11239 – REGRESSION (r16960): crash on navigating to site

RESOLVED FIXED 11239

REGRESSION (r16960): crash on navigating to site

https://bugs.webkit.org/show_bug.cgi?id=11239

Summary REGRESSION (r16960): crash on navigating to site

tim bates

Reported 2006-10-10 02:26:16 PDT

1. Go this URL <http://www.zoominfo.com/Search/CompanyDetail.aspx?CompanyID=62948057&cs=QGDwILZIE> 2. Click on the link "Website: www.reidcampbell.com" --> Crash (log attached) Opening <http://www.reidcampbell.com> directly does not crash. The link seems pretty inoccuous <a href=http://www.reidcampbell.com target="_blank"> but it crashed me 4 times in a row.

Attachments
crash from link opening in new window (21.48 KB, text/plain) 2006-10-10 02:27 PDT, tim bates	no flags	Details
Further crash logs (139.38 KB, text/plain) 2006-10-10 04:58 PDT, Kevin M. Dean	no flags	Details
View All Add attachment proposed patch, testcase, etc.

tim bates

Comment 1 2006-10-10 02:27:02 PDT

Created attachment 11011 [details] crash from link opening in new window

Kevin M. Dean

Comment 2 2006-10-10 04:52:10 PDT

I'm seeing the same with this site and others. I first noticed the issue with r16966. Was previously running r16938 and hadn't noticed any issues.

Kevin M. Dean

Comment 3 2006-10-10 04:58:00 PDT

Created attachment 11012 [details] Further crash logs Added my own crash logs in case there's further useful info.

mitz

Comment 4 2006-10-10 05:01:07 PDT

data:text/html,<a%20href="http://www.ibm.com/"%20target="_blank">click</a> Upon clicking the link: ASSERTION FAILED: _frame == nil (WebKit/WebCoreSupport/WebFrameBridge.m:162 -[WebFrameBridge fini]) ASSERTION FAILED: _closed (WebCore/bridge/mac/WebCoreFrameBridge.mm:514 -[WebCoreFrameBridge dealloc])

Kevin M. Dean

Comment 5 2006-10-10 05:05:27 PDT

Starts breaking with r16962 and later. I'm also getting a lot messages like the following in the console: 2006-10-10 08:01:03.634 WebKit[5373] *** -[NSImage page]: selector not recognized [self = 0x12d22dc0]

mitz

Comment 6 2006-10-10 05:24:33 PDT

I think the bug was introduced in r16960: -[WebFrameLoader continueLoadRequestAfterNewWindowPolicy:frameName:formState:] is under-retaining (or over-releasing) mainBridge. @@ -1634,17 +1629,14 @@ [bridge retain]; - WebFrame *mainFrame = [client _dispatchCreateWebViewWithRequest:nil]; - if (!mainFrame) + WebCoreFrameBridge *mainBridge = [client _dispatchCreateWebViewWithRequest:nil]; + if (!mainBridge) goto exit; - WebCoreFrameBridge *mainBridge = [mainFrame _frameLoader]->frameBridge; - [mainBridge retain]; - [mainBridge setName:frameName]; - [mainFrame _dispatchShow]; + [[[mainBridge frameLoader] client] _dispatchShow]; [mainBridge setOpener:bridge]; - [[mainFrame _frameLoader] _loadRequest:request triggeringAction:nil loadType:WebFrameLoadTypeStandard formState:formState]; + [[mainBridge frameLoader] _loadRequest:request triggeringAction:nil loadType:FrameLoadTypeStandard formState:formState]; [mainBridge release];

Note You need to log in before you can comment on or make changes to this bug.