-
Bug
-
Resolution: Fixed
-
P3
-
fx2.0
Build JavaFX SDK in debug mode and run any two DRT tests:
./Tools/Scripts/run-webkit-tests --java fast/js/Array-isArray.html fast/js/JSON-parse-reviver.html
The harness will report that the second test crashes. The stack dump for the crash is:
WebPaneJava.dll!WebCore::ProgressTracker::estimatedProgress() Line 86 + 0x3 bytes C++
WebPaneJava.dll!WebCore::FrameLoaderClientJava::dispatchDidFinishLoading(WebCore::DocumentLoader * l=0x19ed3788, unsigned long identifier=5) Line 779 + 0x16 bytes C++
WebPaneJava.dll!WebCore::ResourceLoadNotifier::dispatchDidFinishLoading(WebCore::DocumentLoader * loader=0x19ed3788, unsigned long identifier=5, double finishTime=0.00000000000000000) Line 144 C++
WebPaneJava.dll!WebCore::ResourceLoadNotifier::didFinishLoad(WebCore::ResourceLoader * loader=0x19eee258, double finishTime=0.00000000000000000) Line 90 C++
WebPaneJava.dll!WebCore::ResourceLoader::didFinishLoadingOnePart(double finishTime=0.00000000000000000) Line 319 C++
WebPaneJava.dll!WebCore::ResourceLoader::didFinishLoading(double finishTime=0.00000000000000000) Line 305 C++
> WebPaneJava.dll!WebCore::SubresourceLoader::didFinishLoading(double finishTime=0.00000000000000000) Line 203 C++
WebPaneJava.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal=0x19e9e630, double finishTime=0.00000000000000000) Line 437 C++
WebPaneJava.dll!Java_com_sun_webpane_webkit_network_URLProcessor_endOfDataCallback(JNIEnv_ * tenv=0x191ef528, _jclass * cls=0x1941f8ec, __int64 pdata=434759216) Line 352 C++
0281e7f2()
The problem is the DRT harness deletes the web page upon the PAGE_FINISHED load event, which is sent as the result of the following statement:
void SubresourceLoader::didFinishLoading(double finishTime)
{
...
m_documentLoader->removeSubresourceLoader(this);
...
}
and then the following (next) statement attempts to use the deleted page:
void SubresourceLoader::didFinishLoading(double finishTime)
{
...
ResourceLoader::didFinishLoading(finishTime);
}
./Tools/Scripts/run-webkit-tests --java fast/js/Array-isArray.html fast/js/JSON-parse-reviver.html
The harness will report that the second test crashes. The stack dump for the crash is:
WebPaneJava.dll!WebCore::ProgressTracker::estimatedProgress() Line 86 + 0x3 bytes C++
WebPaneJava.dll!WebCore::FrameLoaderClientJava::dispatchDidFinishLoading(WebCore::DocumentLoader * l=0x19ed3788, unsigned long identifier=5) Line 779 + 0x16 bytes C++
WebPaneJava.dll!WebCore::ResourceLoadNotifier::dispatchDidFinishLoading(WebCore::DocumentLoader * loader=0x19ed3788, unsigned long identifier=5, double finishTime=0.00000000000000000) Line 144 C++
WebPaneJava.dll!WebCore::ResourceLoadNotifier::didFinishLoad(WebCore::ResourceLoader * loader=0x19eee258, double finishTime=0.00000000000000000) Line 90 C++
WebPaneJava.dll!WebCore::ResourceLoader::didFinishLoadingOnePart(double finishTime=0.00000000000000000) Line 319 C++
WebPaneJava.dll!WebCore::ResourceLoader::didFinishLoading(double finishTime=0.00000000000000000) Line 305 C++
> WebPaneJava.dll!WebCore::SubresourceLoader::didFinishLoading(double finishTime=0.00000000000000000) Line 203 C++
WebPaneJava.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal=0x19e9e630, double finishTime=0.00000000000000000) Line 437 C++
WebPaneJava.dll!Java_com_sun_webpane_webkit_network_URLProcessor_endOfDataCallback(JNIEnv_ * tenv=0x191ef528, _jclass * cls=0x1941f8ec, __int64 pdata=434759216) Line 352 C++
0281e7f2()
The problem is the DRT harness deletes the web page upon the PAGE_FINISHED load event, which is sent as the result of the following statement:
void SubresourceLoader::didFinishLoading(double finishTime)
{
...
m_documentLoader->removeSubresourceLoader(this);
...
}
and then the following (next) statement attempts to use the deleted page:
void SubresourceLoader::didFinishLoading(double finishTime)
{
...
ResourceLoader::didFinishLoading(finishTime);
}