Bug 129221 - REGRESSION (r164483-r164523) Crash on pages that contain form fields (inside fieldset)
Summary: REGRESSION (r164483-r164523) Crash on pages that contain form fields (inside ...
Status: RESOLVED DUPLICATE of bug 129227
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Critical
Assignee: Nobody
URL: http://shisaku.blogspot.jp
Keywords:
Depends on:
Blocks:
 
Reported: 2014-02-22 17:23 PST by Philippe Wittenbergh
Modified: 2014-02-22 22:18 PST (History)
0 users

See Also:

Attachments
crash log (12.40 KB, text/plain)
2014-02-22 17:23 PST, Philippe Wittenbergh 		no flags Details
minimal testcase (408 bytes, text/html)
2014-02-22 18:35 PST, Philippe Wittenbergh 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Philippe Wittenbergh 2014-02-22 17:23:23 PST 
Created attachment 224986 [details]
crash log

randomly picked URLs that exhibit the issues:

http://shisaku.blogspot.jp
http://l-c-n.com/contact/

load the offending pages, the webkit process crashes and crashes and crashes

The issue started with r164523, r164483 is fine

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x000000010940751e WTFCrash + 62
1   com.apple.JavaScriptCore      	0x00000001090930be JSC::ErrorHandlingScope::ErrorHandlingScope(JSC::VM&) + 62
2   com.apple.JavaScriptCore      	0x00000001092c7896 Inspector::JSGlobalObjectInspectorController::reportAPIException(JSC::ExecState*, JSC::JSValue) + 70
3   com.apple.JavaScriptCore      	0x0000000109298e2b JSValueToObject + 331
4   com.apple.Safari.framework    	0x00007fff8de95a21 controlObject(objc_object*, double, NSString*) + 207
5   com.apple.Safari.framework    	0x00007fff8de95864 FrameMetadata::metadataForAllForms(WBSFormMetadataRequestType) const + 632
6   com.apple.Safari.framework    	0x00007fff8de965f1 -[WBSFormMetadataController recursivelyCollectMetadataInFrame:requestType:frames:formMetadata:] + 184
7   com.apple.Safari.framework    	0x00007fff8de96896 -[WBSFormMetadataController getMetadataForAllFormsInPageWithMainFrame:requestType:frames:formMetadata:] + 109
8   com.apple.Safari.framework    	0x00007fff8dbb4c59 Safari::BrowserBundlePageController::collectFormMetadataForPreFillingForm(Safari::WK::URL const&, Safari::PreFillEvent) + 203
9   com.apple.Safari.framework    	0x00007fff8dbbd2eb Safari::BrowserBundlePageController::handleMessageToPage(Safari::WK::BundlePage const&, Safari::WK::String const&, Safari::WK::Type const&) + 1019
10  com.apple.Safari.framework    	0x00007fff8dbb2699 Safari::BrowserBundleController::dispatchMessageToPage(Safari::WK::BundlePage const&, Safari::WK::String const&, Safari::WK::Type const&) + 25
11  com.apple.Safari.framework    	0x00007fff8dc390a7 Safari::WK::didReceiveMessageToPage(OpaqueWKBundle const*, OpaqueWKBundlePage const*, OpaqueWKString const*, void const*, void const*) + 126
12  com.apple.WebKit2             	0x0000000108b7efb7 WebKit::InjectedBundleClient::didReceiveMessageToPage(WebKit::InjectedBundle*, WebKit::WebPage*, WTF::String const&, API::Object*) + 129
13  com.apple.WebKit2             	0x0000000108c696df WebKit::WebPage::postInjectedBundleMessage(WTF::String const&, IPC::MessageDecoder&) + 91
14  com.apple.WebKit2             	0x0000000108c7eef6 void IPC::handleMessageVariadic<Messages::WebPage::PostInjectedBundleMessage, WebKit::WebPage, void (WebKit::WebPage::*)(WTF::String const&, IPC::MessageDecoder&)>(IPC::MessageDecoder&, WebKit::WebPage*, void (WebKit::WebPage::*)(WTF::String const&, IPC::MessageDecoder&)) + 78
15  com.apple.WebKit2             	0x0000000108c7cfd9 WebKit::WebPage::didReceiveWebPageMessage(IPC::Connection*, IPC::MessageDecoder&) + 5709
16  com.apple.WebKit2             	0x0000000108b8be61 IPC::MessageReceiverMap::dispatchMessage(IPC::Connection*, IPC::MessageDecoder&) + 125
17  com.apple.WebKit2             	0x0000000108cc01cc WebKit::WebProcess::didReceiveMessage(IPC::Connection*, IPC::MessageDecoder&) + 28
18  com.apple.WebKit2             	0x0000000108b3cfb8 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::MessageDecoder, std::__1::default_delete<IPC::MessageDecoder> >) + 94
19  com.apple.WebKit2             	0x0000000108b3f130 IPC::Connection::dispatchOneMessage() + 106
20  com.apple.JavaScriptCore      	0x000000010942e8a2 WTF::RunLoop::performWork() + 850
21  com.apple.JavaScriptCore      	0x000000010942edd2 WTF::RunLoop::performWork(void*) + 34
22  com.apple.CoreFoundation      	0x00007fff8ffdd8f1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
23  com.apple.CoreFoundation      	0x00007fff8ffcf062 __CFRunLoopDoSources0 + 242
24  com.apple.CoreFoundation      	0x00007fff8ffce7ef __CFRunLoopRun + 831
25  com.apple.CoreFoundation      	0x00007fff8ffce275 CFRunLoopRunSpecific + 309
26  com.apple.HIToolbox           	0x00007fff91a6cf0d RunCurrentEventLoopInMode + 226
27  com.apple.HIToolbox           	0x00007fff91a6ccb7 ReceiveNextEventCommon + 479
28  com.apple.HIToolbox           	0x00007fff91a6cabc _BlockUntilNextEventMatchingListInModeWithFilter + 65
29  com.apple.AppKit              	0x00007fff86d1e28e _DPSNextEvent + 1434
30  com.apple.AppKit              	0x00007fff86d1d8db -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 122
31  com.apple.AppKit              	0x00007fff86d119cc -[NSApplication run] + 553
32  com.apple.AppKit              	0x00007fff86cfc803 NSApplicationMain + 940
33  com.apple.XPCService          	0x00007fff9199dc0f _xpc_main + 385
34  libxpc.dylib                  	0x00007fff8f659b2e xpc_main + 399
35  com.apple.WebKit.WebContent.Development	0x00000001057196a0 main + 16
36  libdyld.dylib                 	0x00007fff87ebe5fd start + 1
Comment 1 Philippe Wittenbergh 2014-02-22 18:35:13 PST 
Created attachment 224987 [details]
minimal testcase

This is as minimal as I can get it.
Comment 2 Philippe Wittenbergh 2014-02-22 22:18:58 PST 

*** This bug has been marked as a duplicate of bug 129227 ***