57431 2011-03-30 00:59:46 -0700 Crash when dynamically adding input fields with certain css and attributes to a div 2011-03-30 21:38:33 -0700 1 1 1 Unclassified WebKit Layout and Rendering 528+ (Nightly build) Mac (Intel) OS X 10.6 RESOLVED DUPLICATE 46088 http://jsfiddle.net/jbrichau/cERX6/ P1 Normal --- 1 johan webkit-unassigned aestes ap mitz simon.fraser tkent oldest_to_newest 376121 0 johan 2011-03-30 00:59:46 -0700 The fiddle that is available in the url shows how webkit crashes when I dynamically add input fields to a div. On Webkit or Safari, it takes a couple of seconds before it crashes. On Chrome, I get the 'aw snap' page. I just tried it on the Webkit nightly build of March 30th 2011. The first link in the page makes webkit crash. This one adds two input fields to the page using jquery. The second link makes the password input field appear twice on the same page. Although only a single one exists in the DOM. The difference is that we left out the label of the password field. The third link makes it work. Here, we removed the autofocus attribute from the first input field. If we remove the css, it works as well. However, all the above are workarounds trying to circumvent a problem I am unable to pinpoint, but which seems to be in webkit. 376424 1 ap 2011-03-30 10:06:01 -0700 Could you please attach a self-contained test case to this Bugzilla bug? It's better to have everything pertinent to an issue in one place, not on 3rd party servers. Asserts with a debug build of ToT: ASSERTION FAILED: !renderer() /Users/ap/Safari/OpenSource/Source/WebCore/dom/Node.cpp(1449) : void WebCore::Node::createRendererIfNeeded() 1 WebCore::Node::createRendererIfNeeded() 2 WebCore::Element::attach() 3 WebCore::ContainerNode::attach() 4 WebCore::Element::attach() 5 WebCore::HTMLFormControlElement::attach() 6 WebCore::ContainerNode::appendChild(WTF::PassRefPtr<WebCore::Node>, int&, bool) 7 WebCore::replaceChildrenWithFragment(WebCore::HTMLElement*, WTF::PassRefPtr<WebCore::DocumentFragment>, int&) 8 WebCore::HTMLElement::setInnerHTML(WTF::String const&, int&) 9 WebCore::setJSHTMLElementInnerHTML(JSC::ExecState*, JSC::JSObject*, JSC::JSValue) 10 bool JSC::lookupPut<WebCore::JSHTMLElement>(JSC::ExecState*, JSC::Identifier const&, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLElement*) 11 void JSC::lookupPut<WebCore::JSHTMLElement, WebCore::JSElement>(JSC::ExecState*, JSC::Identifier const&, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLElement*, JSC::PutPropertySlot&) <...> 376432 2 87559 johan 2011-03-30 10:16:04 -0700 Created attachment 87559 self-contained testcase 376934 3 tkent 2011-03-30 21:38:01 -0700 This is a variant of the autofocus issue, Bug 46088. I confirmed a patch in Bug 46088 fixed the problem in the attachment johan posted. However some reviewers didn't like the patches in Bug 46088. Do you have any good idea to fix this issue? 376935 4 tkent 2011-03-30 21:38:33 -0700 *** This bug has been marked as a duplicate of bug 46088 *** 87559 2011-03-30 10:16:04 -0700 2011-03-30 10:16:04 -0700 self-contained testcase index.html text/html 1943 johan PCFET0NUWVBFIGh0bWw+CjxodG1sIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5L3hodG1s IiB4bWw6bGFuZz0iZW4iIGxhbmc9ImVuIj4KCTxoZWFkPgoJCTx0aXRsZT4KCQkJU2Vhc2lkZQoJ CTwvdGl0bGU+CgkJPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1UeXBlIiBjb250ZW50PSJ0ZXh0 L2h0bWw7IGNoYXJzZXQ9dXRmLTgiIC8+CgkJPG1ldGEgaHR0cC1lcXVpdj0iQ29udGVudC1TY3Jp cHQtVHlwZSIgY29udGVudD0idGV4dC9qYXZhc2NyaXB0IiAvPgoJCTxsaW5rIHJlbD0ic3R5bGVz aGVldCIgdHlwZT0idGV4dC9jc3MiIGhyZWY9Ii4vc3RyaXBwZWQuY3NzIiAvPgoJCTxzdHlsZT4K CQkJZGl2OmVtcHR5IHsKCQkgIAkJaGVpZ2h0OiA5cHg7IH0KCgkJCQlkaXY6ZW1wdHkgIHsKCQkg IAkJCWNvbG9yOiAjMDA1QUI4OyB9CgkJPC9zdHlsZT4JCQoJCTxzY3JpcHQgc3JjPSJodHRwOi8v YWpheC5nb29nbGVhcGlzLmNvbS9hamF4L2xpYnMvanF1ZXJ5LzEuNS4xL2pxdWVyeS5taW4uanMi IHR5cGU9InRleHQvamF2YXNjcmlwdCI+PC9zY3JpcHQ+CgkJPHNjcmlwdCB0eXBlPSJ0ZXh0L2ph dmFzY3JpcHQiPgoJCS8vRHluYW1pY2FsbHkgYWRkaW5nIGEgbG9naW4gYW5kIHBhc3N3b3JkIGlu cHV0IGZpZWxkIHdpdGggYXV0b2ZvY3VzIG9uIHRoZSBsb2dpbiBmaWVsZCB0byBhIGRpdiB0aGF0 IGlzIHN1YmplY3QgdG8gdGhlIGNzcyB0aGF0IGlzIHNob3duLgoJCWZ1bmN0aW9uIG1ha2VpdGNy YXNoKCkgewoJCSAgICAkKCcjZGl2JykuaHRtbCgnPGZpZWxkc2V0PjxkaXY+PGxhYmVsPkxvZ2lu PC9sYWJlbD48aW5wdXQgYXV0b2ZvY3VzIG5hbWU9XCIxXCIgdmFsdWU9XCJ1c2VyXCIgdHlwZT1c InRleHRcIj48XC9kaXY+PGRpdj48bGFiZWw+UGFzc3dvcmQ8L2xhYmVsPjxpbnB1dCB0eXBlPVwi dGV4dFwiIG5hbWU9XCIyXCIgdmFsdWU9XCJwYXNzXCI+PC9kaXY+PC9maWVsZHNldD4nKTsKCQl9 CgoJCS8vV2hlbiBsZWF2aW5nIG91dCB0aGUgbGFiZWwsIHRoZSBwYXNzd29yZCBpbnB1dCBmaWVs ZCBpcyByZW5kZXJlZCB0d2ljZSwgYnV0IGlzIHByZXNlbnQgb25seSBvbmNlIGluIHRoZSBET00h CgkJZnVuY3Rpb24gbWFrZWl0Z293ZWlyZCgpIHsKCQkgICAgJCgnI2RpdicpLmh0bWwoJzxmaWVs ZHNldD48ZGl2PjxsYWJlbD5Mb2dpbjwvbGFiZWw+PGlucHV0IGF1dG9mb2N1cyBuYW1lPVwiMVwi IHZhbHVlPVwidXNlclwiIHR5cGU9XCJ0ZXh0XCI+PFwvZGl2PjxkaXY+PGlucHV0IHR5cGU9XCJ0 ZXh0XCIgbmFtZT1cIjJcIiB2YWx1ZT1cInBhc3NcIj48L2Rpdj48L2ZpZWxkc2V0PicpOwoJCX0K CgkJLy9XaGVuIGxlYXZpbmcgb3V0IHRoZSBhdXRvZm9jdXMgYXR0cmlidXRlIG9mIHRoZSBsb2dp biBmaWVsZCwgYWxsIGlzIGdvaW5nIHdlbGwuCgkJZnVuY3Rpb24gbWFrZWl0d29yaygpIHsKCQkg ICAgJCgnI2RpdicpLmh0bWwoJzxmaWVsZHNldD48ZGl2PjxsYWJlbD5Mb2dpbjwvbGFiZWw+PGlu cHV0IG5hbWU9XCIxXCIgdmFsdWU9XCJ1c2VyXCIgdHlwZT1cInRleHRcIj48XC9kaXY+PGRpdj48 bGFiZWw+UGFzc3dvcmQ8L2xhYmVsPjxpbnB1dCB0eXBlPVwidGV4dFwiIG5hbWU9XCIyXCIgdmFs dWU9XCJwYXNzXCI+PC9kaXY+PC9maWVsZHNldD4nKTsKCQl9CgkJPC9zY3JpcHQ+Cgk8L2hlYWQ+ Cgk8Ym9keT4KCQk8ZGl2IGlkPSJkaXYiPjwvZGl2PgoJCTxhIGhyZWY9IiMiIG9uY2xpY2s9Im1h a2VpdGNyYXNoKCkiPmNsaWNrIG1lIHRvIG1ha2UgbWUgY3Jhc2g8L2E+PGJyLz4KCQk8YSBocmVm PSIjIiBvbmNsaWNrPSJtYWtlaXRnb3dlaXJkKCkiPmNsaWNrIG1lIHRvIGhhdmUgYSBzaW5nbGUg aW5wdXQgcmVuZGVyZWQgdHdpY2UgPC9hPjxici8+CgkJPGEgaHJlZj0iIyIgb25jbGljaz0ibWFr ZWl0d29yaygpIj5jbGljayBtZSB0byBtYWtlIGl0IHdvcmsgPC9hPjxici8+Cgk8L2JvZHk+Cjwv aHRtbD4=