Bot

Comment 10 2011-01-06 21:14:44 PST

Comment on attachment 78194 [details] Patch Clearing flags on attachment: 78194 Committed r75228: <http://trac.webkit.org/changeset/75228>

WebKit Commit Bot

Comment 11 2011-01-06 21:14:51 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS OS X 10.5

Product WebKit

Component DOM

Assignee

Nobody

Reported

2011-01-06 13:35 PST

Modified

2011-01-06 23:18 PST History

CC List

7 users Show

URL

http://www.macnn.com

Keywords HasReduction, InRadar, Regression

Duplicates (1)

52033 View as bug list

Depends on

51311

Blocks

Dependencies

tree graph