Summary: | Crash at RenderObject::childAt during JustifyCenter | ||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Eric Seidel (no email) <eric> | ||||||||||||
Component: | HTML Editing | Assignee: | Nobody <webkit-unassigned> | ||||||||||||
Status: | RESOLVED FIXED | ||||||||||||||
Severity: | Normal | CC: | justin.garcia | ||||||||||||
Priority: | P1 | ||||||||||||||
Version: | 528+ (Nightly build) | ||||||||||||||
Hardware: | Mac | ||||||||||||||
OS: | OS X 10.5 | ||||||||||||||
Bug Depends on: | |||||||||||||||
Bug Blocks: | 18858 | ||||||||||||||
Attachments: |
|
Description
Eric Seidel (no email)
2008-06-09 18:27:39 PDT
I have the sequence of 91001 editing commands needed saved on my machine. I'll reduce it later. Created attachment 21601 [details]
test case (crashes Safari)
The sequence of crashing commands is:
doc.designMode = 'on';
doc.execCommand('inserthorizontalrule', 0, 'data:text/html,<h1>hello</h1>');
doc.execCommand('insertparagraph', 1, 'data:text/html,<h1>hello</h1>');
doc.execCommand('delete', 0, '<iframe src=about:blank>');
doc.execCommand('inserthorizontalrule', 1, '</td>');
doc.execCommand('justifycenter', 0, '<pre>');
doc.execCommand('formatblock', 0, '<pre>');
doc.execCommand('inserthorizontalrule', 0, 'courier');
doc.execCommand('insertparagraph', 0, '<pre>');
doc.execCommand('selectall', 0, '<iframe src=about:blank>');
doc.execCommand('createLink', 1, '<td>');
doc.execCommand('selectall', 1, '<table>');
doc.execCommand('justifycenter', 1, '');
Bah. Actually, my reduced version crashes in a slightly different place: Process: Safari [2024] Path: /Applications/Safari.app/Contents/MacOS/Safari Identifier: com.apple.Safari Version: 3.1.1 (5525.20) Build Info: WebBrowser-55252000~1 Code Type: X86 (Native) Parent Process: perl [2018] Date/Time: 2008-06-09 23:48:35.985 -0700 OS Version: Mac OS X 10.5.3 (9D34) Report Version: 6 Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000000 Crashed Thread: 0 Thread 0 Crashed: 0 ??? 0000000000 0 + 0 1 com.apple.WebCore 0x0290a73f WebCore::rendererAfterPosition(WebCore::RenderObject*, unsigned int) + 39 (RenderView.cpp:233) 2 com.apple.WebCore 0x0290ba0f WebCore::RenderView::setSelection(WebCore::RenderObject*, int, WebCore::RenderObject*, int) + 229 (RenderView.cpp:304) 3 com.apple.WebCore 0x026076ef WebCore::Frame::selectionLayoutChanged() + 999 (Frame.cpp:631) 4 com.apple.WebCore 0x0260779a WebCore::Frame::invalidateSelection() + 44 (Frame.cpp:524) 5 com.apple.WebCore 0x02632087 WebCore::FrameView::layout(bool) + 2161 (FrameView.cpp:491) 6 com.apple.WebCore 0x02578df3 WebCore::Document::updateLayout() + 175 (Document.cpp:1198) 7 com.apple.WebCore 0x02587021 WebCore::Document::updateLayoutIgnorePendingStylesheets() + 199 (Document.cpp:1230) 8 com.apple.WebCore 0x02a70e4b WebCore::VisiblePosition::canonicalPosition(WebCore::Position const&) + 71 (VisiblePosition.cpp:464) 9 com.apple.WebCore 0x02a7124a WebCore::VisiblePosition::init(WebCore::Position const&, WebCore::EAffinity) + 40 (VisiblePosition.cpp:60) 10 com.apple.WebCore 0x02a7131a WebCore::VisiblePosition::VisiblePosition(WebCore::Position const&, WebCore::EAffinity) + 42 11 com.apple.WebCore 0x02a38db2 WebCore::Selection::validate() + 90 (Selection.cpp:201) 12 com.apple.WebCore 0x02a3a48d WebCore::Selection::Selection(WebCore::Position const&, WebCore::Position const&, WebCore::EAffinity) + 103 13 com.apple.WebCore 0x02432ba1 WebCore::ApplyStyleCommand::updateStartEnd(WebCore::Position const&, WebCore::Position const&) + 227 (ApplyStyleCommand.cpp:316) 14 com.apple.WebCore 0x02439376 WebCore::ApplyStyleCommand::applyBlockStyle(WebCore::CSSMutableStyleDeclaration*) + 2040 (ApplyStyleCommand.cpp:419) 15 com.apple.WebCore 0x024395eb WebCore::ApplyStyleCommand::doApply() + 481 (ApplyStyleCommand.cpp:360) 16 com.apple.WebCore 0x025b1b98 WebCore::EditCommand::apply() + 408 (EditCommand.cpp:96) 17 com.apple.WebCore 0x025b1c9d WebCore::applyCommand(WTF::PassRefPtr<WebCore::EditCommand>) + 25 (EditCommand.cpp:253) 18 com.apple.WebCore 0x025b485a WebCore::Editor::applyParagraphStyle(WebCore::CSSStyleDeclaration*, WebCore::EditAction) + 200 (Editor.cpp:625) 19 com.apple.WebCore 0x025bd822 WebCore::executeApplyParagraphStyle(WebCore::Frame*, WebCore::EditorCommandSource, WebCore::EditAction, int, WebCore::String const&) + 176 (EditorCommand.cpp:160) 20 com.apple.WebCore 0x025bf5f6 WebCore::executeJustifyCenter(WebCore::Frame*, WebCore::Event*, WebCore::EditorCommandSource, WebCore::String const&) + 76 (EditorCommand.cpp:510) 21 com.apple.WebCore 0x025bd4e4 WebCore::Editor::Command::execute(WebCore::String const&, WebCore::Event*) const + 210 (EditorCommand.cpp:1371) 22 com.apple.WebCore 0x0257a322 WebCore::Document::execCommand(WebCore::String const&, bool, WebCore::String const&) + 62 (Document.cpp:3089) 23 com.apple.WebCore 0x02737d97 WebCore::jsDocumentPrototypeFunctionExecCommand(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 299 (JSDocument.cpp:800) 24 com.apple.JavaScriptCore 0x004343d4 KJS::PrototypeFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 34 (function.cpp:734) 25 com.apple.JavaScriptCore 0x004d2fe3 KJS::Machine::privateExecute(KJS::Machine::ExecutionFlag, KJS::ExecState*, KJS::RegisterFile*, KJS::Register*, KJS::ScopeChainNode*, KJS::CodeBlock*, KJS::JSValue**) + 23273 (Machine.cpp:2093) 26 com.apple.JavaScriptCore 0x004d4b27 KJS::Machine::execute(KJS::FunctionBodyNode*, KJS::ExecState*, KJS::FunctionImp*, KJS::JSObject*, KJS::List const&, KJS::RegisterFileStack*, KJS::ScopeChainNode*, KJS::JSValue**) + 681 (Machine.cpp:733) 27 com.apple.JavaScriptCore 0x0043fde1 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 321 (function.cpp:95) 28 com.apple.WebCore 0x02ac78d4 WebCore::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 664 (kjs_events.cpp:93) 29 com.apple.WebCore 0x025d7b27 WebCore::EventTarget::handleLocalEvents(WebCore::EventTargetNode*, WebCore::Event*, bool) + 385 (EventTarget.cpp:311) 30 com.apple.WebCore 0x025d8bf4 WebCore::EventTargetNode::handleLocalEvents(WebCore::Event*, bool) + 118 (EventTargetNode.cpp:106) 31 com.apple.WebCore 0x025d8011 WebCore::EventTarget::dispatchGenericEvent(WebCore::EventTargetNode*, WTF::PassRefPtr<WebCore::Event>, int&, bool) + 769 (EventTarget.cpp:191) 32 com.apple.WebCore 0x025d91c4 WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 364 (EventTargetNode.cpp:121) 33 com.apple.WebCore 0x025d9c63 WebCore::EventTargetNode::dispatchMouseEvent(WebCore::AtomicString const&, int, int, int, int, int, int, bool, bool, bool, bool, bool, WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) + 697 (EventTargetNode.cpp:296) 34 com.apple.WebCore 0x025da423 WebCore::EventTargetNode::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WebCore::AtomicString const&, int, WebCore::Node*) + 497 (EventTargetNode.cpp:214) 35 com.apple.WebCore 0x025cf2c2 WebCore::EventHandler::dispatchMouseEvent(WebCore::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 148 (EventHandler.cpp:1278) 36 com.apple.WebCore 0x025cfb1a WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&) + 900 (EventHandler.cpp:1100) 37 com.apple.WebCore 0x025d546f WebCore::EventHandler::mouseUp(NSEvent*) + 435 (EventHandlerMac.mm:541) 38 com.apple.WebKit 0x001d3264 -[WebHTMLView mouseUp:] + 274 (WebHTMLView.mm:3244) 39 com.apple.WebCore 0x025d448c WebCore::EventHandler::passSubframeEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*, WebCore::HitTestResult*) + 968 (EventHandlerMac.mm:427) 40 com.apple.WebCore 0x025d505f WebCore::EventHandler::passMouseReleaseEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*) + 39 (EventHandlerMac.mm:645) 41 com.apple.WebCore 0x025cf9e7 WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&) + 593 (EventHandler.cpp:1090) 42 com.apple.WebCore 0x025d546f WebCore::EventHandler::mouseUp(NSEvent*) + 435 (EventHandlerMac.mm:541) 43 com.apple.WebKit 0x001d3264 -[WebHTMLView mouseUp:] + 274 (WebHTMLView.mm:3244) 44 com.apple.AppKit 0x937a2929 -[NSWindow sendEvent:] + 5539 45 com.apple.Safari 0x0002bb53 0x1000 + 174931 46 com.apple.AppKit 0x9376f431 -[NSApplication sendEvent:] + 2941 47 com.apple.Safari 0x0002b5d8 0x1000 + 173528 48 com.apple.AppKit 0x936cce27 -[NSApplication run] + 847 49 com.apple.AppKit 0x9369a030 NSApplicationMain + 574 50 com.apple.Safari 0x000ba4d6 0x1000 + 758998 Thread 1: 0 libSystem.B.dylib 0x970db68e __semwait_signal + 10 1 libSystem.B.dylib 0x9710636d pthread_cond_wait$UNIX2003 + 73 2 com.apple.JavaScriptCore 0x004e22d3 WTF::ThreadCondition::wait(WTF::Mutex&) + 39 (ThreadingPthreads.cpp:207) 3 com.apple.WebCore 0x026ca735 WebCore::IconDatabase::syncThreadMainLoop() + 641 (IconDatabase.cpp:1313) 4 com.apple.WebCore 0x026cac18 WebCore::IconDatabase::iconDatabaseSyncThread() + 1198 (IconDatabase.cpp:1015) 5 com.apple.WebCore 0x026cac47 WebCore::IconDatabase::iconDatabaseSyncThreadStart(void*) + 23 (IconDatabase.cpp:919) 6 libSystem.B.dylib 0x971056f5 _pthread_start + 321 7 libSystem.B.dylib 0x971055b2 thread_start + 34 Thread 2: 0 libSystem.B.dylib 0x970d44a6 mach_msg_trap + 10 1 libSystem.B.dylib 0x970dbc9c mach_msg + 72 2 com.apple.CoreFoundation 0x9689d0be CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x9689dcf8 CFRunLoopRunInMode + 88 4 com.apple.CFNetwork 0x96735afe CFURLCacheWorkerThread(void*) + 396 5 libSystem.B.dylib 0x971056f5 _pthread_start + 321 6 libSystem.B.dylib 0x971055b2 thread_start + 34 Thread 3: 0 libSystem.B.dylib 0x970d44a6 mach_msg_trap + 10 1 libSystem.B.dylib 0x970dbc9c mach_msg + 72 2 com.apple.CoreFoundation 0x9689d0be CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x9689dcf8 CFRunLoopRunInMode + 88 4 com.apple.Foundation 0x959b6460 +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] + 320 5 com.apple.Foundation 0x95952f1d -[NSThread main] + 45 6 com.apple.Foundation 0x95952ac4 __NSThread__main__ + 308 7 libSystem.B.dylib 0x971056f5 _pthread_start + 321 8 libSystem.B.dylib 0x971055b2 thread_start + 34 Thread 0 crashed with X86 Thread State (32-bit): eax: 0x1a04acbc ebx: 0x02631827 ecx: 0x9044de20 edx: 0x00000000 edi: 0x0512ca00 esi: 0x00000000 ebp: 0xbfffc728 esp: 0xbfffc6fc ss: 0x0000001f efl: 0x00010206 eip: 0x00000000 cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 cr2: 0x00000000 Binary Images: 0x1000 - 0x133fef com.apple.Safari 3.1.1 (5525.20) <4869cc1f3ee39145836097e9470d9036> /Applications/Safari.app/Contents/MacOS/Safari 0x17b000 - 0x290fef com.apple.WebKit 527+ (527+) <3be5ccc46bef504fd36d588d1f1d4e56> /Users/eseidel/Projects/build/Debug/WebKit.framework/Versions/A/WebKit 0x413000 - 0x422ff8 SyndicationUI ??? (???) <edde0133829971dbd8a0f3473cdb85fc> /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI 0x432000 - 0x51efe4 com.apple.JavaScriptCore 527+ (527+) <0e08310aaf8b461871715211c2d0aa68> /Users/eseidel/Projects/build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x800000 - 0x90afef com.apple.RawCamera.bundle 2.0.5 (2.0.5) /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera 0xad3000 - 0xad8ff3 libCGXCoreImage.A.dylib ??? (???) <32265ec157db98a33c5dcf0e6687dec2> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXCoreImage.A.dylib 0x2420000 - 0x309aff2 com.apple.WebCore 527+ (527+) <b0a4d43431cf36f15177a21d24e887c2> /Users/eseidel/Projects/build/Debug/WebCore.framework/Versions/A/WebCore 0x1a7e7000 - 0x1a7ecfff com.apple.DictionaryServiceComponent 1.1 (1.1) <8edc1180f52db18e9ddfb4e95debe61b> /System/Library/Components/DictionaryService.component/Contents/MacOS/DictionaryService 0x1a876000 - 0x1a8e7fff +com.DivXInc.DivXDecoder 6.4.0 (6.4.0) /Library/QuickTime/DivX Decoder.component/Contents/MacOS/DivX Decoder 0x8fe00000 - 0x8fe2da53 dyld 96.2 (???) <7af47d3b00b2268947563c7fa8c59a07> /usr/lib/dyld 0x90003000 - 0x90005fff com.apple.securityhi 3.0 (30817) <2b2854123fed609d1820d2779e2e0963> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x90031000 - 0x90031ffc com.apple.audio.units.AudioUnit 1.5 (1.5) /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x90032000 - 0x9005afff libcups.2.dylib ??? (???) <ece20dff2a2c8ed3ae6ef735ef440c37> /usr/lib/libcups.2.dylib 0x9005b000 - 0x90073fff com.apple.openscripting 1.2.6 (???) <b8e553df643f2aec68fa968b3b459b2b> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x90074000 - 0x90198fe3 com.apple.audio.toolbox.AudioToolbox 1.5.1 (1.5.1) /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x90199000 - 0x90225ff7 com.apple.LaunchServices 289.2 (289.2) <3577886e3a6d56ee3949850c4fde76c9> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x90226000 - 0x902cdfeb com.apple.QD 3.11.52 (???) <c72bd7bd2ce12694c3640a731d1ad878> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x902ce000 - 0x90395ff2 com.apple.vImage 3.0 (3.0) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x90396000 - 0x903c8fff com.apple.LDAPFramework 1.4.3 (106) <3a5c9df6032143cd6bc2658a9d328d8e> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x903c9000 - 0x903e4ff3 libPng.dylib ??? (???) <c0484bec6e2432b406755591924fe664> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x903e5000 - 0x903fbfe7 com.apple.CoreVideo 1.5.0 (1.5.0) <bad2d3a9a92fdecd02e64f0b73a76f27> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x903fc000 - 0x903fcffd com.apple.Accelerate.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x9042e000 - 0x9050dfff libobjc.A.dylib ??? (???) <a53206274b6c2d42691f677863f379ae> /usr/lib/libobjc.A.dylib 0x905d7000 - 0x905e2ff9 com.apple.helpdata 1.0 (14) /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/HelpData 0x905e3000 - 0x905e4ffc libffi.dylib ??? (???) <a3b573eb950ca583290f7b2b4c486d09> /usr/lib/libffi.dylib 0x905e6000 - 0x905e9fff com.apple.help 1.1 (36) <b507b08e484cb89033e9cf23062d77de> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x905ea000 - 0x90671ff7 libsqlite3.0.dylib ??? (???) <6978bbcca4277d6ae9f042beff643f7d> /usr/lib/libsqlite3.0.dylib 0x906c1000 - 0x906c1ffb com.apple.installserver.framework 1.0 (8) /System/Library/PrivateFrameworks/InstallServer.framework/Versions/A/InstallServer 0x90d13000 - 0x90d13ffa com.apple.CoreServices 32 (32) <2fcc8f3bd5bbfc000b476cad8e6a3dd2> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x90d14000 - 0x90d23fff libsasl2.2.dylib ??? (???) <b9e1ca0b6612e280b6cbea6df0eec5f6> /usr/lib/libsasl2.2.dylib 0x90e0b000 - 0x90e15feb com.apple.audio.SoundManager 3.9.2 (3.9.2) <0f2ba6e891d3761212cf5a5e6134d683> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x90f0b000 - 0x90f0ffff libmathCommon.A.dylib ??? (???) /usr/lib/system/libmathCommon.A.dylib 0x90f10000 - 0x913e3ffe libGLProgrammability.dylib ??? (???) <475db64244e011cd8811e076035b2632> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib 0x913e4000 - 0x91404ff2 libGL.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x914d9000 - 0x91517ff7 libGLImage.dylib ??? (???) <093b1b698ca93a0380f5fa262459ea28> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x91518000 - 0x91838fe2 com.apple.QuickTime 7.4.5 (67) <520cbf4ae05622466ad1b89f1ba3a4e1> /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime 0x91839000 - 0x91840ffe libbsm.dylib ??? (???) <d25c63378a5029648ffd4b4669be31bf> /usr/lib/libbsm.dylib 0x91841000 - 0x91987ff7 com.apple.ImageIO.framework 2.0.2 (2.0.2) <77dfee73f4c0d230425a5151ee0bce05> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x91988000 - 0x91c62ff3 com.apple.CoreServices.CarbonCore 786.4 (786.4) <059c4803a7a95e3c1a95a332baeb1edf> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x91c63000 - 0x91ff9fff com.apple.QuartzCore 1.5.3 (1.5.3) <1b65c05f89e81a499302fd63295b242d> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x92017000 - 0x9205bfeb com.apple.DirectoryService.PasswordServerFramework 3.0.3 (3.0.3) <7e80635e8f1380dbf4af27e17e709fcb> /System/Library/PrivateFrameworks/PasswordServer.framework/Versions/A/PasswordServer 0x9205c000 - 0x920d6ff8 com.apple.print.framework.PrintCore 5.5.3 (245.3) <222dade7b33b99708b8c09d1303f93fc> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x920d7000 - 0x92119fef com.apple.NavigationServices 3.5.2 (163) <91844980804067b07a0b6124310d3f31> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x9211a000 - 0x921cafff edu.mit.Kerberos 6.0.12 (6.0.12) <1dc515ebe407292db8e603938c72d4e8> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos 0x921cb000 - 0x922acff7 libxml2.2.dylib ??? (???) <1baef3d4972ee789d8fa6c1fa44da45c> /usr/lib/libxml2.2.dylib 0x922ad000 - 0x9242cfff com.apple.AddressBook.framework 4.1.1 (695) <24a448ba4f9f784189bd3183e3474d81> /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x9242d000 - 0x924acff5 com.apple.SearchKit 1.2.0 (1.2.0) <277b460da86bc222785159fe77e2e2ed> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x924ad000 - 0x92529feb com.apple.audio.CoreAudio 3.1.0 (3.1) <70bb7c657061631491029a61babe0b26> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x9252a000 - 0x92590ffb com.apple.ISSupport 1.7 (38) /System/Library/PrivateFrameworks/ISSupport.framework/Versions/A/ISSupport 0x92591000 - 0x925cbfff com.apple.coreui 1.1 (61) /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI 0x925cc000 - 0x925cefff com.apple.CrashReporterSupport 10.5.0 (156) <3088b785b10d03504ed02f3fee5d3aab> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Versions/A/CrashReporterSupport 0x9278b000 - 0x927dbff7 com.apple.HIServices 1.7.0 (???) <f7e78891a6d08265c83dca8e378be1ea> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x927dc000 - 0x927dcfff com.apple.Carbon 136 (136) <98a5e3bc0c4fa44bbb09713bb88707fe> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x92915000 - 0x92929ff3 com.apple.ImageCapture 4.0 (5.0.0) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x9292a000 - 0x92fc6fff com.apple.CoreGraphics 1.351.31 (???) <c97a42498636b2596764e48669f98e00> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x92fc7000 - 0x92fd3fe7 com.apple.opengl 1.5.6 (1.5.6) <125de77ea2434a91364e79a0905a7771> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x93025000 - 0x9302dfff com.apple.DiskArbitration 2.2.1 (2.2.1) <75b0c8d8940a8a27816961dddcac8e0f> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x9302e000 - 0x9303cffd libz.1.dylib ??? (???) <5ddd8539ae2ebfd8e7cc1c57525385c7> /usr/lib/libz.1.dylib 0x9303d000 - 0x930dfff3 com.apple.QuickTimeImporters.component 7.4.5 (67) /System/Library/QuickTime/QuickTimeImporters.component/Contents/MacOS/QuickTimeImporters 0x930e0000 - 0x9313aff7 com.apple.CoreText 2.0.2 (???) <9fde11f84a72e890bbf2aa8b0b13b79a> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x9313b000 - 0x9313bffd com.apple.Accelerate 1.4.2 (Accelerate 1.4.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x9313c000 - 0x931eeffb libcrypto.0.9.7.dylib ??? (???) <330b0e48e67faffc8c22dfc069ca7a47> /usr/lib/libcrypto.0.9.7.dylib 0x931ef000 - 0x9327afff com.apple.framework.IOKit 1.5.1 (???) <60cfc4b175c4ef60bb8e9036716a29f4> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x93280000 - 0x93365ff3 com.apple.CoreData 100.1 (186) <8e28162ef2288692615b52acc01f8b54> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x93366000 - 0x9337cfff com.apple.DictionaryServices 1.0.0 (1.0.0) <ad0aa0252e3323d182e17f50defe56fc> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices 0x93387000 - 0x93398ffe com.apple.CFOpenDirectory 10.5 (10.5) <6a7f55108d77db7384d0e2219d07e9f8> /System/Library/PrivateFrameworks/OpenDirectory.framework/Versions/A/Frameworks/CFOpenDirectory.framework/Versions/A/CFOpenDirectory 0x93399000 - 0x933a8ffe com.apple.DSObjCWrappers.Framework 1.2.1 (1.2.1) <eac1c7b7c07ed3148c85934b6f656308> /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x933a9000 - 0x934e1ff7 libicucore.A.dylib ??? (???) <5031226ea28b371d8dfdbb32acfb48b5> /usr/lib/libicucore.A.dylib 0x93550000 - 0x93651fef com.apple.PubSub 1.0.3 (65.1.1) /System/Library/Frameworks/PubSub.framework/Versions/A/PubSub 0x93652000 - 0x93693fe7 libRIP.A.dylib ??? (???) <c8d988d3880d7268468112c64c626d86> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x93694000 - 0x93e91fef com.apple.AppKit 6.5.3 (949.33) <84b236f43802f4c15011513d18efa101> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x93e92000 - 0x93e97fff com.apple.backup.framework 1.0 (1.0) /System/Library/PrivateFrameworks/Backup.framework/Versions/A/Backup 0x93e98000 - 0x93ed7fef libTIFF.dylib ??? (???) <6d0f80e9d4d81f3f64c876aca005bd53> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x93eec000 - 0x93eecff8 com.apple.ApplicationServices 34 (34) <8f910fa65f01d401ad8d04cc933cf887> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x93eed000 - 0x942abfea libLAPACK.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x942ac000 - 0x9433fff3 com.apple.ApplicationServices.ATS 3.3 (???) <064eb6d96417afa38a80b1735c4113aa> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x94346000 - 0x94411fff com.apple.ColorSync 4.5.0 (4.5.0) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x9467b000 - 0x946a6fe7 libauto.dylib ??? (???) <42d8422dc23a18071869fdf7b5d8fab5> /usr/lib/libauto.dylib 0x946a7000 - 0x946acfff com.apple.CommonPanels 1.2.4 (85) <ea0665f57cd267609466ed8b2b20e893> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x946ad000 - 0x946b4fff com.apple.agl 3.0.9 (AGL-3.0.9) <7dac4a7cb0de2f6d08ae71c1249379e3> /System/Library/Frameworks/AGL.framework/Versions/A/AGL 0x946b5000 - 0x946b7ff5 libRadiance.dylib ??? (???) <20eadb285da83df96c795c2c5fa20590> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x946b8000 - 0x946c8fff com.apple.speech.synthesis.framework 3.7.1 (3.7.1) <06d8fc0307314f8ffc16f206ad3dbf44> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x946c9000 - 0x95779ff6 com.apple.QuickTimeComponents.component 7.4.5 (67) /System/Library/QuickTime/QuickTimeComponents.component/Contents/MacOS/QuickTimeComponents 0x9577a000 - 0x95834fe3 com.apple.CoreServices.OSServices 226.3 (226.3) <456bdd65b936baf1ef497b74b4f960a8> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x95835000 - 0x95839fff com.apple.OpenDirectory 10.5 (10.5) <e7e4507f5ecd8c8cdcdb2fc0675da0b4> /System/Library/PrivateFrameworks/OpenDirectory.framework/Versions/A/OpenDirectory 0x9583a000 - 0x95873ffe com.apple.securityfoundation 3.0 (32989) <e9171eda22c69c884a04a001aeb526e0> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x95874000 - 0x95892ff3 com.apple.DirectoryService.Framework 3.5.3 (3.5.3) <a3277abd826960efb44258699adafc17> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x95893000 - 0x9589aff7 libCGATS.A.dylib ??? (???) <9b29a5500efe01cc3adea67bbc42568e> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x9589b000 - 0x958c8feb libvDSP.dylib ??? (???) <b232c018ddd040ec4e2c2af632dd497f> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x958c9000 - 0x95922ff7 libGLU.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x95923000 - 0x95947fff libxslt.1.dylib ??? (???) <4933ddc7f6618743197aadc85b33b5ab> /usr/lib/libxslt.1.dylib 0x95948000 - 0x95bc3fe7 com.apple.Foundation 6.5.5 (677.19) <bfd4ebea1a7739dd6b523f15dca01a37> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x95c3f000 - 0x95c43fff libGIF.dylib ??? (???) <d4234e6f5e5f530bdafb969157f1f17b> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x95cb7000 - 0x95cdfff7 com.apple.shortcut 1 (1.0) <057783867138902b52bc0941fedb74d1> /System/Library/PrivateFrameworks/Shortcut.framework/Versions/A/Shortcut 0x95d53000 - 0x95de6fff com.apple.ink.framework 101.3 (86) <bf3fa8927b4b8baae92381a976fd2079> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x95de7000 - 0x95dedfff com.apple.print.framework.Print 218.0.2 (220.1) <8bf7ef71216376d12fcd5ec17e43742c> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x95e23000 - 0x9612aff7 com.apple.HIToolbox 1.5.3 (???) <e36f5c553e5a32f64b7eb458dadadc71> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x9612b000 - 0x9617bfeb com.apple.framework.familycontrols 1.0.2 (1.0.2) <90f740755beef77835545ede9e5e975d> /System/Library/PrivateFrameworks/FamilyControls.framework/Versions/A/FamilyControls 0x96209000 - 0x96238fe3 com.apple.AE 402.2 (402.2) <e01596187e91af5d48653920017b8c8e> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x96239000 - 0x96249ffc com.apple.LangAnalysis 1.6.4 (1.6.4) <cbeb17ab39f28351fe2ab5b82bf465bc> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x9624a000 - 0x962d4fe3 com.apple.DesktopServices 1.4.6 (1.4.6) <94d1a28b351b7dff77becadab0967772> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x962db000 - 0x962e6fe7 libCSync.A.dylib ??? (???) <8011fc1963cebdde0c6f101dbee5afd7> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x962e7000 - 0x962e7ffd com.apple.vecLib 3.4.2 (vecLib 3.4.2) /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x962e8000 - 0x964b5fe7 com.apple.security 5.0.3 (33532) <3bef414f3c6f433e707ac5abee340e16> /System/Library/Frameworks/Security.framework/Versions/A/Security 0x964b6000 - 0x964bdfe9 libgcc_s.1.dylib ??? (???) <f53c808e87d1184c0f9df63aef53ce0b> /usr/lib/libgcc_s.1.dylib 0x964be000 - 0x96504fef com.apple.Metadata 10.5.2 (398.18) <adbb3a14e8f7da444e16d2fd61862771> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x96505000 - 0x9654ffe1 com.apple.securityinterface 3.0 (32532) <f521dae416ce7a3bdd594b0d4e2fb517> /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x96550000 - 0x96587fff com.apple.SystemConfiguration 1.9.2 (1.9.2) <8b26ebf26a009a098484f1ed01ec499c> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x966f3000 - 0x966fcfff com.apple.speech.recognition.framework 3.7.24 (3.7.24) <d3180f9edbd9a5e6f283d6156aa3c602> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x966fd000 - 0x966fdff8 com.apple.Cocoa 6.5 (???) <e064f94d969ce25cb7de3cfb980c3249> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x9670a000 - 0x96729ffa libJPEG.dylib ??? (???) <0cfb80109d624beb9ceb3c43b6c5ec10> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x9672a000 - 0x967acffb com.apple.CFNetwork 330 (330) <6c5eda16e640b09334809ba4c1df985d> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x967ad000 - 0x9682afef libvMisc.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x9682b000 - 0x9695dfff com.apple.CoreFoundation 6.5.2 (476.13) <b633d15f2901d73670cb1475628df1b3> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x9695e000 - 0x96994fef libtidy.A.dylib ??? (???) <f1d1742e06280444baa5637b209fd0af> /usr/lib/libtidy.A.dylib 0x96995000 - 0x969f2ffb libstdc++.6.dylib ??? (???) <04b812dcec670daa8b7d2852ab14be60> /usr/lib/libstdc++.6.dylib 0x969f3000 - 0x96e03fef libBLAS.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x96e22000 - 0x96e40fff libresolv.9.dylib ??? (???) <0629b6dcd71f4aac6a891cbe26253e85> /usr/lib/libresolv.9.dylib 0x96e80000 - 0x96edcff7 com.apple.htmlrendering 68 (1.1.3) <fe87a9dede38db00e6c8949942c6bd4f> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x96ff0000 - 0x97014feb libssl.0.9.7.dylib ??? (???) <acee7fc534674498dcac211318aa23e8> /usr/lib/libssl.0.9.7.dylib 0x970d3000 - 0x97233ff3 libSystem.B.dylib ??? (???) <a12f397abf2285077b89bd726bff5b18> /usr/lib/libSystem.B.dylib 0xfffe8000 - 0xfffebfff libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib 0xffff0000 - 0xffff1780 libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib nm. The two stack traces are functionally equivalent. I think the RenderView's m_selectionEnd was deleted, but it was somehow not told... not sure. Created attachment 21603 [details]
Slightly smaller reduction
Slightly simpler reduction:
<body><script>
document.execCommand('selectall')
document.designMode = 'on'
document.execCommand('inserthorizontalrule')
document.execCommand('insertparagraph')
document.execCommand('delete')
document.execCommand('inserthorizontalrule')
document.execCommand('justifycenter')
document.execCommand('formatblock', 0, '<pre>')
document.execCommand('inserthorizontalrule')
document.execCommand('insertparagraph')
document.execCommand('selectall')
document.execCommand('createLink', 0, 'foo')
document.execCommand('selectall')
document.execCommand('justifycenter')
</script>
Created attachment 21604 [details]
Stacks for creation, destruction, and bad-access
Stacks from my most recent debugging section. This is the <a> tag which is being created around the entire document, then we're selecting everything again and center justifying it, and that's when the <a> tag has already been destroyed and we crash. It's destroyed earlier in the justifyCenter command.
Created attachment 21611 [details]
even smaller reduction
Created attachment 21618 [details]
patch
Comment on attachment 21618 [details]
patch
Looks good to me.
|