Bug 50253
| Summary: | Hit ASSERT(m_state == ParsingState) after clicking on ad at macnn.com | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Simon Fraser (smfr) <simon.fraser> |
| Component: | DOM | Assignee: | Adam Barth <abarth> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | abarth, andersca, ap, eric, kbr, pfeldman, simon.fraser, tonyg, vsevik |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | PC | ||
| OS: | OS X 10.5 | ||
| URL: | http://macnn.com | ||
| Bug Depends on: | |||
| Bug Blocks: | 41115 | ||
Simon Fraser (smfr)
I hit:
ASSERTION FAILED: m_state == ParsingState
(/Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/DocumentParser.cpp:56 virtual void WebCore::DocumentParser::prepareToStopParsing())
after loading macnn.com (with all ads visible), and clicking on the annoying Capital One ad in the right sidebar (in the "macnn sponsor" box). The ad is flash that expands leftwards.
Stack is
#0 0x0000000102ed2867 in WebCore::DocumentParser::prepareToStopParsing (this=0x10792b800) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/DocumentParser.cpp:56
#1 0x00000001030f363e in WebCore::HTMLDocumentParser::prepareToStopParsing (this=0x10792b800) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/parser/HTMLDocumentParser.cpp:144
#2 0x00000001030f2910 in WebCore::HTMLDocumentParser::attemptToEnd (this=0x10792b800) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/parser/HTMLDocumentParser.cpp:344
#3 0x00000001030f2948 in WebCore::HTMLDocumentParser::finish (this=0x10792b800) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/html/parser/HTMLDocumentParser.cpp:372
#4 0x0000000102e8f6c0 in WebCore::Document::finishParsing (this=0x107971a00) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/Document.cpp:2257
#5 0x0000000102ed6660 in WebCore::DocumentWriter::endIfNotLoadingMainResource (this=0x1078b8648) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/loader/DocumentWriter.cpp:221
#6 0x0000000102e976a6 in WebCore::Document::close (this=0x107971a00) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/dom/Document.cpp:2054
#7 0x0000000103352e54 in WebCore::jsHTMLDocumentPrototypeFunctionClose (exec=0x13345a098) at /Volumes/InternalData/Development/webkit/OpenSource/WebKitBuild/Debug/DerivedSources/WebCore/JSHTMLDocument.cpp:411
#8 0x000055dc8ec001b8 in ?? ()
#9 0x00000001018e4fb9 in JSC::JITCode::execute (this=0x131055798, registerFile=0x1077fa838, callFrame=0x13345a040, globalData=0x1078e1c00) at JITCode.h:77
#10 0x00000001018dfd5d in JSC::Interpreter::executeCall (this=0x1077fa820, callFrame=0x107760168, function=0x12f74e1c0, callType=JSC::CallTypeJS, callData=@0x7fff5fbfdcf0, thisValue={m_ptr = 0x12edc0000}, args=@0x7fff5fbfdce0) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/interpreter/Interpreter.cpp:849
#11 0x00000001018998b0 in JSC::call (exec=0x107760168, functionObject={m_ptr = 0x12f74e1c0}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfdcf0, thisValue={m_ptr = 0x12edc0000}, args=@0x7fff5fbfdce0) at /Volumes/InternalData/Development/webkit/OpenSource/JavaScriptCore/runtime/CallData.cpp:38
#12 0x000000010328b493 in WebCore::JSMainThreadExecState::call (exec=0x107760168, functionObject={m_ptr = 0x12f74e1c0}, callType=JSC::CallTypeJS, callData=@0x7fff5fbfdcf0, thisValue={m_ptr = 0x12edc0000}, args=@0x7fff5fbfdce0) at JSMainThreadExecState.h:48
#13 0x000000010376188f in WebCore::ScheduledAction::executeFunctionInContext (this=0x12c1e81d0, globalObject=0x12edc2a80, thisValue={m_ptr = 0x12edc0000}, context=0x107971a68) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/bindings/js/ScheduledAction.cpp:106
#14 0x0000000103761dba in WebCore::ScheduledAction::execute (this=0x12c1e81d0, document=0x107971a00) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/bindings/js/ScheduledAction.cpp:128
#15 0x0000000103761e94 in WebCore::ScheduledAction::execute (this=0x12c1e81d0, context=0x107971a68) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/bindings/js/ScheduledAction.cpp:76
#16 0x0000000102f8205d in WebCore::DOMTimer::fired (this=0x139a40f50) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/page/DOMTimer.cpp:131
#17 0x00000001038e4462 in WebCore::ThreadTimers::sharedTimerFiredInternal (this=0x1077a7c00) at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/platform/ThreadTimers.cpp:112
#18 0x00000001038e45f1 in WebCore::ThreadTimers::sharedTimerFired () at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/platform/ThreadTimers.cpp:90
#19 0x00000001037ba291 in WebCore::timerFired () at /Volumes/InternalData/Development/webkit/OpenSource/WebCore/platform/mac/SharedTimerMac.mm:166
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Alexey Proskuryakov
Not a "compatibility regression", but it's probably useful to have this block bug 41115.
Adam Barth
This assert might be bogus. This is Eric's area.
Eric Seidel (no email)
Well, the quesiton is why is it ever valid to call it twice. :) But I don't know. The code changed a bunch with TonyG's rewrite. I'd have to stare at this in a debugger.
Simon Fraser (smfr)
I just hit this on http://venturebeat.com/2010/11/05/why-apple-cant-beat-android/?obref=obinsite too.
Alexey Proskuryakov
I've just hit this on dailymotion.com.
Adam Barth
I was going to assign this to myself, but I did that already apparently.
Adam Barth
*** Bug 52929 has been marked as a duplicate of this bug. ***
Pavel Feldman
*** Bug 54462 has been marked as a duplicate of this bug. ***
Pavel Feldman
https://bugs.webkit.org/show_bug.cgi?id=54462 has a nice stack trace and a scenario on how to repro it on XML+XSLT -> HTML scenario.
Adam Barth
Looking now.
Adam Barth
Fixed one of the dups. Continuing to investigate.
Adam Barth
None of these reproduce any more. I suspect some of them are Bug 54462 and some are another related bug I fixed recently. Please re-open if you can reproduce now that Bug 54462 is fixed.