Bug 232112 - RELEASE_ASSERT(result) under FormSubmission::create()
Summary: RELEASE_ASSERT(result) under FormSubmission::create()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Forms (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on:
Blocks: 232117
  Show dependency treegraph
 
Reported: 2021-10-21 15:30 PDT by Chris Dumez
Modified: 2021-10-21 17:10 PDT (History)
13 users (show)

See Also:


Attachments
Patch (4.58 KB, patch)
2021-10-21 15:41 PDT, Chris Dumez
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2021-10-21 15:30:13 PDT
RELEASE_ASSERT(result) under FormSubmission::create():
Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   JavaScriptCore                	       0x132e93e7e WTFCrash + 14
1   WebCore                       	       0x14dd8da1b WTFCrashWithInfo(int, char const*, char const*, int) + 27 (Assertions.h:732)
2   WebCore                       	       0x1519376d0 WebCore::FormSubmission::create(WebCore::HTMLFormElement&, WebCore::HTMLFormControlElement*, WebCore::FormSubmission::Attributes const&, WebCore::Event*, WebCore::LockHistory, WebCore::FormSubmissionTrigger) + 1616 (FormSubmission.cpp:216)
3   WebCore                       	       0x1512381f5 WebCore::HTMLFormElement::submit(WebCore::Event*, bool, bool, WebCore::FormSubmissionTrigger, WebCore::HTMLFormControlElement*) + 389 (HTMLFormElement.cpp:401)
4   WebCore                       	       0x1512383af WebCore::HTMLFormElement::submitFromJavaScript() + 63 (HTMLFormElement.cpp:314)
5   WebCore                       	       0x14e9cbd18 WebCore::jsHTMLFormElementPrototypeFunction_submitBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSHTMLFormElement*)::'lambda'()::operator()() const + 24 (JSHTMLFormElement.cpp:630)
6   WebCore                       	       0x14e9cbced JSC::JSValue WebCore::toJS<WebCore::IDLUndefined, WebCore::jsHTMLFormElementPrototypeFunction_submitBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSHTMLFormElement*)::'lambda'()>(JSC::JSGlobalObject&, JSC::ThrowScope&, WebCore::jsHTMLFormElementPrototypeFunction_submitBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSHTMLFormElement*)::'lambda'()&&) + 29 (JSDOMConvertBase.h:165)
7   WebCore                       	       0x14e9cbc51 WebCore::jsHTMLFormElementPrototypeFunction_submitBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSHTMLFormElement*) + 193 (JSHTMLFormElement.cpp:630)
8   WebCore                       	       0x14e9cbb5d long long WebCore::IDLOperation<WebCore::JSHTMLFormElement>::call<&(WebCore::jsHTMLFormElementPrototypeFunction_submitBody(JSC::JSGlobalObject*, JSC::CallFrame*, WebCore::JSHTMLFormElement*)), (WebCore::CastedThisErrorBehavior)0>(JSC::JSGlobalObject&, JSC::CallFrame&, char const*) + 685 (JSDOMOperation.h:63)
9   WebCore                       	       0x14e9cb7e4 WebCore::jsHTMLFormElementPrototypeFunction_submit(JSC::JSGlobalObject*, JSC::CallFrame*) + 36 (JSHTMLFormElement.cpp:635)
10  ???                           	    0x2e8f49a011d8 ???
11  JavaScriptCore                	       0x1334d3449 llint_entry + 145535 (LowLevelInterpreter.asm:1177)
12  JavaScriptCore                	       0x1334af8d0 vmEntryToJavaScript + 289 (LowLevelInterpreter64.asm:316)
13  JavaScriptCore                	       0x13437d8d5 JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) + 229 (JITCodeInlines.h:42)
14  JavaScriptCore                	       0x13437e093 JSC::Interpreter::executeCall(JSC::JSGlobalObject*, JSC::JSObject*, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1811 (Interpreter.cpp:963)
15  JavaScriptCore                	       0x13473dd7a JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 218 (CallData.cpp:57)
16  JavaScriptCore                	       0x13473de5d JSC::call(JSC::JSGlobalObject*, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 205 (CallData.cpp:64)
17  JavaScriptCore                	       0x13473e11d JSC::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 125 (CallData.cpp:85)
18  WebCore                       	       0x1506d0c3c WebCore::JSExecState::profiledCall(JSC::JSGlobalObject*, JSC::ProfilingReason, JSC::JSValue, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&, WTF::NakedPtr<JSC::Exception>&) + 108 (JSExecState.h:73)
19  WebCore                       	       0x1506eff3f WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext&, WebCore::Event&) + 2191 (JSEventListener.cpp:186)
20  WebCore                       	       0x150e7faee WebCore::EventTarget::innerInvokeEventListeners(WebCore::Event&, WTF::Vector<WTF::RefPtr<WebCore::RegisteredEventListener, WTF::RawPtrTraits<WebCore::RegisteredEventListener>, WTF::DefaultRefDerefTraits<WebCore::RegisteredEventListener> >, 1ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>, WebCore::EventTarget::EventInvokePhase) + 1022 (EventTarget.cpp:344)
21  WebCore                       	       0x150e7f576 WebCore::EventTarget::fireEventListeners(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) + 342 (EventTarget.cpp:276)
22  WebCore                       	       0x150e5bad9 WebCore::EventContext::handleLocalEvents(WebCore::Event&, WebCore::EventTarget::EventInvokePhase) const + 889 (EventContext.cpp:95)
23  WebCore                       	       0x150e76886 WebCore::dispatchEventInDOM(WebCore::Event&, WebCore::EventPath const&) + 374 (EventDispatcher.cpp:107)
24  WebCore                       	       0x150e760af WebCore::EventDispatcher::dispatchEvent(WebCore::Node&, WebCore::Event&) + 1087 (EventDispatcher.cpp:188)
25  WebCore                       	       0x150efb67d WebCore::Node::dispatchEvent(WebCore::Event&) + 29 (Node.cpp:2384)
26  WebCore                       	       0x15123bfa0 WebCore::HTMLFormElement::constructEntryList(WTF::Ref<WebCore::DOMFormData, WTF::RawPtrTraits<WebCore::DOMFormData> >&&, WTF::Vector<std::__1::pair<WTF::String, WTF::String>, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WebCore::HTMLFormElement::IsMultipartForm) + 736 (HTMLFormElement.cpp:988)
27  WebCore                       	       0x151191606 WebCore::DOMFormData::create(WebCore::HTMLFormElement*) + 150 (DOMFormData.cpp:51)
28  WebCore                       	       0x14e4f65cb WebCore::JSDOMConstructor<WebCore::JSDOMFormData>::construct(JSC::JSGlobalObject*, JSC::CallFrame*) + 715 (JSDOMFormData.cpp:124)
Comment 1 Chris Dumez 2021-10-21 15:41:54 PDT
Created attachment 442077 [details]
Patch
Comment 2 Geoffrey Garen 2021-10-21 16:44:03 PDT
Comment on attachment 442077 [details]
Patch

r=me
Comment 3 EWS 2021-10-21 17:09:42 PDT
Committed r284656 (243376@main): <https://commits.webkit.org/243376@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 442077 [details].
Comment 4 Radar WebKit Bug Importer 2021-10-21 17:10:16 PDT
<rdar://problem/84529237>