[Webkit-unassigned] [Bug 138057] New: Crash when navigating to a new page while MathJax is still loading

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Oct 24 14:05:38 PDT 2014 

https://bugs.webkit.org/show_bug.cgi?id=138057

            Bug ID: 138057
           Summary: Crash when navigating to a new page while MathJax is
                    still loading
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: JavaScriptCore
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: plward13 at gmail.com

Pages with a significant amount of rendering being done with MathJax, like http://es.wikipedia.org/wiki/Constante_de_Planck, can cause libjavascriptcoregtk to hang and eventually crash if a link is clicked on the page while MathJax is still being rendered.

Steps to reproduce:

1) Navigate to http://es.wikipedia.org/wiki/Constante_de_Planck
2) While the page is still rendering MathJax, very quickly click on another link
3) If the hang does not happen right away, then keep trying to quickly clik on another link on the same page or any other page with a significant amount of rendering being done with MathJax

I am able to reliably reproduce the crash with the following stack trace:

(epiphany-browser:2321): GLib-CRITICAL **: Source ID 6706 was not found when attempting to remove it
1   0xb5637890 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(WTFCrash+0x20) [0xb5637890]
2   0xb5643458 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF11fastReallocEPvj+0x658) [0xb5643458]
3   0xb566f8b6 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF10StringImpl10reallocateENS_10PassRefPtrIS0_EEjRPh+0x46) [0xb566f8b6]
4   0xb5667f12 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF13StringBuilder16reallocateBufferIhEEvj+0x82) [0xb5667f12]
5   0xb566830a /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3WTF13StringBuilder6appendEPKhj+0x14a) [0xb566830a]
6   0xb53a507e /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3JSC11Interpreter18stackTraceAsStringEPNS_9ExecStateEN3WTF6VectorINS_10StackFrameELj0ENS3_15CrashOnOverflowEEE+0x7e) [0xb53a507e]
7   0xb5504e56 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3JSC13ErrorInstance14finishCreationERNS_2VMERKN3WTF6StringENS3_6VectorINS_10StackFrameELj0ENS3_15CrashOnOverflowEEE+0x2e6) [0xb5504e56]
8   0xb55012ce /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(_ZN3JSC11Interpreter20callErrorConstructorEPNS_9ExecStateE+0x16e) [0xb55012ce]
9   0xb53f3446 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(+0x339446) [0xb53f3446]
10  0xb53f4dee /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(linkFor+0x5e) [0xb53f4dee]
11  0xb53f3775 /usr/lib/i386-linux-gnu/libjavascriptcoregtk-3.0.so.0(+0x339775) [0xb53f3775]

Note that the hang and crash do not happen when I navigate to the same page and quickly click on links in Chromium. Chromium still hangs briefly, but it does not crash and it correctly navigates to the next page. In one such instance, I saw a small notification in the lower left-hand corner of Chromium that a MathJax file failed to load. Chromium still successfully navigated to the next page.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141024/883aad33/attachment-0002.html>

More information about the webkit-unassigned mailing list