[webkit-changes] [205435] releases/WebKitGTK/webkit-2.12

Mon, 05 Sep 2016 01:57:13 -0700

Title: [205435] releases/WebKitGTK/webkit-2.12
Revision
205435
Author
[email protected]
Date
2016-09-05 01:56:49 -0700 (Mon, 05 Sep 2016)

Log Message

Merge r204936 - Assertion hit: ASSERT(!m_parserScheduler) in ~HTMLDocumentParser()
https://bugs.webkit.org/show_bug.cgi?id=161083
<rdar://problem/27986937>

Reviewed by Darin Adler.

Source/WebCore:

Call cancelParsing() right before re-creating the new parser in
Document::implicitOpen(). We would previously call removeChildren()
in between which is was an issue because it can cause JS to be
executed and therefore the parser to be re-created after we have
cancelled parsing.

No new tests, unskipped html/browsers/browsing-the-web/unloading-documents/004.html
which was consistently crashing.

* dom/Document.cpp:
(WebCore::Document::implicitOpen):

LayoutTests:

Unskip html/browsers/browsing-the-web/unloading-documents/004.html as
it is no longer crashing.

* TestExpectations:

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog (205434 => 205435)


--- releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog	2016-09-05 08:55:23 UTC (rev 205434)
+++ releases/WebKitGTK/webkit-2.12/LayoutTests/ChangeLog	2016-09-05 08:56:49 UTC (rev 205435)
@@ -1,3 +1,16 @@
+2016-08-24  Chris Dumez  <[email protected]>
+
+        Assertion hit: ASSERT(!m_parserScheduler) in ~HTMLDocumentParser()
+        https://bugs.webkit.org/show_bug.cgi?id=161083
+        <rdar://problem/27986937>
+
+        Reviewed by Darin Adler.
+
+        Unskip html/browsers/browsing-the-web/unloading-documents/004.html as
+        it is no longer crashing.
+
+        * TestExpectations:
+
 2016-08-25  Zalan Bujtas  <[email protected]>
 
         Infinite recursion crash in WebCore::RenderBlockFlow::layoutBlock

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog (205434 => 205435)


--- releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog	2016-09-05 08:55:23 UTC (rev 205434)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/ChangeLog	2016-09-05 08:56:49 UTC (rev 205435)
@@ -1,3 +1,23 @@
+2016-08-24  Chris Dumez  <[email protected]>
+
+        Assertion hit: ASSERT(!m_parserScheduler) in ~HTMLDocumentParser()
+        https://bugs.webkit.org/show_bug.cgi?id=161083
+        <rdar://problem/27986937>
+
+        Reviewed by Darin Adler.
+
+        Call cancelParsing() right before re-creating the new parser in
+        Document::implicitOpen(). We would previously call removeChildren()
+        in between which is was an issue because it can cause JS to be
+        executed and therefore the parser to be re-created after we have
+        cancelled parsing.
+
+        No new tests, unskipped html/browsers/browsing-the-web/unloading-documents/004.html
+        which was consistently crashing.
+
+        * dom/Document.cpp:
+        (WebCore::Document::implicitOpen):
+
 2016-08-25  Zalan Bujtas  <[email protected]>
 
         Infinite recursion crash in WebCore::RenderBlockFlow::layoutBlock

Modified: releases/WebKitGTK/webkit-2.12/Source/WebCore/dom/Document.cpp (205434 => 205435)


--- releases/WebKitGTK/webkit-2.12/Source/WebCore/dom/Document.cpp	2016-09-05 08:55:23 UTC (rev 205434)
+++ releases/WebKitGTK/webkit-2.12/Source/WebCore/dom/Document.cpp	2016-09-05 08:56:49 UTC (rev 205435)
@@ -2561,12 +2561,11 @@
 
 void Document::implicitOpen()
 {
-    cancelParsing();
-
     removeChildren();
 
     setCompatibilityMode(DocumentCompatibilityMode::NoQuirksMode);
 
+    cancelParsing();
     m_parser = createParser();
     setParsing(true);
     setReadyState(Loading);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to