LibWeb+WebWorker: Fix two common browser crashes#26694
Open
spholz wants to merge 2 commits intoSerenityOS:masterfrom
Open
LibWeb+WebWorker: Fix two common browser crashes#26694spholz wants to merge 2 commits intoSerenityOS:masterfrom
spholz wants to merge 2 commits intoSerenityOS:masterfrom
Conversation
github-actions
bot
added
the
👀 pr-needs-review
spholz
force-pushed
the
browser-fix-monotonically-increasing-crash
branch
from
4e7cd71 to
9cb80b0
Compare
Our previous implementation kept track of an AnimationTimeline being monotonically increasing, by looking at new time values coming in and setting `m_monotonically_increasing` to `false` whenever a new value is before the previous known time value. As far as I can tell, the spec doesn't really ask us to do so: it just defines 'monotonically increasing' as a property of a timeline, i.e. it guarantees that returned time values from `::current_time()` are always greater than or equal to the last returned value. This fixes a common crash seen when the last render opportunity lies before the document's origin time, and `::set_current_time()` was invoked with a negative value. This was especially visible in the `Text/input/wpt-import/css/cssom/CSSStyleSheet-constructable.html` test. (cherry picked from commit aa563706ca090b31cb22c38414e21bc913eb6052)
This pledge is needed by BlockAllocator::deallocate_block(). This causes us to no longer crash on the Google Search reCAPTCHA page. We now hang with 100% CPU usage instead.
spholz
force-pushed
the
browser-fix-monotonically-increasing-crash
branch
from
9cb80b0 to
e91d624
Compare
Member
Author
|
I dropped that temporary copy of |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The first commit is a cherry-pick of LadybirdBrowser/ladybird#5636. This fixes the common "VERIFICATION FAILED: is_monotonically_increasing()" browser crash, which happens on a lot of websites. This crash seems to be significantly easier to trigger in serenity itself, e.g. by just waiting on e.g. duckduckgo.com.
I had to apply one small fixup (
GC::RootVector<GC::Ref<Animation>>(vm().heap())->JS::MarkedVector<JS::NonnullGCPtr<Animation>>(vm().heap())) to make it compile without having cherry-picked the LibGC changes from upstream Ladybird.The second commit fixes the Google Search reCAPTCHA crash from #26548, but we still hang with 100% CPU usage, so this issue isn't fixed yet.
Fixes #26264