RESOLVED FIXED 81488
Empty beforeload event listener makes web process crash when visting this web page 
https://bugs.webkit.org/show_bug.cgi?id=81488
Summary Empty beforeload event listener makes web process crash when visting this web...
Marc Hoyois
Reported 2012-03-18 21:12:08 PDT
Created attachment 132538 [details] Minimal extension that causes the crash Overview: The presence of any beforeload event listener makes Safari's web process crash when visting http://www.zennioptical.com/. Steps to reproduce: !! WEB PROCESS WILL CRASH AND ALL TABS WILL RELOAD WHEN YOU DO THIS !! 1. Install the attached minimal extension, which has the following injected script: function handleBeforeLoadEvent(event) {} document.addEventListener("beforeload", handleBeforeLoadEvent, true); (This will also work with any of the standard extensions that use beforeload, obviously.) 2. Visit http://www.zennioptical.com/. 3. Wait a few seconds and observe the crash! Build date & platform: tested with Safari 5.2 and nightly build 7535.18.5, 536+. Happens in Safari 5.1.4 as well.
Attachments
Minimal extension that causes the crash (5.00 KB, application/octet-stream)
2012-03-18 21:12 PDT, Marc Hoyois 		no flags
Details
Crash log (54.06 KB, text/plain)
2012-03-19 11:08 PDT, Marc Hoyois 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2012-03-19 10:52:52 PDT
Could you please attach a crash log?
Marc Hoyois
Comment 2 2012-03-19 11:08:44 PDT
Created attachment 132611 [details] Crash log
Alexey Proskuryakov
Comment 3 2012-03-19 11:15:28 PDT
0 com.apple.JavaScriptCore 0x00007fff924620e8 JSC::Weak<JSC::JSCell>::Weak(JSC::JSGlobalData&, JSC::JSCell*, JSC::WeakHandleOwner*, void*) + 56 1 com.apple.JavaScriptCore 0x00007fff92462001 JSC::Heap::addFinalizer(JSC::JSCell*, void (*)(JSC::JSCell*)) + 33 2 com.apple.JavaScriptCore 0x00007fff923f07b4 JSC::evaluate(JSC::ExecState*, JSC::ScopeChainNode*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 148
Marc Hoyois
Comment 4 2012-07-23 10:39:26 PDT
It doesn't crash anymore, so I assume the bug was fixed.
Note You need to log in before you can comment on or make changes to this bug.