Holger Hans Peter Freyther <zecke@selfish.org>
authorhausmann@webkit.org <hausmann@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 28 Apr 2008 15:25:12 +0000 (15:25 +0000)
committerhausmann@webkit.org <hausmann@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 28 Apr 2008 15:25:12 +0000 (15:25 +0000)
Fix the crash on http://www.orad.pl. We called end too early.

    1. we need a ::write that will pause the parser due a pending
       script
    2. we need a second write to queue data (tricky part)
    3. we need to get a finish call (document loaded)
    4. we resume the script and parse, schedule loading of a new script
       and have called end
    5. we resume the new script and we get a crash

This bug is hard to trigger, e.g. if the web server is only allowing
one connection per client/IP. This is why we need to sleep in the scripts. We
want to make sure that the page is first fully received before serving the
scripts.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@32647 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/misc/resources/script-slow1.pl [new file with mode: 0755]
LayoutTests/http/tests/misc/resources/script-slow2.pl [new file with mode: 0755]
LayoutTests/http/tests/misc/xmltokenizer-do-not-crash-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/misc/xmltokenizer-do-not-crash.pl [new file with mode: 0755]
WebCore/ChangeLog
WebCore/dom/XMLTokenizer.cpp

index 0c65468..ec84cf7 100644 (file)
@@ -2,6 +2,31 @@
 
         Reviewed by Simon.
 
+        Fix the crash on http://www.orad.pl. We called end too early.
+        
+        1. we need a ::write that will pause the parser due a pending
+        script
+        2. we need a second write to queue data (tricky part)
+        3. we need to get a finish call (document loaded)
+        4. we resume the script and parse, schedule loading of a new script
+        and have called end
+        5. we resume the new script and we get a crash
+        
+        This bug is hard to trigger, e.g. if the web server is only allowing
+        one connection per client/IP. This is why we need to sleep in the scripts. We
+        want to make sure that the page is first fully received before serving the
+        scripts.
+        
+
+        * http/tests/misc/resources/script-slow1.pl: Added.
+        * http/tests/misc/resources/script-slow2.pl: Added.
+        * http/tests/misc/xmltokenizer-do-not-crash-expected.txt: Added.
+        * http/tests/misc/xmltokenizer-do-not-crash.pl: Added.
+
+2008-04-28  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Reviewed by Simon.
+
         Update the Skipped list, we pass most of the http/tests/misc
         
 
diff --git a/LayoutTests/http/tests/misc/resources/script-slow1.pl b/LayoutTests/http/tests/misc/resources/script-slow1.pl
new file mode 100755 (executable)
index 0000000..10c65c8
--- /dev/null
@@ -0,0 +1,14 @@
+#!/usr/bin/perl -w
+
+# flush the buffers after each print
+select (STDOUT);
+$| = 1;
+
+print "Content-Type: application/javascript\r\n";
+print "Expires: Thu, 01 Dec 2003 16:00:00 GMT\r\n";
+print "Cache-Control: no-store, no-cache, must-revalidate\r\n";
+print "Pragma: no-cache\r\n";
+print "\r\n";
+
+sleep 2;
+print "var i = 3;\n";
diff --git a/LayoutTests/http/tests/misc/resources/script-slow2.pl b/LayoutTests/http/tests/misc/resources/script-slow2.pl
new file mode 100755 (executable)
index 0000000..da281e8
--- /dev/null
@@ -0,0 +1,13 @@
+#!/usr/bin/perl -w
+
+# flush the buffers after each print
+select (STDOUT);
+$| = 1;
+
+print "Content-Type: application/javascript\r\n";
+print "Expires: Thu, 01 Dec 2003 16:00:00 GMT\r\n";
+print "Cache-Control: no-store, no-cache, must-revalidate\r\n";
+print "Pragma: no-cache\r\n";
+print "\r\n";
+
+print "document.getElementById(\"msg\").appendChild(document.createTextNode(\"Everything is fine if it didn't crash.\"));\n";
diff --git a/LayoutTests/http/tests/misc/xmltokenizer-do-not-crash-expected.txt b/LayoutTests/http/tests/misc/xmltokenizer-do-not-crash-expected.txt
new file mode 100644 (file)
index 0000000..be6ca76
--- /dev/null
@@ -0,0 +1 @@
+Everything is fine if it didn't crash.
diff --git a/LayoutTests/http/tests/misc/xmltokenizer-do-not-crash.pl b/LayoutTests/http/tests/misc/xmltokenizer-do-not-crash.pl
new file mode 100755 (executable)
index 0000000..0319422
--- /dev/null
@@ -0,0 +1,25 @@
+#!/usr/bin/perl -w
+
+# flush the buffers after each print
+select (STDOUT);
+$| = 1;
+
+print "Content-Type: text/xml\r\n";
+print "Expires: Thu, 01 Dec 2003 16:00:00 GMT\r\n";
+print "Cache-Control: no-store, no-cache, must-revalidate\r\n";
+print "Pragma: no-cache\r\n";
+print "\r\n";
+
+print "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">\n";
+print "<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"pl\">\n";
+print "<head>\n";
+print "<script>\n";
+print "if (window.layoutTestController) layoutTestController.dumpAsText();\n";
+print "</script>";
+print "</head>\n";
+print "<body>\n";
+print "<pre id='msg'></pre>\n";
+print "<script type='text/javascript' src='resources/script-slow1.pl'></script>\n";
+sleep 1;
+print "<script type='text/javascript' src='resources/script-slow2.pl'></script>\n";
+print "</body></html>\n";
index b2364b6..6be9dde 100644 (file)
@@ -1,3 +1,26 @@
+2008-04-28  Holger Hans Peter Freyther  <zecke@selfish.org>
+
+        Reviewed by Simon.
+
+        Fix the crash on http://www.orad.pl. We called end too early.
+
+        1. we need a ::write that will pause the parser due a pending
+        script
+        2. we need a second write to queue data (tricky part)
+        3. we need to get a finish call (document loaded)
+        4. we resume the script and parse, schedule loading of a new script
+        and have called end
+        5. we resume the new script and we get a crash
+
+        This bug is hard to trigger, e.g. if the web server is only allowing
+        one connection per client/IP. This is why we need to sleep in the scripts. We
+        want to make sure that the page is first fully received before serving the
+        scripts.
+
+        Test: http/tests/misc/xmltokenizer-do-not-crash.pl
+
+        * dom/XMLTokenizer.cpp:
+
 2008-04-28  Ariya Hidayat  <ahidayat@trolltech.com>
 
         Reviewed by Simon.
index b056104..0c27eae 100644 (file)
@@ -1590,6 +1590,7 @@ void XMLTokenizer::resumeParsing()
 #ifndef USE_QXMLSTREAM
         && m_pendingCallbacks->isEmpty())
 #else
+        && !m_parserPaused && !m_pendingScript
         )
 #endif
         end();