Bug 21265

Summary: Crash in RenderObject::containingBlock() opening chess.com live chess
Product: WebKit Reporter: August Mueller <gus>
Component: Layout and RenderingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED CONFIGURATION CHANGED    
Severity: Normal CC: ahmad.saleem792, gus, zwarich
Priority: P1 Keywords: NeedsReduction
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
URL: http://www.chess.com/livechess/play/

August Mueller
Reported 2008-09-30 20:38:48 PDT
This is using "WebKit-SVN-r37126" If you open up "Live Chess" on chess.com, and the close the little welcome box that appears, WebKit crashes. Sorry I don't have a better reproducible case for this- the page is ... complicated to say the least. Here is the stack trace: Thread 0 Crashed: 0 ??? 0x2baee432 0 + 732881970 1 com.apple.WebCore 0x011e6d2b WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 203 2 com.apple.WebCore 0x011eb9d9 WebCore::RenderBlock::layoutBlock(bool) + 1769 3 com.apple.WebCore 0x011dc4f8 WebCore::RenderBlock::layout() + 40 4 com.apple.WebCore 0x011e756b WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 2315 5 com.apple.WebCore 0x011eb9d9 WebCore::RenderBlock::layoutBlock(bool) + 1769 6 com.apple.WebCore 0x011dc4f8 WebCore::RenderBlock::layout() + 40 7 com.apple.WebCore 0x011e756b WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 2315 8 com.apple.WebCore 0x011eb9d9 WebCore::RenderBlock::layoutBlock(bool) + 1769 9 com.apple.WebCore 0x011dc4f8 WebCore::RenderBlock::layout() + 40 10 com.apple.WebCore 0x0126de78 WebCore::RenderView::layout() + 296 11 com.apple.WebCore 0x00f8ae79 WebCore::FrameView::layout(bool) + 649 12 com.apple.WebCore 0x00ef9c40 WebCore::Document::updateLayout() + 112 13 com.apple.WebCore 0x0121a646 WebCore::RenderLayer::hitTest(WebCore::HitTestRequest const&, WebCore::HitTestResult&) + 38 14 com.apple.WebCore 0x00ef8c02 WebCore::Document::prepareMouseEvent(WebCore::HitTestRequest const&, WebCore::IntPoint const&, WebCore::PlatformMouseEvent const&) + 66 15 com.apple.WebCore 0x00f37118 WebCore::EventHandler::prepareMouseEvent(WebCore::HitTestRequest const&, WebCore::PlatformMouseEvent const&) + 88 16 com.apple.WebCore 0x00f3f357 WebCore::EventHandler::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&, WebCore::HitTestResult*) + 439 17 com.apple.WebCore 0x00f4150c WebCore::EventHandler::passSubframeEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*, WebCore::HitTestResult*) + 652 18 com.apple.WebCore 0x00f415d6 WebCore::EventHandler::passMouseMoveEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*, WebCore::HitTestResult*) + 38 19 com.apple.WebCore 0x00f3f52c WebCore::EventHandler::handleMouseMoveEvent(WebCore::PlatformMouseEvent const&, WebCore::HitTestResult*) + 908 20 com.apple.WebCore 0x00f3f7ce WebCore::EventHandler::mouseMoved(WebCore::PlatformMouseEvent const&) + 62 21 com.apple.WebCore 0x00f3ffe0 WebCore::EventHandler::mouseMoved(NSEvent*) + 256 22 com.apple.WebKit 0x001c8088 -[WebHTMLView(WebPrivate) _updateMouseoverWithEvent:] + 904 23 com.apple.WebKit 0x001bca15 -[WebHTMLView(WebPrivate) _updateMouseoverWithFakeEvent] + 389 24 com.apple.WebKit 0x001c228e -[WebHTMLView mouseUp:] + 238 25 com.apple.AppKit 0x96396809 -[NSWindow sendEvent:] + 5539 26 com.apple.Safari 0x0002bb53 0x1000 + 174931 27 com.apple.AppKit 0x96363311 -[NSApplication sendEvent:] + 2941 28 com.apple.Safari 0x0002b5d8 0x1000 + 173528 29 com.apple.AppKit 0x962c0d0f -[NSApplication run] + 847 30 com.apple.AppKit 0x9628df14 NSApplicationMain + 574 31 com.apple.Safari 0x000ba4d6 0x1000 + 758998
Attachments
Add attachment proposed patch, testcase, etc.
Matt Lilek
Comment 1 2008-09-30 22:04:48 PDT
Confirmed with r37088. I didn't have to close the window in my debug build - it crashed as the pop up it opening was beginning to render. Thread 0 Crashed: 0 com.apple.WebCore 0x037aec34 WebCore::RenderObject::containingBlock() const + 16 (RenderObject.cpp:792) 1 com.apple.WebCore 0x037550ba WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 218 (RenderBlock.cpp:1235) 2 com.apple.WebCore 0x037576d8 WebCore::RenderBlock::layoutBlock(bool) + 1426 (RenderBlock.cpp:657) 3 com.apple.WebCore 0x03745008 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:564) [snip]
Matt Lilek
Comment 2 2008-09-30 22:07:30 PDT
s/opening/opened
August Mueller
Comment 3 2008-10-25 13:40:07 PDT
I've narrowed down the crash to build svn revision 36427. It works ok in 36426, although at some point "Debugger() called!" is printed out when loading a plugin I think. WebKit ends up dying in deref() on line 92 of RegisterID.h: ASSERT(m_refCount >= 0); m_refCount is -1. And here's the stack trace for 36427: Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x0049b672 JSC::RegisterID::deref() + 82 (RegisterID.h:92) 1 com.apple.JavaScriptCore 0x0049e70b WTF::RefPtr<JSC::RegisterID>::~RefPtr() + 31 2 com.apple.JavaScriptCore 0x00471311 JSC::CodeGenerator::emitConstruct(JSC::RegisterID*, JSC::RegisterID*, JSC::ArgumentsNode*) + 749 (CodeGenerator.cpp:1129) 3 com.apple.JavaScriptCore 0x00471eff JSC::NewExprNode::emitCode(JSC::CodeGenerator&, JSC::RegisterID*) + 167 (nodes.cpp:412) 4 com.apple.JavaScriptCore 0x004ba19e JSC::CodeGenerator::emitNode(JSC::RegisterID*, JSC::Node*) + 310 (CodeGenerator.h:177) 5 com.apple.JavaScriptCore 0x004773dc JSC::ReturnNode::emitCode(JSC::CodeGenerator&, JSC::RegisterID*) + 146 (nodes.cpp:1440) 6 com.apple.JavaScriptCore 0x004ba19e JSC::CodeGenerator::emitNode(JSC::RegisterID*, JSC::Node*) + 310 (CodeGenerator.h:177) 7 com.apple.JavaScriptCore 0x0044b4b2 JSC::statementListEmitCode(WTF::Vector<WTF::RefPtr<JSC::StatementNode>, 0ul>&, JSC::CodeGenerator&, JSC::RegisterID*) + 130 (nodes.cpp:1085) 8 com.apple.JavaScriptCore 0x00470c8c JSC::FunctionBodyNode::emitCode(JSC::CodeGenerator&, JSC::RegisterID*) + 80 (nodes.cpp:1820) 9 com.apple.JavaScriptCore 0x0044fed6 JSC::CodeGenerator::generate() + 116 (CodeGenerator.cpp:140) 10 com.apple.JavaScriptCore 0x0046f35d JSC::FunctionBodyNode::generateCode(JSC::ScopeChainNode*) + 407 (nodes.cpp:1813) 11 com.apple.JavaScriptCore 0x0050a14f JSC::FunctionBodyNode::byteCode(JSC::ScopeChainNode*) + 109 (nodes.h:2259) 12 com.apple.JavaScriptCore 0x004f859f JSC::Machine::cti_op_call_JSFunction(void*) + 289 (Machine.cpp:4274) 13 ??? 0x1fcb3793 0 + 533411731 14 com.apple.JavaScriptCore 0x004f8a48 JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue**) + 746 (Machine.cpp:906) 15 com.apple.JavaScriptCore 0x00459215 JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) + 139 (JSFunction.cpp:71) 16 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*, JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList const&) + 149 (CallData.cpp:39) 17 com.apple.JavaScriptCore 0x004623f2 JSC::functionProtoFuncApply(JSC::ExecState*, JSC::JSObject*, JSC::JSValue*, JSC::ArgList const&) + 494 (FunctionPrototype.cpp:107) 18 com.apple.JavaScriptCore 0x004f82a7 JSC::Machine::cti_op_call_NotJSFunction(void*) + 419 (Machine.cpp:4329) 19 ??? 0x1ddb1670 0 + 500897392 20 com.apple.JavaScriptCore 0x004f8a48 JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue**) + 746 (Machine.cpp:906) 21 com.apple.JavaScriptCore 0x00459215 JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) + 139 (JSFunction.cpp:71) 22 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*, JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList const&) + 149 (CallData.cpp:39) 23 com.apple.JavaScriptCore 0x004621f1 JSC::functionProtoFuncCall(JSC::ExecState*, JSC::JSObject*, JSC::JSValue*, JSC::ArgList const&) + 227 (FunctionPrototype.cpp:127) 24 com.apple.JavaScriptCore 0x004f82a7 JSC::Machine::cti_op_call_NotJSFunction(void*) + 419 (Machine.cpp:4329) 25 ??? 0x1ddb1b3f 0 + 500898623 26 com.apple.JavaScriptCore 0x004f8a48 JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue**) + 746 (Machine.cpp:906) 27 com.apple.JavaScriptCore 0x00459215 JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) + 139 (JSFunction.cpp:71) 28 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*, JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList const&) + 149 (CallData.cpp:39) 29 com.apple.JavaScriptCore 0x004621f1 JSC::functionProtoFuncCall(JSC::ExecState*, JSC::JSObject*, JSC::JSValue*, JSC::ArgList const&) + 227 (FunctionPrototype.cpp:127) 30 com.apple.JavaScriptCore 0x004f82a7 JSC::Machine::cti_op_call_NotJSFunction(void*) + 419 (Machine.cpp:4329) 31 ??? 0x1ddab71e 0 + 500872990 32 com.apple.JavaScriptCore 0x004f8a48 JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue**) + 746 (Machine.cpp:906) 33 com.apple.JavaScriptCore 0x00459215 JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) + 139 (JSFunction.cpp:71) 34 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*, JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList const&) + 149 (CallData.cpp:39) 35 com.apple.JavaScriptCore 0x004623f2 JSC::functionProtoFuncApply(JSC::ExecState*, JSC::JSObject*, JSC::JSValue*, JSC::ArgList const&) + 494 (FunctionPrototype.cpp:107) 36 com.apple.JavaScriptCore 0x004f82a7 JSC::Machine::cti_op_call_NotJSFunction(void*) + 419 (Machine.cpp:4329) 37 ??? 0x1fcad7d1 0 + 533387217 38 com.apple.JavaScriptCore 0x004f8a48 JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue**) + 746 (Machine.cpp:906) 39 com.apple.JavaScriptCore 0x00459215 JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) + 139 (JSFunction.cpp:71) 40 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*, JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList const&) + 149 (CallData.cpp:39) 41 com.apple.JavaScriptCore 0x004623f2 JSC::functionProtoFuncApply(JSC::ExecState*, JSC::JSObject*, JSC::JSValue*, JSC::ArgList const&) + 494 (FunctionPrototype.cpp:107) 42 com.apple.JavaScriptCore 0x004f82a7 JSC::Machine::cti_op_call_NotJSFunction(void*) + 419 (Machine.cpp:4329) 43 ??? 0x1fcad7d1 0 + 533387217 44 com.apple.JavaScriptCore 0x004f8a48 JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue**) + 746 (Machine.cpp:906) 45 com.apple.JavaScriptCore 0x00459215 JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) + 139 (JSFunction.cpp:71) 46 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*, JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList const&) + 149 (CallData.cpp:39) 47 com.apple.JavaScriptCore 0x004623f2 JSC::functionProtoFuncApply(JSC::ExecState*, JSC::JSObject*, JSC::JSValue*, JSC::ArgList const&) + 494 (FunctionPrototype.cpp:107) 48 com.apple.JavaScriptCore 0x004f82a7 JSC::Machine::cti_op_call_NotJSFunction(void*) + 419 (Machine.cpp:4329) 49 ??? 0x1fcad7d1 0 + 533387217 50 com.apple.JavaScriptCore 0x004f8a48 JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue**) + 746 (Machine.cpp:906) 51 com.apple.JavaScriptCore 0x00459215 JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) + 139 (JSFunction.cpp:71) 52 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*, JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList const&) + 149 (CallData.cpp:39) 53 com.apple.JavaScriptCore 0x004623f2 JSC::functionProtoFuncApply(JSC::ExecState*, JSC::JSObject*, JSC::JSValue*, JSC::ArgList const&) + 494 (FunctionPrototype.cpp:107) 54 com.apple.JavaScriptCore 0x004f82a7 JSC::Machine::cti_op_call_NotJSFunction(void*) + 419 (Machine.cpp:4329) 55 ??? 0x1fcad7d1 0 + 533387217 56 com.apple.JavaScriptCore 0x004f8a48 JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue**) + 746 (Machine.cpp:906) 57 com.apple.JavaScriptCore 0x00459215 JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) + 139 (JSFunction.cpp:71) 58 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*, JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList const&) + 149 (CallData.cpp:39) 59 com.apple.JavaScriptCore 0x004623f2 JSC::functionProtoFuncApply(JSC::ExecState*, JSC::JSObject*, JSC::JSValue*, JSC::ArgList const&) + 494 (FunctionPrototype.cpp:107) 60 com.apple.JavaScriptCore 0x004f82a7 JSC::Machine::cti_op_call_NotJSFunction(void*) + 419 (Machine.cpp:4329) 61 ??? 0x1cfe0383 0 + 486409091 62 com.apple.JavaScriptCore 0x004f8a48 JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue**) + 746 (Machine.cpp:906) 63 com.apple.JavaScriptCore 0x00459215 JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) + 139 (JSFunction.cpp:71) 64 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*, JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList const&) + 149 (CallData.cpp:39) 65 com.apple.JavaScriptCore 0x004623f2 JSC::functionProtoFuncApply(JSC::ExecState*, JSC::JSObject*, JSC::JSValue*, JSC::ArgList const&) + 494 (FunctionPrototype.cpp:107) 66 com.apple.JavaScriptCore 0x004f82a7 JSC::Machine::cti_op_call_NotJSFunction(void*) + 419 (Machine.cpp:4329) 67 ??? 0x1cfe0383 0 + 486409091 68 com.apple.JavaScriptCore 0x004f8a48 JSC::Machine::execute(JSC::FunctionBodyNode*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue**) + 746 (Machine.cpp:906) 69 com.apple.JavaScriptCore 0x00459215 JSC::JSFunction::call(JSC::ExecState*, JSC::JSValue*, JSC::ArgList const&) + 139 (JSFunction.cpp:71) 70 com.apple.JavaScriptCore 0x004592b1 JSC::call(JSC::ExecState*, JSC::JSValue*, JSC::CallType, JSC::CallData const&, JSC::JSValue*, JSC::ArgList const&) + 149 (CallData.cpp:39) 71 com.apple.WebCore 0x038f7866 WebCore::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 664 (JSEventListener.cpp:97) 72 com.apple.WebCore 0x033d3bbd WebCore::Document::handleWindowEvent(WebCore::Event*, bool) + 281 (Document.cpp:2664) 73 com.apple.WebCore 0x0343a5fb WebCore::EventTargetNode::dispatchWindowEvent(WTF::PassRefPtr<WebCore::Event>) + 265 (EventTargetNode.cpp:158) 74 com.apple.WebCore 0x0343c596 WebCore::EventTargetNode::dispatchWindowEvent(WebCore::AtomicString const&, bool, bool) + 168 (EventTargetNode.cpp:165) 75 com.apple.WebCore 0x033d926d WebCore::Document::implicitClose() + 717 (Document.cpp:1563) 76 com.apple.WebCore 0x034788c6 WebCore::FrameLoader::checkCallImplicitClose() + 226 (FrameLoader.cpp:1345) 77 com.apple.WebCore 0x03484fc8 WebCore::FrameLoader::checkCompleted() + 268 (FrameLoader.cpp:1300) 78 com.apple.WebCore 0x0348511b WebCore::FrameLoader::loadDone() + 39 (FrameLoader.cpp:1264) 79 com.apple.WebCore 0x033cd103 WebCore::DocLoader::setLoadInProgress(bool) + 109 (DocLoader.cpp:263) 80 com.apple.WebCore 0x03902a4a WebCore::Loader::Host::didFinishLoading(WebCore::SubresourceLoader*) + 494 (loader.cpp:306) 81 com.apple.WebCore 0x0387b811 WebCore::SubresourceLoader::didFinishLoading() + 169 (SubresourceLoader.cpp:195) 82 com.apple.WebCore 0x0379a4e0 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) + 24 (ResourceLoader.cpp:399) 83 com.apple.WebCore 0x03797aec -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 160 (ResourceHandleMac.mm:530) 84 com.apple.Foundation 0x91585097 -[NSURLConnection(NSURLConnectionReallyInternal) sendDidFinishLoading] + 87 85 com.apple.Foundation 0x91585003 _NSURLConnectionDidFinishLoading + 147 86 com.apple.CFNetwork 0x92ba3209 sendDidFinishLoadingCallback + 148 87 com.apple.CFNetwork 0x92bbeed3 handleCacheResponseIsValid + 157 88 com.apple.CFNetwork 0x92b9ff22 _CFURLConnectionSendCallbacks + 1153 89 com.apple.CFNetwork 0x92b9fa25 muxerSourcePerform + 283 90 com.apple.CoreFoundation 0x93c3c615 CFRunLoopRunSpecific + 3141 91 com.apple.CoreFoundation 0x93c3ccf8 CFRunLoopRunInMode + 88 92 com.apple.HIToolbox 0x9123c480 RunCurrentEventLoopInMode + 283 93 com.apple.HIToolbox 0x9123c299 ReceiveNextEventCommon + 374 94 com.apple.HIToolbox 0x9123c10d BlockUntilNextEventMatchingListInMode + 106 95 com.apple.AppKit 0x962c83ed _DPSNextEvent + 657 96 com.apple.AppKit 0x962c7ca0 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 97 com.apple.Safari 0x000086be 0x1000 + 30398 98 com.apple.AppKit 0x962c0cdb -[NSApplication run] + 795 99 com.apple.AppKit 0x9628df14 NSApplicationMain + 574 100 com.apple.Safari 0x000ba4d6 0x1000 + 758998
Eric Seidel (no email)
Comment 4 2008-11-11 10:44:27 PST
The URL has moved: http://www.chess.com/livechess/ But I'm not sure what window I'm supposed to open/close to get the crash? Do I need to be a member of chess.com?
August Mueller
Comment 5 2008-11-11 10:52:09 PST
Yea- sorry, it looks like it doesn't allow guest accounts. Pressing the big green "PLAY LIVE CHESS" button on http://www.chess.com/livechess/ pops up the window, but if you aren't logged in, it'll ask you to.
August Mueller
Comment 6 2008-11-11 10:57:56 PST
Ok, good news- the latest nightly (r38297 / Version 3.1.2 (5525.20.1)) doesn't crash anymore. hurray!
Ahmad Saleem
Comment 7 2024-01-31 16:32:57 PST
Closing based on bug report confirmation that it got fixed in latest WebKit Nightly years ago.
Note You need to log in before you can comment on or make changes to this bug.