[Webkit-unassigned] [Bug 14757] New: HTMLTokenizer::processingData implementation is incorrect

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Jul 24 14:01:45 PDT 2007


http://bugs.webkit.org/show_bug.cgi?id=14757

           Summary: HTMLTokenizer::processingData implementation is
                    incorrect
           Product: WebKit
           Version: 522+ (nightly)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: Page Loading
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mpComplete at gmail.com


Here is the implementation:
bool HTMLTokenizer::processingData() const
{
    return m_timer.isActive();
}

The problem is that this function can be called from within m_timer's fired
callback.  A non-repeating timer that is being fired is not active (maybe
*this* is the real bug?).  However, the tokenizer actually is processing data
while inside its Timer::fired callback.  This function returns an incorrect
result in that case.

I saw this problem surface when loading a page with frames on a slow machine. 
Here's the sequence of events:
- The parsing of the HTML was deferred and put on a timer
(HTMLTokenizer::m_timer).
- When that timer fired, one of the subframes was created.
- Initializing that subframe caused the FrameLoaders to do a
recursiveCheckLoadComplete.
- Since HTMLTokenizer::processingData returned false incorrectly, the toplevel
frame was assumed to have been done loading, and marked as such incorrectly.
- Frame load events were then dispatched out of order (dispatchDidFinishLoad
was called for the toplevel frame before subframes).

And here's the corresponding sample callstack from a run of Safari on Mac:

#0  WebCore::TimerBase::isActive (this=0x28bded8) at
/Users/mpcomplete/src/WebKit/WebCore/platform/Timer.cpp:188
#1  0x0101e13a in WebCore::HTMLTokenizer::processingData (this=0x28bde00) at
/Users/mpcomplete/src/WebKit/WebCore/html/HTMLTokenizer.cpp:1497
#2  0x0138dcd6 in WebCore::DocumentLoader::isLoadingInAPISense (this=0x2926200)
at /Users/mpcomplete/src/WebKit/WebCore/loader/DocumentLoader.cpp:468
#3  0x01383ac2 in WebCore::FrameLoader::checkLoadCompleteForThisFrame
(this=0x281fa00) at
/Users/mpcomplete/src/WebKit/WebCore/loader/FrameLoader.cpp:2777
#4  0x01383d38 in WebCore::FrameLoader::recursiveCheckLoadComplete
(this=0x281fa00) at
/Users/mpcomplete/src/WebKit/WebCore/loader/FrameLoader.cpp:2899
#5  0x01383dd6 in WebCore::FrameLoader::checkLoadComplete (this=0x2927c00) at
/Users/mpcomplete/src/WebKit/WebCore/loader/FrameLoader.cpp:2910
#6  0x01388e72 in WebCore::FrameLoader::checkCompleted (this=0x2927c00) at
/Users/mpcomplete/src/WebKit/WebCore/loader/FrameLoader.cpp:1185
#7  0x0138b93f in WebCore::FrameLoader::endIfNotLoadingMainResource
(this=0x2927c00) at
/Users/mpcomplete/src/WebKit/WebCore/loader/FrameLoader.cpp:1006
#8  0x0138b9b5 in WebCore::FrameLoader::end (this=0x2927c00) at
/Users/mpcomplete/src/WebKit/WebCore/loader/FrameLoader.cpp:978
#9  0x0138f85c in WebCore::DocumentLoader::finishedLoading (this=0x28c4800) at
/Users/mpcomplete/src/WebKit/WebCore/loader/DocumentLoader.cpp:319
#10 0x0138bbb2 in WebCore::FrameLoader::init (this=0x2927c00) at
/Users/mpcomplete/src/WebKit/WebCore/loader/FrameLoader.cpp:265
#11 0x010b6d58 in WebCore::Frame::init (this=0x15e74360) at
/Users/mpcomplete/src/WebKit/WebCore/page/Frame.cpp:219
#12 0x0032b4b4 in -[WebFrameBridge
finishInitializingWithPage:frameName:frameView:ownerElement:] (self=0x15e35410,
_cmd=0x3ac664, page=0x2148060, name=0x15e6d0f0, frameView=0x15e6dc10,
ownerElement=0x15e758e0) at
/Users/mpcomplete/src/WebKit/WebKit/WebCoreSupport/WebFrameBridge.mm:147
#13 0x00327f1c in -[WebFrameBridge
initSubframeWithOwnerElement:frameName:frameView:] (self=0x15e35410,
_cmd=0x3ac6d0, ownerElement=0x15e758e0, name=0x15e6d0f0, frameView=0x15e6dc10)
at /Users/mpcomplete/src/WebKit/WebKit/WebCoreSupport/WebFrameBridge.mm:162
#14 0x0032b21f in -[WebFrameBridge
createChildFrameNamed:withURL:referrer:ownerElement:allowsScrolling:marginWidth:marginHeight:]
(self=0x2147160, _cmd=0x3ac834, frameName=0x15e6d0f0, URL=0x15e75970,
referrer=@0xbfffe49c, ownerElement=0x15e758e0, allowsScrolling=1 '\001',
width=-1, height=-1) at
/Users/mpcomplete/src/WebKit/WebKit/WebCoreSupport/WebFrameBridge.mm:349
#15 0x003900a3 in WebFrameLoaderClient::createFrame (this=0x21464d0,
url=@0xbfffe56c, name=@0x15e75954, ownerElement=0x15e758e0,
referrer=@0xbfffe49c, allowsScrolling=1, marginWidth=-1, marginHeight=-1) at
/Users/mpcomplete/src/WebKit/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:1163
#16 0x0138c045 in WebCore::FrameLoader::loadSubframe (this=0x281fa00,
ownerElement=0x15e758e0, url=@0xbfffe56c, name=@0x15e75954,
referrer=@0x281fb24) at
/Users/mpcomplete/src/WebKit/WebCore/loader/FrameLoader.cpp:452
#17 0x0138d32b in WebCore::FrameLoader::requestFrame (this=0x281fa00,
ownerElement=0x15e758e0, urlString=@0x15e75950, frameName=@0x15e75954) at
/Users/mpcomplete/src/WebKit/WebCore/loader/FrameLoader.cpp:422
#18 0x0136c092 in WebCore::HTMLFrameElementBase::openURL (this=0x15e758e0) at
/Users/mpcomplete/src/WebKit/WebCore/html/HTMLFrameElementBase.cpp:107
#19 0x0136c5af in WebCore::HTMLFrameElementBase::openURLCallback (n=0x15e758e0)
at /Users/mpcomplete/src/WebKit/WebCore/html/HTMLFrameElementBase.cpp:158
#20 0x010d72f5 in WebCore::ContainerNode::attach (this=0x15e758e0) at
/Users/mpcomplete/src/WebKit/WebCore/dom/ContainerNode.cpp:605
#21 0x0122f338 in WebCore::Element::attach (this=0x15e758e0) at
/Users/mpcomplete/src/WebKit/WebCore/dom/Element.cpp:664
#22 0x0136b7e7 in WebCore::HTMLFrameElementBase::attach (this=0x15e758e0) at
/Users/mpcomplete/src/WebKit/WebCore/html/HTMLFrameElementBase.cpp:192
#23 0x0126ee31 in WebCore::HTMLFrameElement::attach (this=0x15e758e0) at
/Users/mpcomplete/src/WebKit/WebCore/html/HTMLFrameElement.cpp:66
#24 0x0101d18d in WebCore::HTMLParser::insertNode (this=0x15e3e8a0,
n=0x15e758e0, flat=false) at
/Users/mpcomplete/src/WebKit/WebCore/html/HTMLParser.cpp:328
#25 0x0101da35 in WebCore::HTMLParser::parseToken (this=0x15e3e8a0,
t=0x28bde14) at /Users/mpcomplete/src/WebKit/WebCore/html/HTMLParser.cpp:250
#26 0x0101f818 in WebCore::HTMLTokenizer::processToken (this=0x28bde00) at
/Users/mpcomplete/src/WebKit/WebCore/html/HTMLTokenizer.cpp:1641
#27 0x010229ed in WebCore::HTMLTokenizer::parseTag (this=0x28bde00,
src=@0x28be304, state={static EntityShift = 4, m_bits = 0}) at
/Users/mpcomplete/src/WebKit/WebCore/html/HTMLTokenizer.cpp:1206
#28 0x010233c4 in WebCore::HTMLTokenizer::write (this=0x28bde00,
str=@0xbfffebdc, appendData=true) at
/Users/mpcomplete/src/WebKit/WebCore/html/HTMLTokenizer.cpp:1437
#29 0x0101f20b in WebCore::HTMLTokenizer::timerFired (this=0x28bde00) at
/Users/mpcomplete/src/WebKit/WebCore/html/HTMLTokenizer.cpp:1517
#30 0x014a7b57 in WebCore::Timer<WebCore::HTMLTokenizer>::fired
(this=0x28bded8) at Timer.h:96
#31 0x011f1026 in WebCore::TimerBase::fireTimers (fireTime=1185310107.954752,
firingTimers=@0xbfffecbc) at
/Users/mpcomplete/src/WebKit/WebCore/platform/Timer.cpp:336
#32 0x011f10c3 in WebCore::TimerBase::sharedTimerFired () at
/Users/mpcomplete/src/WebKit/WebCore/platform/Timer.cpp:353
#33 0x011f0763 in timerFired () at
/Users/mpcomplete/src/WebKit/WebCore/platform/mac/SharedTimerMac.cpp:48


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list