RESOLVED INVALID 3683
<input type="text" onblur="alert('bye!')"> crashes Safari if the <input> still has focus and the tab containing it is closed 
https://bugs.webkit.org/show_bug.cgi?id=3683
Summary <input type="text" onblur="alert('bye!')"> crashes Safari if the <input> stil...
Beau Hartshorne
Reported 2005-06-23 10:12:19 PDT
An HTML file containing just <input type="text" onblur="alert('bye!')"> will crash Safari if the input element has focus when its containing tab is closed. This happens if I use command-W to close the tab or if I click on the X to close the tab. This happens with a file containing just the <input> tag (attached as simple.html), or with a valid HTML document containing the <input> tag (attached as valid_simple.html). I can reproduce this in Safari 2.0 (412), and in the latest WebKit build as of this morning. If I click on a new tab while the <input> has focus, Safari doesn't crash but the UI does not render the new tab correctly. If you click on the new tab again, it will render correctly, and Safari does not crash. I took a screenshot and attached this as bad_ui.png.
Attachments
Simplest HTML that will crash safari (42 bytes, text/html)
2005-06-23 10:13 PDT, Beau Hartshorne 		no flags
Details
Simplest valid HTML that will crash Safari (220 bytes, text/html)
2005-06-23 10:13 PDT, Beau Hartshorne 		no flags
Details
What happens if you click on another tab (123.62 KB, image/png)
2005-06-23 10:14 PDT, Beau Hartshorne 		no flags
Details
The crash log (19.74 KB, text/plain)
2005-06-23 10:16 PDT, Beau Hartshorne 		no flags
Details
Latest crash log (20.86 KB, text/plain)
2005-07-05 10:32 PDT, Beau Hartshorne 		no flags
Details
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Beau Hartshorne
Comment 1 2005-06-23 10:13:17 PDT
Created attachment 2592 [details] Simplest HTML that will crash safari
Beau Hartshorne
Comment 2 2005-06-23 10:13:46 PDT
Created attachment 2593 [details] Simplest valid HTML that will crash Safari
Beau Hartshorne
Comment 3 2005-06-23 10:14:35 PDT
Created attachment 2594 [details] What happens if you click on another tab
Beau Hartshorne
Comment 4 2005-06-23 10:16:02 PDT
Created attachment 2595 [details] The crash log
Joost de Valk (AlthA)
Comment 5 2005-06-23 10:19:14 PDT
very good testcase and bug report. Confirmed on tot build 2 minutes ago.
Joost de Valk (AlthA)
Comment 6 2005-06-23 10:19:51 PDT
making it p1 since it's a reproducible crash.
Chris Petersen
Comment 7 2005-07-03 22:02:29 PDT
I can't reproduce this crash on the latest TOT Webkit.
Beau Hartshorne
Comment 8 2005-07-05 10:30:42 PDT
I missed one important detail in my bug report: you need to have at least one other tab open to produce the crash. If you just close the entire Safari window by clicking on the red button or quitting or using the close menu item, Safari will not crash. You need to close the tab contaning an input element that has focus and has an onblur attribute set. I tried this against the TOT, and attached the latest crash log.
Beau Hartshorne
Comment 9 2005-07-05 10:32:10 PDT
Created attachment 2818 [details] Latest crash log
Joost de Valk (AlthA)
Comment 10 2005-07-05 12:48:55 PDT
OK confirmed. Changed component to forms, made it a p1 crit since this will probably happen often. Reassigning to forms component owner. (prolly Hyatt as well ;) )
mitz
Comment 11 2005-09-22 23:32:23 PDT
Is this a WebKit bug? The backtrace doesn't contain WebKit at all.
Alice Liu
Comment 12 2005-11-04 11:59:11 PST
able to reproduce in Safari Version 2.0.2 (416.12) but unable to reproduce in Version 2.0.1 (420+)
Anders Carlsson
Comment 13 2005-12-04 13:00:51 PST
*** This bug has been marked as a duplicate of 4194 ***
Johan Bergström
Comment 14 2006-02-03 05:18:30 PST
This can't be a duplicate since this crashes in ToT and test case for #4194 doesn't. Opening this again seems like a healthy decision.
Alexey Proskuryakov
Comment 15 2006-02-03 09:24:19 PST
Yes, I can also reproduce this on ToT. Reopening.
John Sullivan
Comment 16 2006-02-03 11:01:02 PST
This might be a bug in AppKit, or in Safari. But it also might be the case that WebKit is over-releasing some object, or not calling some required AppKit method, leaving the view hierarchy in a bad state.
John Sullivan
Comment 17 2006-02-03 11:14:47 PST
I can reproduce this crash using TOT WebKit and Safari-417.8 on 10.4.4. However, I cannot reproduce it using TOT WebKit *and* TOT Safari (which the open source community doesn't have access to). I don't know what was causing this, but it does appear to be at least partially a Safari issue, and one that has been fixed. Our general rule of thumb is to mark bugs INVALID if they're not WebKit issues, so that's probably what we should do here. But first I'd like to make sure someone else can reproduce my findings. Chris, can you try?
Chris Petersen
Comment 18 2006-02-03 13:40:47 PST
I can confirm this too. Based on the steps provided, I can only reproduce with TOT WebKit/Safari (417.8) but not with TOT WebKit/TOT Safari. Assigning back to John.
Alice Liu
Comment 19 2006-03-20 08:48:43 PST
I'm marking this as INVALID as John recommended.
Note You need to log in before you can comment on or make changes to this bug.