Bug 54884 - plugins/get-url-with-javascript-destroying-plugin.html crashing on Windows since it was added
Summary: plugins/get-url-with-javascript-destroying-plugin.html crashing on Windows si...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Plug-ins (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Windows XP
: P2 Normal
Assignee: Nobody
URL: http://build.webkit.org/results/Windo...
Keywords: InRadar, LayoutTestFailure, PlatformOnly
Depends on:
Blocks: 54863
  Show dependency treegraph
 
Reported: 2011-02-21 09:05 PST by Adam Roben (:aroben)
Modified: 2011-02-21 10:39 PST (History)
3 users (show)

See Also:

Attachments
Protect the PluginView when evaluating javascript: URLs (2.13 KB, patch)
2011-02-21 09:40 PST, Adam Roben (:aroben) 		sam: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Roben (:aroben) 2011-02-21 09:05:57 PST 
plugins/get-url-with-javascript-destroying-plugin.html has been crashing on Windows since it was added in r79157. run-webkit-tests is falsely saying that the test immediately following this one is crashing. But plugins/get-url-with-javascript-destroying-plugin.html is the culprit; if you run it on its own it crashes.
Comment 1 Adam Roben (:aroben) 2011-02-21 09:06:15 PST 
Here's the backtrace:


 	ntdll.dll!_RtlpWaitForCriticalSection@4()  + 0x5b bytes	
 	ntdll.dll!_RtlEnterCriticalSection@4()  + 0x46 bytes	
>	JavaScriptCore.dll!WTF::Mutex::lock()  Line 290 + 0xc bytes	C++
 	WebKit.dll!WTF::Locker<WTF::Mutex>::Locker<WTF::Mutex>(WTF::Mutex & lockable={...})  Line 38 + 0x20 bytes	C++
 	WebKit.dll!WTF::HashTable<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::IdentityExtractor<WTF::RefPtr<WebCore::PluginStream> >,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> > >::invalidateIterators()  Line 1054	C++
 	WebKit.dll!WTF::HashTable<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::IdentityExtractor<WTF::RefPtr<WebCore::PluginStream> >,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> > >::add<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::IdentityHashTranslator<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> > > >(const WTF::RefPtr<WebCore::PluginStream> & key=0x06cac300 {m_resourceRequest={...} m_resourceResponse={...} m_client=0x06c80bb8 ...}, const WTF::RefPtr<WebCore::PluginStream> & extra=0x06cac300 {m_resourceRequest={...} m_resourceResponse={...} m_client=0x06c80bb8 ...})  Line 634	C++
 	WebKit.dll!WTF::HashTable<WTF::RefPtr<WebCore::PluginStream>,WTF::RefPtr<WebCore::PluginStream>,WTF::IdentityExtractor<WTF::RefPtr<WebCore::PluginStream> >,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> > >::add(const WTF::RefPtr<WebCore::PluginStream> & value=0x06cac300 {m_resourceRequest={...} m_resourceResponse={...} m_client=0x06c80bb8 ...})  Line 317 + 0x2b bytes	C++
 	WebKit.dll!WTF::HashSet<WTF::RefPtr<WebCore::PluginStream>,WTF::PtrHash<WTF::RefPtr<WebCore::PluginStream> >,WTF::HashTraits<WTF::RefPtr<WebCore::PluginStream> > >::add(const WTF::RefPtr<WebCore::PluginStream> & value=0x06cac300 {m_resourceRequest={...} m_resourceResponse={...} m_client=0x06c80bb8 ...})  Line 180 + 0x10 bytes	C++
 	WebKit.dll!WebCore::PluginView::performRequest(WebCore::PluginRequest * request=0x053858d0)  Line 488 + 0x1c bytes	C++
 	WebKit.dll!WebCore::PluginView::requestTimerFired(WebCore::Timer<WebCore::PluginView> * timer=0x06c80c48)  Line 508	C++
 	WebKit.dll!WebCore::Timer<WebCore::PluginView>::fired()  Line 100 + 0x29 bytes	C++
 	WebKit.dll!WebCore::ThreadTimers::sharedTimerFiredInternal()  Line 112 + 0xf bytes	C++
 	WebKit.dll!WebCore::ThreadTimers::sharedTimerFired()  Line 91	C++
 	WebKit.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x00130af6, unsigned int message=49590, unsigned int wParam=0, long lParam=0)  Line 103 + 0x8 bytes	C++
 	user32.dll!_InternalCallWinProc@20()  + 0x28 bytes	
 	user32.dll!_UserCallWinProcCheckWow@32()  + 0xb7 bytes	
 	user32.dll!_DispatchMessageWorker@8()  + 0xdc bytes	
 	user32.dll!_DispatchMessageW@4()  + 0xf bytes	
 	DumpRenderTree.exe!runTest(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & testPathOrURL="c:\Documents and Settings\Adam Roben\dev\WebKit\OpenSource\LayoutTests\plugins\get-url-with-javascript-destroying-plugin.html")  Line 993 + 0xf bytes	C++
 	DumpRenderTree.exe!main(int argc=2, char * * argv=0x050febc8)  Line 1370 + 0x28 bytes	C++
 	DumpRenderTree.exe!__tmainCRTStartup()  Line 597 + 0x17 bytes	C
 	kernel32.dll!_BaseProcessStart@4()  + 0x23 bytes
Comment 2 Adam Roben (:aroben) 2011-02-21 09:07:13 PST 
Presumably the call to ScriptController::executeScript in PluginView::performRequest caused the plugin to be deleted.
Comment 3 Adam Roben (:aroben) 2011-02-21 09:23:36 PST 
We could probably fix this by reffing the PluginView inside requestTimerFired. But that feels icky.
Comment 4 Adam Roben (:aroben) 2011-02-21 09:24:19 PST 
<rdar://problem/9030864>
Comment 5 Adam Roben (:aroben) 2011-02-21 09:40:16 PST 
Created attachment 83174 [details]
Protect the PluginView when evaluating javascript: URLs
Comment 6 Adam Roben (:aroben) 2011-02-21 09:49:44 PST 
Committed r79231: <http://trac.webkit.org/changeset/79231>
Comment 7 Alejandro G. Castro 2011-02-21 09:55:57 PST 
*** Bug 54863 has been marked as a duplicate of this bug. ***