Bug 11239 - REGRESSION (r16960): crash on navigating to site
Summary: REGRESSION (r16960): crash on navigating to site
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: 420+
Hardware: Mac OS X 10.4
: P1 Critical
Assignee: Nobody
URL: http://www.zoominfo.com/Search/Compan...
Keywords: Regression
Depends on:
Blocks:
 
Reported: 2006-10-10 02:26 PDT by tim bates
Modified: 2006-10-10 13:14 PDT (History)
4 users (show)

See Also:

Attachments
crash from link opening in new window (21.48 KB, text/plain)
2006-10-10 02:27 PDT, tim bates 		no flags Details
Further crash logs (139.38 KB, text/plain)
2006-10-10 04:58 PDT, Kevin M. Dean 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description tim bates 2006-10-10 02:26:16 PDT 
1. Go this URL <http://www.zoominfo.com/Search/CompanyDetail.aspx?CompanyID=62948057&cs=QGDwILZIE>

2. Click on the link "Website: 	www.reidcampbell.com"

--> Crash (log attached)

Opening <http://www.reidcampbell.com> directly does not crash.

The link seems pretty inoccuous

		<a href=http://www.reidcampbell.com target="_blank">

but it crashed me 4 times in a row.
Comment 1 tim bates 2006-10-10 02:27:02 PDT 
Created attachment 11011 [details]
crash from link opening in new window
Comment 2 Kevin M. Dean 2006-10-10 04:52:10 PDT 
I'm seeing the same with this site and others. I first noticed the issue with r16966. Was previously running r16938 and hadn't noticed any issues.
Comment 3 Kevin M. Dean 2006-10-10 04:58:00 PDT 
Created attachment 11012 [details]
Further crash logs

Added my own crash logs in case there's further useful info.
Comment 4 mitz 2006-10-10 05:01:07 PDT 
data:text/html,<a%20href="http://www.ibm.com/"%20target="_blank">click</a>

Upon clicking the link:

ASSERTION FAILED: _frame == nil
(WebKit/WebCoreSupport/WebFrameBridge.m:162 -[WebFrameBridge fini])
ASSERTION FAILED: _closed
(WebCore/bridge/mac/WebCoreFrameBridge.mm:514 -[WebCoreFrameBridge dealloc])
Comment 5 Kevin M. Dean 2006-10-10 05:05:27 PDT 
Starts breaking with r16962 and later.

I'm also getting a lot messages like the following in the console:

2006-10-10 08:01:03.634 WebKit[5373] *** -[NSImage page]: selector not recognized [self = 0x12d22dc0]
Comment 6 mitz 2006-10-10 05:24:33 PDT 
I think the bug was introduced in r16960: -[WebFrameLoader continueLoadRequestAfterNewWindowPolicy:frameName:formState:] is under-retaining (or over-releasing) mainBridge.

@@ -1634,17 +1629,14 @@
     [bridge retain];
 
-    WebFrame *mainFrame = [client _dispatchCreateWebViewWithRequest:nil];
-    if (!mainFrame)
+    WebCoreFrameBridge *mainBridge = [client _dispatchCreateWebViewWithRequest:nil];
+    if (!mainBridge)
         goto exit;
 
-    WebCoreFrameBridge *mainBridge = [mainFrame _frameLoader]->frameBridge;
-    [mainBridge retain];
-
     [mainBridge setName:frameName];
 
-    [mainFrame _dispatchShow];
+    [[[mainBridge frameLoader] client] _dispatchShow];
 
     [mainBridge setOpener:bridge];
-    [[mainFrame _frameLoader] _loadRequest:request triggeringAction:nil loadType:WebFrameLoadTypeStandard formState:formState];
+    [[mainBridge frameLoader] _loadRequest:request triggeringAction:nil loadType:FrameLoadTypeStandard formState:formState];
 
     [mainBridge release];