Bug 144050

Summary: CrashTracer: WebProcess at com.apple.WebCore: WebCore::toScriptElementIfPossible + 4
Product: WebKit Reporter: Antti Koivisto <koivisto>
Component: Page LoadingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, commit-queue, ddkilzer, esprehn+autocc, gavinp, kangil.han, lquinn
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch cdumez: review+

Description Antti Koivisto 2015-04-22 10:32:10 PDT 
47 com.apple.WebCore:  WebCore::toScriptElementIfPossible + 4 <==
        47 com.apple.WebCore:  WebCore::ScriptRunner::timerFired + 452
          47 com.apple.WebCore:  WebCore::ThreadTimers::sharedTimerFiredInternal + 175
            47 com.apple.WebCore:  WebCore::timerFired + 58
              47 com.apple.CoreFoundation:  __CFRUNLOOP_IS_CALLING_OUT_TO_A_TIMER_CALLBACK_FUNCTION__ + 20
                47 com.apple.CoreFoundation:  __CFRunLoopDoTimer + 557
                  47 com.apple.CoreFoundation:  __CFRunLoopRun + 1529
Comment 1 Antti Koivisto 2015-04-22 10:32:35 PDT 
<rdar://problem/15534973>
Comment 2 Antti Koivisto 2015-04-22 11:20:57 PDT 
Created attachment 251342 [details]
patch
Comment 3 Chris Dumez 2015-04-22 13:31:07 PDT 
Comment on attachment 251342 [details]
patch

View in context: https://bugs.webkit.org/attachment.cgi?id=251342&action=review

r=me as it seems safe but we should revisit this later on.

> Source/WebCore/ChangeLog:5
> +

Would be nice to have the radar here as well.

> Source/WebCore/ChangeLog:19
> +        in ScriptRunner::notifyScriptReady fails to find scriptElement and we are left with null entry in

s/in/If
Comment 4 Antti Koivisto 2015-04-23 00:59:28 PDT 
https://trac.webkit.org/r183178
Comment 5 Liam Quinn 2015-05-04 15:04:11 PDT 
In builds without the fix, I can reproduce this crash reliably by visiting http://www.hifi-forum.de/viewthread-152-4332.html (using the BlackBerry port or EFL port).
Comment 6 Chris Dumez 2015-05-04 15:42:26 PDT 
(In reply to comment #5)
> In builds without the fix, I can reproduce this crash reliably by visiting
> http://www.hifi-forum.de/viewthread-152-4332.html (using the BlackBerry port
> or EFL port).

I have just tried visiting this URL with WebKit ToT / Mac port and it did not crash.
Comment 7 Antti Koivisto 2015-05-05 01:15:09 PDT 
(In reply to comment #5)
> In builds without the fix, I can reproduce this crash reliably by visiting
> http://www.hifi-forum.de/viewthread-152-4332.html (using the BlackBerry port
> or EFL port).

I can't repro it either. Could you try debugging it? Just reproing the crash on debug build might give a backtrace explaining how this becomes null.
Comment 8 Liam Quinn 2015-05-05 13:18:06 PDT 
Unfortunately, it's no longer reproducing for me today.