RESOLVED FIXED 232112
RELEASE_ASSERT(result) under FormSubmission::create() 
https://bugs.webkit.org/show_bug.cgi?id=232112
Summary RELEASE_ASSERT(result) under FormSubmission::create()
Chris Dumez
Reported 2021-10-21 15:30:13 PDT
RELEASE_ASSERT(result) under FormSubmission::create(): Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 JavaScriptCore 0x132e93e7e WTFCrash + 14 1 WebCore 0x14dd8da1b WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:732) 2 WebCore 0x1519376d0 WebCore::FormSubmission::create(WebCore::HTMLFormElement&, WebCore::HTMLFormControlElement*, WebCore::FormSubmission::Attributes const&, WebCore::Event*, WebCore::LockHistory, WebCore::FormSubmissionTrigger) + 1616 (FormSubmission.cpp:216) 3 WebCore 0x1512381f5 WebCore::HTMLFormElement::submit(WebCore::Event*, bool, bool, WebCore::FormSubmissionTrigger, WebCore::HTMLFormControlElement*) + 389 (HTMLFormElement.cpp:401) 4 WebCore 0x1512383af WebCore::HTMLFormElement::submitFromJavaScript() + 63 (HTMLFormElement.cpp:314) 5 WebCore 0x14e9cbd18 WebCore::jsHTMLFormElementPrototypeFunction_submitBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSHTMLFormElement*)::'lambda'()::operator()() const + 24 (JSHTMLFormElement.cpp:630) 6 WebCore 0x14e9cbced JSC::JSValue WebCore::toJS<WebCore::IDLUndefined, WebCore::jsHTMLFormElementPrototypeFunction_submitBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSHTMLFormElement*)::'lambda'()>(JSC::JSGlobalObject&, JSC::ThrowScope&, WebCore::jsHTMLFormElementPrototypeFunction_submitBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSHTMLFormElement*)::'lambda'()&&) + 29 (JSDOMConvertBase.h:165) 7 WebCore 0x14e9cbc51 WebCore::jsHTMLFormElementPrototypeFunction_submitBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSHTMLFormElement*) + 193 (JSHTMLFormElement.cpp:630) 8 WebCore 0x14e9cbb5d long long WebCore::IDLOperation<WebCore::JSHTMLFormElement>::call<&(WebCore::jsHTMLFormElementPrototypeFunction_submitBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSHTMLFormElement*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) + 685 (JSDOMOperation.h:63) 9 WebCore 0x14e9cb7e4 WebCore::jsHTMLFormElementPrototypeFunction_submit(JSC::JSGlobalObject*, JSC::CallFrame*) + 36 (JSHTMLFormElement.cpp:635) 10 ??? 0x2e8f49a011d8 ??? 11 JavaScriptCore 0x1334d3449 llint_entry + 145535 (LowLevelInterpreter.asm:1177) 12 JavaScriptCore 0x1334af8d0 vmEntryToJavaScript + 289 (LowLevelInterpreter64.asm:316) 13 JavaScriptCore 0x13437d8d5 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 229 (JITCodeInlines.h:42) 14 JavaScriptCore 0x13437e093 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1811 (Interpreter.cpp:963) 15 JavaScriptCore 0x13473dd7a JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 218 (CallData.cpp:57) 16 JavaScriptCore 0x13473de5d JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 205 (CallData.cpp:64) 17 JavaScriptCore 0x13473e11d JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 125 (CallData.cpp:85) 18 WebCore 0x1506d0c3c WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 108 (JSExecState.h:73) 19 WebCore 0x1506eff3f WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 2191 (JSEventListener.cpp:186) 20 WebCore 0x150e7faee WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) + 1022 (EventTarget.cpp:344) 21 WebCore 0x150e7f576 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 342 (EventTarget.cpp:276) 22 WebCore 0x150e5bad9 WebCore::EventContext::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) const + 889 (EventContext.cpp:95) 23 WebCore 0x150e76886 WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) + 374 (EventDispatcher.cpp:107) 24 WebCore 0x150e760af WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) + 1087 (EventDispatcher.cpp:188) 25 WebCore 0x150efb67d WebCore::Node::dispatchEvent(WebCore::Event&) + 29 (Node.cpp:2384) 26 WebCore 0x15123bfa0 WebCore::HTMLFormElement::constructEntryList(WTF::Ref<WebCore::DOMFormData, WTF::RawPtrTraits<WebCore::DOMFormData> >&&, WTF::Vector<std::__1::pair<WTF::String, WTF::String>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WebCore::HTMLFormElement::IsMultipartForm) + 736 (HTMLFormElement.cpp:988) 27 WebCore 0x151191606 WebCore::DOMFormData::create(WebCore::HTMLFormElement*) + 150 (DOMFormData.cpp:51) 28 WebCore 0x14e4f65cb WebCore::JSDOMConstructor<WebCore::JSDOMFormData>::construct(JSC::JSGlobalObject*, JSC::CallFrame*) + 715 (JSDOMFormData.cpp:124)
Attachments
Patch (4.58 KB, patch)
2021-10-21 15:41 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2021-10-21 15:41:54 PDT
Created attachment 442077 [details] Patch
Geoffrey Garen
Comment 2 2021-10-21 16:44:03 PDT
Comment on attachment 442077 [details] Patch r=me
EWS
Comment 3 2021-10-21 17:09:42 PDT
Committed r284656 (243376@main): <https://commits.webkit.org/243376@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 442077 [details].
Radar WebKit Bug Importer
Comment 4 2021-10-21 17:10:16 PDT
<rdar://problem/84529237>
Note You need to log in before you can comment on or make changes to this bug.