RESOLVED FIXED 12086
REGRESSION: Crash on login to myspace.com 
https://bugs.webkit.org/show_bug.cgi?id=12086
Summary REGRESSION: Crash on login to myspace.com
Miles Bainbridge
Reported 2007-01-02 20:25:00 PST
Running build 18541 on Tiger (10.4.8, Intel Core 2 Duo machine), WebKit crashes 100% of the time, during the login process on www.myspace.com. Build 18540 and earlier do not crash. Clearing caches, cookies, etc don't change the behavior. I'll attach a crash log.
Attachments
Crash log (5.53 KB, text/plain)
2007-01-02 20:26 PST, Miles Bainbridge 		no flags
Details
For sure fixes the problem - but is kinda gross (2.07 KB, patch)
2007-01-03 00:14 PST, Brady Eidson 		timothy: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Miles Bainbridge
Comment 1 2007-01-02 20:26:00 PST
Created attachment 12176 [details] Crash log
David Kilzer (:ddkilzer)
Comment 2 2007-01-02 21:20:02 PST
Confirmed logging into myspace.com.
David Kilzer (:ddkilzer)
Comment 3 2007-01-02 21:23:25 PST
*** Bug 12088 has been marked as a duplicate of this bug. ***
Brady Eidson
Comment 4 2007-01-02 23:37:58 PST
Pretty sure this is an overreleased ObjC wrapper for a HistoryItem - what I don't know is how that happens...!
Brady Eidson
Comment 5 2007-01-03 00:08:50 PST
Okay, definitely a WebHistoryItem getting overreleased. The problem is that [WebBackForwardList currentItem] returns a WebHistoryItem that has a retain count of 1 less than it used to in the previous implementation. Previously, the WebBackForwardList accessors simply returned items that the list itself was retaining. Now that we have these WebKit, objc wrappers that are "temporary" as far as the underlying WebCore::HistoryItem is concerned, code that relied on the WebBackForwardList retaining the item breaks! The "most correct" fix is... gross. But, may have to be done. Patch is coming shortly...
Brady Eidson
Comment 6 2007-01-03 00:14:32 PST
Created attachment 12181 [details] For sure fixes the problem - but is kinda gross Attached a fix
Timothy Hatcher
Comment 7 2007-01-03 00:35:10 PST
Comment on attachment 12181 [details] For sure fixes the problem - but is kinda gross This fix seems fine, I just hate using autorelease to solve problems like this. It makes sense, it makes sure the wrapper is retained for the entire scope needed. r=me
Brady Eidson
Comment 8 2007-01-03 00:49:45 PST
This fix was checked in r18544
David Kilzer (:ddkilzer)
Comment 9 2007-01-03 05:33:09 PST
*** Bug 12094 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.