Skip to content

/ servo

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Servo panics when loading a broken script URL with an onerror handler that rewrites the document #23144

Closed
mateon1 opened this issue Mar 31, 2019 · 5 comments
Closed

Servo panics when loading a broken script URL with an onerror handler that rewrites the document #23144

mateon1 opened this issue Mar 31, 2019 · 5 comments
Labels
A-content/dom C-assigned C-has-manual-testcase E-easy I-panic

Comments

@mateon1
Copy link
Contributor

@mateon1 mateon1 commented Mar 31, 2019 

<script async src=x onerror="document.write(0)"></script>
VMware, Inc.
llvmpipe (LLVM 7.0, 128 bits)
3.3 (Core Profile) Mesa 18.3.2
unknown completed load Script("file:///shared/dev/fuzz/domato/x") (thread ScriptThread PipelineId { namespace_id: PipelineNamespaceId(1), index: PipelineIndex(1) }, at components/script/document_loader.rs:171)
stack backtrace:
   0:     0x56362ac05756 - backtrace::backtrace::libunwind::trace::h8af3b710f1a5e12e
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.9/src/backtrace/libunwind.rs:53
                         - backtrace::backtrace::trace::h2a1223234ae0346f
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.9/src/backtrace/mod.rs:42
   1:     0x56362abffd63 - backtrace::capture::Backtrace::new_unresolved::h2dd57ce7b77a7435
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.9/src/capture.rs:88
   2:     0x56362abffcbd - backtrace::capture::Backtrace::new::h8c6b161078e28d12
                        at /home/mateon/.cargo/registry/src/github.com-1ecc6299db9ec823/backtrace-0.3.9/src/capture.rs:63
   3:     0x563623bba2b1 - servo::main::{{closure}}::h5fe9a894213f10e8
                        at ports/servo/non_android_main.rs:110
   4:     0x56362ccf32c8 - rust_panic_with_hook
                        at src/libstd/panicking.rs:482
   5:     0x56362ccf2d61 - continue_panic_fmt
                        at src/libstd/panicking.rs:385
   6:     0x56362ccf2cae - begin_panic_fmt
                        at src/libstd/panicking.rs:340
   7:     0x563626e0263f - script::document_loader::DocumentLoader::finish_load::{{closure}}::ha215191539b44bcd
                        at components/script/document_loader.rs:171
   8:     0x5636260cc611 - <core::option::Option<T>>::unwrap_or_else::hc633e9599da3a3fc
                        at /rustc/0ea22717a1e01fa535534b85a5347a7e49fc79de/src/libcore/option.rs:386
   9:     0x56362521615f - script::document_loader::DocumentLoader::finish_load::hf15042593c09a6a9
                        at components/script/document_loader.rs:171
  10:     0x563626629802 - script::dom::document::Document::finish_load::h2cac29fd478adc61
                        at components/script/dom/document.rs:1727
  11:     0x5636257ca5af - <script::dom::htmlscriptelement::ScriptContext as net_traits::FetchResponseListener>::process_response_eof::hd746e7f11044a6ea
                        at components/script/dom/htmlscriptelement.rs:246
  12:     0x56362686081a - <net_traits::FetchResponseMsg as net_traits::Action<T>>::process::h5fba9fa4b20edf5a
                        at /shared/dev/rust/servo/components/net_traits/lib.rs:271
  13:     0x563626bd7ae9 - <script::network_listener::ListenerTask<A, Listener> as script::task::TaskOnce>::run_once::h9e3a1d21f3429766
                        at components/script/network_listener.rs:105
  14:     0x5636257e33a3 - <script::task::CancellableTask<T> as script::task::TaskOnce>::run_once::hc2a5b42eb1198235
                        at components/script/task.rs:122
  15:     0x5636257d82b8 - <T as script::task::TaskBox>::run_box::h97b906a285339a15
                        at components/script/task.rs:64
  16:     0x5636256334b6 - script::script_thread::ScriptThread::handle_msg_from_script::h15d002ec5aef5d9d
                        at components/script/script_thread.rs:1745
  17:     0x5636252064d9 - script::script_thread::ScriptThread::handle_msgs::{{closure}}::h9f46a3c0a7bb7f95
                        at components/script/script_thread.rs:1348
  18:     0x5636252095be - script::script_thread::ScriptThread::profile_event::he7baa525ee50e51f
                        at components/script/script_thread.rs:1583
  19:     0x56362562e7ae - script::script_thread::ScriptThread::handle_msgs::hd718a0404a74804d
                        at components/script/script_thread.rs:1341
  20:     0x56362562b8b7 - script::script_thread::ScriptThread::start::h9d2b2f4b40ef17fd
                        at components/script/script_thread.rs:1178
  21:     0x563625202cb1 - <script::script_thread::ScriptThread as script_traits::ScriptThreadFactory>::create::{{closure}}::{{closure}}::h3d2e50a51a59531c
                        at components/script/script_thread.rs:731
  22:     0x563626928138 - profile_traits::mem::ProfilerChan::run_with_memory_reporting::h9a6fb4b77584b283
                        at /shared/dev/rust/servo/components/profile_traits/mem.rs:88
  23:     0x56362520344d - <script::script_thread::ScriptThread as script_traits::ScriptThreadFactory>::create::{{closure}}::hec71b1d6b339dd35
                        at components/script/script_thread.rs:729
  24:     0x5636274860f4 - std::sys_common::backtrace::__rust_begin_short_backtrace::h70010f71bf1d628c
                        at /rustc/0ea22717a1e01fa535534b85a5347a7e49fc79de/src/libstd/sys_common/backtrace.rs:136
  25:     0x5636263dd3a3 - std::thread::Builder::spawn_unchecked::{{closure}}::{{closure}}::hea3251b085d70f10
                        at /rustc/0ea22717a1e01fa535534b85a5347a7e49fc79de/src/libstd/thread/mod.rs:469
  26:     0x5636268a4e73 - <std::panic::AssertUnwindSafe<F> as core::ops::function::FnOnce<()>>::call_once::hbd8938e17c48a216
                        at /rustc/0ea22717a1e01fa535534b85a5347a7e49fc79de/src/libstd/panic.rs:309
  27:     0x563626b538e9 - std::panicking::try::do_call::hd59da0280ee94513
                        at /rustc/0ea22717a1e01fa535534b85a5347a7e49fc79de/src/libstd/panicking.rs:297
  28:     0x56362ccfde79 - __rust_maybe_catch_panic
                        at src/libpanic_unwind/lib.rs:87
  29:     0x563626a2593f - std::panicking::try::h96247a5f4e51c63e
                        at /rustc/0ea22717a1e01fa535534b85a5347a7e49fc79de/src/libstd/panicking.rs:276
  30:     0x5636268f5b75 - std::panic::catch_unwind::hc4559b7cad69ef45
                        at /rustc/0ea22717a1e01fa535534b85a5347a7e49fc79de/src/libstd/panic.rs:388
  31:     0x5636263daf2f - std::thread::Builder::spawn_unchecked::{{closure}}::h66879e6d1707cb6d
                        at /rustc/0ea22717a1e01fa535534b85a5347a7e49fc79de/src/libstd/thread/mod.rs:468
  32:     0x5636263de098 - <F as alloc::boxed::FnBox<A>>::call_box::h87e072e6468861a9
                        at /rustc/0ea22717a1e01fa535534b85a5347a7e49fc79de/src/liballoc/boxed.rs:749
  33:     0x56362ccfd1bd - call_once<(),()>
                        at /rustc/0ea22717a1e01fa535534b85a5347a7e49fc79de/src/liballoc/boxed.rs:759
                         - start_thread
                        at src/libstd/sys_common/thread.rs:14
                         - thread_start
                        at src/libstd/sys/unix/thread.rs:80
  34:     0x7f8e0f51afa2 - start_thread
  35:     0x7f8e0f42f7ee - __clone
  36:                0x0 - <unknown>
[2019-03-31T17:41:41Z ERROR servo] unknown completed load Script("file:///shared/dev/fuzz/domato/x")
Pipeline failed in hard-fail mode.  Crashing!
@mateon1 mateon1 changed the title unknown complete load Script("...") unknown completed load Script("...") Mar 31, 2019
@jdm
Copy link
Member

@jdm jdm commented Apr 1, 2019

I think we should change this panic into a warn! instead.
@jdm jdm added the E-easy label Apr 1, 2019
@highfive
Copy link

@highfive highfive commented Apr 1, 2019

Hi! If you have any questions regarding this issue, feel free to make a comment here, or ask it in the #servo channel in IRC.

If you intend to work on this issue, then add @highfive: assign me to your comment, and I'll assign this to you. 😄
@jdm jdm changed the title unknown completed load Script("...") Servo panics when loading a broken script URL with an onerror handler that rewrites the document Apr 1, 2019
@jdm
Copy link
Member

@jdm jdm commented Apr 1, 2019

This change will also avoid panics like #18928, but we'll keep that one open because there is still useful work to be done to avoid unnecessary loads.
@krk
Copy link
Contributor

@krk krk commented Apr 9, 2019

@highfive: assign me
@highfive highfive added the C-assigned label Apr 9, 2019
@highfive
Copy link

@highfive highfive commented Apr 9, 2019

Hey @krk! Thanks for your interest in working on this issue. It's now assigned to you!
@krk krk mentioned this issue Apr 9, 2019
Merged
3 of 3 tasks complete
bors-servo added a commit that referenced this issue Apr 10, 2019
@bors-servo
Auto merge of #23183 - krk:fix-23144, r=asajeffrey
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
8930806 
Replace panic with warn in DocumentLoader.finish_load.

Fix panic on broken script URL with an onerror handler that rewrites the document.

<!-- Please describe your changes on the following line: -->

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #23144

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/23183)
<!-- Reviewable:end -->
bors-servo added a commit that referenced this issue Apr 10, 2019
@bors-servo
Auto merge of #23183 - krk:fix-23144, r=asajeffrey
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
1aa86d2 
Replace panic with warn in DocumentLoader.finish_load.

Fix panic on broken script URL with an onerror handler that rewrites the document.

<!-- Please describe your changes on the following line: -->

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #23144

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/23183)
<!-- Reviewable:end -->
bors-servo added a commit that referenced this issue Apr 11, 2019
@bors-servo
Auto merge of #23183 - krk:fix-23144, r=asajeffrey
Verified
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key.
GPG key ID: 4AEE18F83AFDEB23 Learn about signing commits
Loading status checks…
db9300d 
Replace panic with warn in DocumentLoader.finish_load.

Fix panic on broken script URL with an onerror handler that rewrites the document.

<!-- Please describe your changes on the following line: -->

---
<!-- Thank you for contributing to Servo! Please replace each `[ ]` by `[X]` when the step is complete, and replace `___` with appropriate data: -->
- [X] `./mach build -d` does not report any errors
- [X] `./mach test-tidy` does not report any errors
- [X] These changes fix #23144

<!-- Reviewable:start -->
---
This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/servo/servo/23183)
<!-- Reviewable:end -->
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
A-content/dom C-assigned C-has-manual-testcase E-easy I-panic
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

Replace panic with warn in DocumentLoader.finish_load.
4 participants
@jdm @krk @mateon1 @highfive
You can’t perform that action at this time.