[Webkit-unassigned] [Bug 23736] WebKit Crashes on http://g-conquest.fr/~server2

Wed Mar 4 14:07:56 PST 2009

https://bugs.webkit.org/show_bug.cgi?id=23736

------- Comment #6 from eric at webkit.org  2009-03-04 14:07 PDT -------
The ASSERT is hit because
WebCore::Loader::Host::didFinishLoading
is trying to put docLoader->doc() in a DocPtr and the document is already dead!

    DocLoader* docLoader = request->docLoader();
    // Prevent the document from being destroyed before we are done with
    // the docLoader that it will delete when the document gets deleted.
    DocPtr<Document> protector(docLoader->doc());

I guess requests don't keep documents alive?  But I'm slightly surprised that
all requests aren't correctly canceled when a document goes away.  Honestly I
don't know much about the loader machinery yet.

Here is the interesting part of the stacktrace leading to the ASSERT:

#0      0x035d686b in WebCore::Document::selfOnlyRef at Document.h:197
#1      0x035d68b3 in WebCore::DocPtr<WebCore::Document>::DocPtr at DocPtr.h:30
#2      0x03d809e6 in WebCore::Loader::Host::didFinishLoading at loader.cpp:292
#3      0x03cd911c in WebCore::SubresourceLoader::didFinishLoading at
SubresourceLoader.cpp:183
#4      0x03bba11e in WebCore::ResourceLoader::didFinishLoading at
ResourceLoader.cpp:416
#5      0x03bb7c30 in -[WebCoreResourceHandleAsDelegate
connectionDidFinishLoading:] at ResourceHandleMac.mm:603
#6      0x91b9fcd7 in -[NSURLConnection(NSURLConnectionReallyInternal)
sendDidFinishLoading]
#7      0x91b9fc43 in _NSURLConnectionDidFinishLoading
#8      0x94f331f4 in URLConnectionClient::clientDidFinishLoading
#9      0x94f31d31 in
URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload
#10     0x94f32d70 in URLConnectionClient::processEvents

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.