RESOLVED DUPLICATE of bug 46088 57431
Crash when dynamically adding input fields with certain css and attributes to a div 
https://bugs.webkit.org/show_bug.cgi?id=57431
Summary Crash when dynamically adding input fields with certain css and attributes to...
johan
Reported 2011-03-30 00:59:46 PDT
The fiddle that is available in the url shows how webkit crashes when I dynamically add input fields to a div. On Webkit or Safari, it takes a couple of seconds before it crashes. On Chrome, I get the 'aw snap' page. I just tried it on the Webkit nightly build of March 30th 2011. The first link in the page makes webkit crash. This one adds two input fields to the page using jquery. The second link makes the password input field appear twice on the same page. Although only a single one exists in the DOM. The difference is that we left out the label of the password field. The third link makes it work. Here, we removed the autofocus attribute from the first input field. If we remove the css, it works as well. However, all the above are workarounds trying to circumvent a problem I am unable to pinpoint, but which seems to be in webkit.
Attachments
self-contained testcase (1.90 KB, text/html)
2011-03-30 10:16 PDT, johan 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2011-03-30 10:06:01 PDT
Could you please attach a self-contained test case to this Bugzilla bug? It's better to have everything pertinent to an issue in one place, not on 3rd party servers. Asserts with a debug build of ToT: ASSERTION FAILED: !renderer() /Users/ap/Safari/OpenSource/Source/WebCore/dom/Node.cpp(1449) : void WebCore::Node::createRendererIfNeeded() 1 WebCore::Node::createRendererIfNeeded() 2 WebCore::Element::attach() 3 WebCore::ContainerNode::attach() 4 WebCore::Element::attach() 5 WebCore::HTMLFormControlElement::attach() 6 WebCore::ContainerNode::appendChild(WTF::PassRefPtr<WebCore::Node>, int&, bool) 7 WebCore::replaceChildrenWithFragment(WebCore::HTMLElement*, WTF::PassRefPtr<WebCore::DocumentFragment>, int&) 8 WebCore::HTMLElement::setInnerHTML(WTF::String const&, int&) 9 WebCore::setJSHTMLElementInnerHTML(JSC::ExecState*, JSC::JSObject*, JSC::JSValue) 10 bool JSC::lookupPut<WebCore::JSHTMLElement>(JSC::ExecState*, JSC::Identifier const&, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLElement*) 11 void JSC::lookupPut<WebCore::JSHTMLElement, WebCore::JSElement>(JSC::ExecState*, JSC::Identifier const&, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLElement*, JSC::PutPropertySlot&) <...>
johan
Comment 2 2011-03-30 10:16:04 PDT
Created attachment 87559 [details] self-contained testcase
Kent Tamura
Comment 3 2011-03-30 21:38:01 PDT
This is a variant of the autofocus issue, Bug 46088. I confirmed a patch in Bug 46088 fixed the problem in the attachment johan posted. However some reviewers didn't like the patches in Bug 46088. Do you have any good idea to fix this issue?
Kent Tamura
Comment 4 2011-03-30 21:38:33 PDT
*** This bug has been marked as a duplicate of bug 46088 ***
Note You need to log in before you can comment on or make changes to this bug.