Bug 28948

Summary: reproducible freeze and crash on closing form popup at bosch-home.nl
Product: WebKit Reporter: Julian Gonggrijp <j.gonggrijp>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: cdobson, mathan.arulanandam, oliver
Priority: P1 Keywords: InRadar, NeedsReduction
Version: 528+ (Nightly build)   
Hardware: Mac (Intel)   
OS: OS X 10.5   
URL: http://www.bosch-home.nl/sitemap/quick-links/service/reparaties.html?rw=true
Attachments:
Description Flags
backtrace of the described crash
none
Fix support for return values provided by show modal dialog. mjs: review+

Description Julian Gonggrijp 2009-09-03 07:35:56 PDT 
I found this bug using Nightly build r48004.

To reproduce:
 - visit http://www.bosch-home.nl/sitemap/quick-links/service/reparaties.html?rw=true
 - about halfway the page in the wide center column, press the "Online Reparatieformulier" hyperlink; a form will open in a new window
 - next to the "E-Nr.*" input field, press the button with the downwards arrow symbol; a popup will open with a error message (because you didn't fill out the necessary fields)
 - by now, WebKit has already frozen more or less, e.g. you can't switch to another window anymore
 - close the popup with the close button or with the "Sluit Venster" hyperlink; after about a second WebKit crashes.

Backtrace is in the attachment.
The system console reports that Webkit exited abnormally because of a bus error.
Comment 1 Julian Gonggrijp 2009-09-03 07:37:48 PDT 
Created attachment 38989 [details]
backtrace of the described crash
Comment 2 Alexey Proskuryakov 2009-09-04 13:30:04 PDT 
Stack trace from debug build:

#0	0x009a1af9 in JSC::JSValue::toBoolean at JSCell.h:279
#1	0x00a25069 in cti_op_jtrue at JITStubs.cpp:2281
#2	0x00a23f20 in WTF::doubleHash at HashTable.h:437
#3	0x00a03979 in JSC::JITCode::execute at JITCode.h:79
#4	0x009ef971 in JSC::Interpreter::execute at Interpreter.cpp:721
#5	0x00951d25 in JSC::JSFunction::call at JSFunction.cpp:120
#6	0x00951e01 in JSC::call at CallData.cpp:39
#7	0x03fa19a3 in WebCore::JSEventListener::handleEvent at JSEventListener.cpp:133
<...> 

> - by now, WebKit has already frozen more or less, e.g. you can't switch to
> another window anymore

This is expected and correct behavior - it's a modal dialog displayed by the page (uncommon on the Web, but there is such a feature). Crashing is not expected or correct, of course.
Comment 3 Alexey Proskuryakov 2009-09-04 13:30:24 PDT 
<rdar://problem/7199915>
Comment 4 Alexey Proskuryakov 2009-09-22 18:21:16 PDT 
*** Bug 29642 has been marked as a duplicate of this bug. ***
Comment 5 Oliver Hunt 2009-09-30 22:44:24 PDT 
Created attachment 40423 [details]
Fix support for return values provided by show modal dialog.
Comment 6 Maciej Stachowiak 2009-09-30 22:45:52 PDT 
Comment on attachment 40423 [details]
Fix support for return values provided by show modal dialog.

r=me

Add an explanation for why it's not possible to make a layout test to the ChangeLog please.
Comment 7 Oliver Hunt 2009-09-30 22:53:52 PDT 
Committed r48960
Comment 8 Oliver Hunt 2009-10-01 15:27:47 PDT 
*** Bug 29962 has been marked as a duplicate of this bug. ***