Bug 28948

Summary: reproducible freeze and crash on closing form popup at bosch-home.nl
Product: WebKit Reporter: Julian Gonggrijp <j.gonggrijp>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: cdobson, mathan.arulanandam, oliver
Priority: P1 Keywords: InRadar, NeedsReduction
Version: 528+ (Nightly build)   
Hardware: Mac (Intel)   
OS: OS X 10.5   
URL: http://www.bosch-home.nl/sitemap/quick-links/service/reparaties.html?rw=true
Attachments:
Description Flags
backtrace of the described crash
none
Fix support for return values provided by show modal dialog. mjs: review+

Julian Gonggrijp
Reported 2009-09-03 07:35:56 PDT
I found this bug using Nightly build r48004. To reproduce: - visit http://www.bosch-home.nl/sitemap/quick-links/service/reparaties.html?rw=true - about halfway the page in the wide center column, press the "Online Reparatieformulier" hyperlink; a form will open in a new window - next to the "E-Nr.*" input field, press the button with the downwards arrow symbol; a popup will open with a error message (because you didn't fill out the necessary fields) - by now, WebKit has already frozen more or less, e.g. you can't switch to another window anymore - close the popup with the close button or with the "Sluit Venster" hyperlink; after about a second WebKit crashes. Backtrace is in the attachment. The system console reports that Webkit exited abnormally because of a bus error.
Attachments
backtrace of the described crash (29.33 KB, text/plain)
2009-09-03 07:37 PDT, Julian Gonggrijp 		no flags
Details
Fix support for return values provided by show modal dialog. (2.82 KB, patch)
2009-09-30 22:44 PDT, Oliver Hunt 		mjs: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Julian Gonggrijp
Comment 1 2009-09-03 07:37:48 PDT
Created attachment 38989 [details] backtrace of the described crash
Alexey Proskuryakov
Comment 2 2009-09-04 13:30:04 PDT
Stack trace from debug build: #0 0x009a1af9 in JSC::JSValue::toBoolean at JSCell.h:279 #1 0x00a25069 in cti_op_jtrue at JITStubs.cpp:2281 #2 0x00a23f20 in WTF::doubleHash at HashTable.h:437 #3 0x00a03979 in JSC::JITCode::execute at JITCode.h:79 #4 0x009ef971 in JSC::Interpreter::execute at Interpreter.cpp:721 #5 0x00951d25 in JSC::JSFunction::call at JSFunction.cpp:120 #6 0x00951e01 in JSC::call at CallData.cpp:39 #7 0x03fa19a3 in WebCore::JSEventListener::handleEvent at JSEventListener.cpp:133 <...> > - by now, WebKit has already frozen more or less, e.g. you can't switch to > another window anymore This is expected and correct behavior - it's a modal dialog displayed by the page (uncommon on the Web, but there is such a feature). Crashing is not expected or correct, of course.
Alexey Proskuryakov
Comment 3 2009-09-04 13:30:24 PDT
<rdar://problem/7199915>
Alexey Proskuryakov
Comment 4 2009-09-22 18:21:16 PDT
*** Bug 29642 has been marked as a duplicate of this bug. ***
Oliver Hunt
Comment 5 2009-09-30 22:44:24 PDT
Created attachment 40423 [details] Fix support for return values provided by show modal dialog.
Maciej Stachowiak
Comment 6 2009-09-30 22:45:52 PDT
Comment on attachment 40423 [details] Fix support for return values provided by show modal dialog. r=me Add an explanation for why it's not possible to make a layout test to the ChangeLog please.
Oliver Hunt
Comment 7 2009-09-30 22:53:52 PDT
Committed r48960
Oliver Hunt
Comment 8 2009-10-01 15:27:47 PDT
*** Bug 29962 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.