Bug 144050

Summary: CrashTracer: WebProcess at com.apple.WebCore: WebCore::toScriptElementIfPossible + 4
Product: WebKit Reporter: Antti Koivisto <koivisto>
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, commit-queue, ddkilzer, esprehn+autocc, gavinp, kangil.han, lquinn
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch cdumez: review+

Antti Koivisto
Reported 2015-04-22 10:32:10 PDT
47 com.apple.WebCore: WebCore::toScriptElementIfPossible + 4 <== 47 com.apple.WebCore: WebCore::ScriptRunner::timerFired + 452 47 com.apple.WebCore: WebCore::ThreadTimers::sharedTimerFiredInternal + 175 47 com.apple.WebCore: WebCore::timerFired + 58 47 com.apple.CoreFoundation: __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20 47 com.apple.CoreFoundation: __CFRunLoopDoTimer + 557 47 com.apple.CoreFoundation: __CFRunLoopRun + 1529
Attachments
patch (2.50 KB, patch)
2015-04-22 11:20 PDT, Antti Koivisto 		cdumez: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Antti Koivisto
Comment 1 2015-04-22 10:32:35 PDT
<rdar://problem/15534973>
Antti Koivisto
Comment 2 2015-04-22 11:20:57 PDT
Created attachment 251342 [details] patch
Chris Dumez
Comment 3 2015-04-22 13:31:07 PDT
Comment on attachment 251342 [details] patch View in context: https://bugs.webkit.org/attachment.cgi?id=251342&action=review r=me as it seems safe but we should revisit this later on. > Source/WebCore/ChangeLog:5 > + Would be nice to have the radar here as well. > Source/WebCore/ChangeLog:19 > + in ScriptRunner::notifyScriptReady fails to find scriptElement and we are left with null entry in s/in/If
Antti Koivisto
Comment 4 2015-04-23 00:59:28 PDT
https://trac.webkit.org/r183178
Liam Quinn
Comment 5 2015-05-04 15:04:11 PDT
In builds without the fix, I can reproduce this crash reliably by visiting http://www.hifi-forum.de/viewthread-152-4332.html (using the BlackBerry port or EFL port).
Chris Dumez
Comment 6 2015-05-04 15:42:26 PDT
(In reply to comment #5) > In builds without the fix, I can reproduce this crash reliably by visiting > http://www.hifi-forum.de/viewthread-152-4332.html (using the BlackBerry port > or EFL port). I have just tried visiting this URL with WebKit ToT / Mac port and it did not crash.
Antti Koivisto
Comment 7 2015-05-05 01:15:09 PDT
(In reply to comment #5) > In builds without the fix, I can reproduce this crash reliably by visiting > http://www.hifi-forum.de/viewthread-152-4332.html (using the BlackBerry port > or EFL port). I can't repro it either. Could you try debugging it? Just reproing the crash on debug build might give a backtrace explaining how this becomes null.
Liam Quinn
Comment 8 2015-05-05 13:18:06 PDT
Unfortunately, it's no longer reproducing for me today.
Note You need to log in before you can comment on or make changes to this bug.