Bug 96741 - [WK2] fast/loader/recursive-before-unload-crash.html fails
Summary: [WK2] fast/loader/recursive-before-unload-crash.html fails
Status: RESOLVED WORKSFORME
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-09-14 02:47 PDT by Chris Dumez
Modified: 2014-12-19 14:46 PST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2012-09-14 02:47:49 PDT 
fast/loader/recursive-before-unload-crash.html fails on WebKit2:

--- /home/chris/unencrypted/WebKit/lol/fast/loader/recursive-before-unload-crash-expected.txt
+++ /home/chris/unencrypted/WebKit/lol/fast/loader/recursive-before-unload-crash-actual.txt
@@ -1,10 +1,2 @@
 ALERT: onbeforeunload called, and iframe hasn't been added yet.
 ALERT: Adding iframe
-This test demonstrates a problem with our handling of the beforeunload event.
-If a script manages to try and navigate the frame from beforeunload - when a navigation is already pending - we end up blowing out the stack by recursively consulting the policy delegate then running onbeforeunload repeatedly.
-After this happens, the FrameLoader is in a bogus state where it thinks it is in the middle of a provisional load, but it doesn't have a provisional document loader.
-In this state, the frame is very difficult to navigate anywhere else, and attempts to load new things within the frame can result in a crash.
-This was reproducibly identified on sears.com following a bizarre Safari specific code path.
-Click here to run the beforeunload test and blow out the stack
-Click here to append an iframe and crash
Comment 1 Alexey Proskuryakov 2014-12-19 14:46:32 PST 
This appears to pass now. Just need to fix WKTR for this to not break subsequent tests.