144050 2015-04-22 10:32:10 -0700 CrashTracer: WebProcess at com.apple.WebCore: WebCore::toScriptElementIfPossible + 4 2015-05-05 13:18:06 -0700 1 1 1 Unclassified WebKit Page Loading 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 koivisto webkit-unassigned cdumez commit-queue ddkilzer esprehn+autocc gavinp kangil.han lquinn oldest_to_newest 1087440 0 koivisto 2015-04-22 10:32:10 -0700 47 com.apple.WebCore: WebCore::toScriptElementIfPossible + 4 <== 47 com.apple.WebCore: WebCore::ScriptRunner::timerFired + 452 47 com.apple.WebCore: WebCore::ThreadTimers::sharedTimerFiredInternal + 175 47 com.apple.WebCore: WebCore::timerFired + 58 47 com.apple.CoreFoundation: __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 47 com.apple.CoreFoundation: __CFRunLoopDoTimer + 557 47 com.apple.CoreFoundation: __CFRunLoopRun + 1529 1087441 1 koivisto 2015-04-22 10:32:35 -0700 <rdar://problem/15534973> 1087472 2 251342 koivisto 2015-04-22 11:20:57 -0700 Created attachment 251342 patch 1087563 3 251342 cdumez 2015-04-22 13:31:07 -0700 Comment on attachment 251342 patch View in context: https://bugs.webkit.org/attachment.cgi?id=251342&action=review r=me as it seems safe but we should revisit this later on. > Source/WebCore/ChangeLog:5 > + Would be nice to have the radar here as well. > Source/WebCore/ChangeLog:19 > + in ScriptRunner::notifyScriptReady fails to find scriptElement and we are left with null entry in s/in/If 1087766 4 koivisto 2015-04-23 00:59:28 -0700 https://trac.webkit.org/r183178 1091539 5 lquinn 2015-05-04 15:04:11 -0700 In builds without the fix, I can reproduce this crash reliably by visiting http://www.hifi-forum.de/viewthread-152-4332.html (using the BlackBerry port or EFL port). 1091559 6 cdumez 2015-05-04 15:42:26 -0700 (In reply to comment #5) > In builds without the fix, I can reproduce this crash reliably by visiting > http://www.hifi-forum.de/viewthread-152-4332.html (using the BlackBerry port > or EFL port). I have just tried visiting this URL with WebKit ToT / Mac port and it did not crash. 1091717 7 koivisto 2015-05-05 01:15:09 -0700 (In reply to comment #5) > In builds without the fix, I can reproduce this crash reliably by visiting > http://www.hifi-forum.de/viewthread-152-4332.html (using the BlackBerry port > or EFL port). I can't repro it either. Could you try debugging it? Just reproing the crash on debug build might give a backtrace explaining how this becomes null. 1091849 8 lquinn 2015-05-05 13:18:06 -0700 Unfortunately, it's no longer reproducing for me today. 251342 2015-04-22 11:20:57 -0700 2015-04-22 13:31:07 -0700 patch scriptrunner-null-element.patch text/plain 2556 koivisto SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDE4MzExMCkKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDM0IEBACisyMDE1LTA0LTIyICBBbnR0aSBL b2l2aXN0byAgPGFudHRpQGFwcGxlLmNvbT4KKworICAgICAgICBDcmFzaFRyYWNlcjogV2ViUHJv Y2VzcyBhdCBjb20uYXBwbGUuV2ViQ29yZTogV2ViQ29yZTo6dG9TY3JpcHRFbGVtZW50SWZQb3Nz aWJsZSArIDQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTE0NDA1MAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAg IFdlIGFyZSBzZWVpbmcgbnVsbCBFbGVtZW50IHBvaW50ZXIgY3Jhc2hlcyB3aXRoIHRoaXMgc3Rh Y2s6CisKKyAgICAgICAgNDcgY29tLmFwcGxlLldlYkNvcmU6ICBXZWJDb3JlOjp0b1NjcmlwdEVs ZW1lbnRJZlBvc3NpYmxlICsgNCA8PT0KKyAgICAgICAgNDcgY29tLmFwcGxlLldlYkNvcmU6ICBX ZWJDb3JlOjpTY3JpcHRSdW5uZXI6OnRpbWVyRmlyZWQgKyA0NTIKKyAgICAgICAgNDcgY29tLmFw cGxlLldlYkNvcmU6ICBXZWJDb3JlOjpUaHJlYWRUaW1lcnM6OnNoYXJlZFRpbWVyRmlyZWRJbnRl cm5hbCArIDE3NQorCisgICAgICAgIFRoZSBtb3N0IGxpa2VseSBjYXVzZSBzZWVtcyB0byBiZSB0 aGF0IHRoaXMgY29kZQorCisgICAgICAgICAgICBBU1NFUlQobV9wZW5kaW5nQXN5bmNTY3JpcHRz LmNvbnRhaW5zKHNjcmlwdEVsZW1lbnQpKTsKKyAgICAgICAgICAgIG1fc2NyaXB0c1RvRXhlY3V0 ZVNvb24uYXBwZW5kKG1fcGVuZGluZ0FzeW5jU2NyaXB0cy50YWtlKHNjcmlwdEVsZW1lbnQpKTsK KworICAgICAgICBpbiBTY3JpcHRSdW5uZXI6Om5vdGlmeVNjcmlwdFJlYWR5IGZhaWxzIHRvIGZp bmQgc2NyaXB0RWxlbWVudCBhbmQgd2UgYXJlIGxlZnQgd2l0aCBudWxsIGVudHJ5IGluCisgICAg ICAgIG1fc2NyaXB0c1RvRXhlY3V0ZVNvb24uIEhvd2V2ZXIgSSBoYXZlbid0IG1hbmFnZWQgdG8g cmVwcm8gdGhpcyBvciBmaW5kIHRoZSBleGFjdCBwYXRoIGhvdyB0aGlzCisgICAgICAgIGNvdWxk IGhhcHBlbi4gVGhlIHJlbGF0ZWQgY29kZSBpcyBmcmFnaWxlIHdpdGggbG90IG9mIHN0YXRlIChl c3BlY2lhbGx5IGluIFNjcmlwdEVsZW1lbnQgY2xhc3MpCisgICAgICAgIGFuZCBpbnZvbHZlcyBt YW55IG9wcG9ydHVuaXRpZXMgZm9yIHJlLWVudHJ5IHZpYSBzY3JpcHRzLgorCisgICAgICAgIE5v IHJlcHJvLCBubyB0ZXN0IGNhc2UuCisKKyAgICAgICAgKiBkb20vU2NyaXB0UnVubmVyLmNwcDoK KyAgICAgICAgKFdlYkNvcmU6OlNjcmlwdFJ1bm5lcjo6dGltZXJGaXJlZCk6CisKKyAgICAgICAg ICAgIFBhcGVyIHRoaXMgb3ZlciBieSBhZGRpbmcgYSBudWxsIGNoZWNrLiBXZSBjb3VsZCBjaGVj ayBtX3BlbmRpbmdBc3luY1NjcmlwdHMudGFrZSgpIGFib3ZlCisgICAgICAgICAgICBidXQgdGhp cyBhbHNvIGNvdmVycyBwb3NzaWJpbGl0eSB0aGlzIGlzIGNhdXNlZCBieSBzb21ldGhpbmcgZWxz ZS4KKwogMjAxNS0wNC0yMiAgWGFiaWVyIFJvZHJpZ3VleiBDYWx2YXIgIDxjYWx2YXJpc0BpZ2Fs aWEuY29tPiBhbmQgWW91ZW5uIEZhYmxldCAgPHlvdWVubi5mYWJsZXRAY3JmLmNhbm9uLmZyPgog CiAgICAgICAgIFtTdHJlYW1zIEFQSV0gSW1wbGVtZW50IFJlYWRhYmxlU3RyZWFtQ29udHJvbGxl cgpJbmRleDogU291cmNlL1dlYkNvcmUvZG9tL1NjcmlwdFJ1bm5lci5jcHAKPT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQot LS0gU291cmNlL1dlYkNvcmUvZG9tL1NjcmlwdFJ1bm5lci5jcHAJKHJldmlzaW9uIDE4Mjk4MikK KysrIFNvdXJjZS9XZWJDb3JlL2RvbS9TY3JpcHRSdW5uZXIuY3BwCSh3b3JraW5nIGNvcHkpCkBA IC0xMTQsNiArMTE0LDEwIEBAIHZvaWQgU2NyaXB0UnVubmVyOjp0aW1lckZpcmVkKCkKICAgICBm b3IgKHNpemVfdCBpID0gMDsgaSA8IHNpemU7ICsraSkgewogICAgICAgICBDYWNoZWRTY3JpcHQq IGNhY2hlZFNjcmlwdCA9IHNjcmlwdHNbaV0uY2FjaGVkU2NyaXB0KCk7CiAgICAgICAgIFJlZlB0 cjxFbGVtZW50PiBlbGVtZW50ID0gc2NyaXB0c1tpXS5yZWxlYXNlRWxlbWVudEFuZENsZWFyKCk7 CisgICAgICAgIEFTU0VSVChlbGVtZW50KTsKKyAgICAgICAgLy8gUGFwZXIgb3ZlciBodHRwczov L2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTQ0MDUwCisgICAgICAgIGlmICghZWxl bWVudCkKKyAgICAgICAgICAgIGNvbnRpbnVlOwogICAgICAgICB0b1NjcmlwdEVsZW1lbnRJZlBv c3NpYmxlKGVsZW1lbnQuZ2V0KCkpLT5leGVjdXRlKGNhY2hlZFNjcmlwdCk7CiAgICAgICAgIG1f ZG9jdW1lbnQuZGVjcmVtZW50TG9hZEV2ZW50RGVsYXlDb3VudCgpOwogICAgIH0K