12089 – REGRESSION: NULL deref in FrameLoader::updateHistoryForCommit

Bug 12089 - REGRESSION: NULL deref in FrameLoader::updateHistoryForCommit

Summary: REGRESSION: NULL deref in FrameLoader::updateHistoryForCommit

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	New Bugs (show other bugs)
Version:	420+
Hardware:	Mac OS X 10.4

Importance:	P1 Major
Assignee:	Brady Eidson

URL:
Keywords:	HasReduction, Regression

Depends on:
Blocks:

Reported:	2007-01-02 21:29 PST by Mark Rowe (bdash)
Modified:	2007-01-05 06:22 PST (History)
CC List:	2 users (show)

See Also:

Attachments
Proposed fix (1.24 KB, patch) 2007-01-03 17:35 PST, Brady Eidson	mrowe: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mark Rowe (bdash) 2007-01-02 21:29:43 PST

<html>
<head>
    <title>Test HTML Page</title>
</head>
<body>
    <iframe>iframe</iframe>
</body>
</html>

Steps to reproduce:
1. Load the above file.
2. Hit refresh.

Expected results:
Page refreshes.

Actual results:
*boom*


Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_PROTECTION_FAILURE at address: 0x000000f2
0x013d60a9 in WebCore::ResourceRequest::updatePlatformRequest (this=0x14) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/platform/network/ResourceRequest.cpp:176
176         if (m_platformRequestUpdated)
(gdb) bt
#0  0x013d60a9 in WebCore::ResourceRequest::updatePlatformRequest (this=0x14) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/platform/network/ResourceRequest.cpp:176
#1  0x0139d657 in WebCore::ResourceRequest::nsURLRequest (this=0x14) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/platform/network/mac/ResourceRequestMac.mm:40
#2  0x0136c9fb in WebCore::DocumentLoader::unreachableURL (this=0x0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/DocumentLoaderMac.mm:196
#3  0x0139437d in WebCore::FrameLoader::updateHistoryForCommit (this=0x218cc00) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:3073
#4  0x01398b76 in WebCore::FrameLoader::transitionToCommitted (this=0x218cc00, pageCache=@0xbfffc240) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:1979
#5  0x01399239 in WebCore::FrameLoader::commitProvisionalLoad (this=0x218cc00, prpPageCache=@0xbfffc33c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:1933
#6  0x0136d52b in WebCore::DocumentLoader::commitIfReady (this=0x218d000) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/DocumentLoaderMac.mm:301
#7  0x0136d7bb in WebCore::DocumentLoader::finishedLoading (this=0x218d000) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/DocumentLoaderMac.mm:308
#8  0x013921ec in WebCore::FrameLoader::finishedLoading (this=0x218cc00) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:2168
#9  0x0137682d in WebCore::MainResourceLoader::didFinishLoading (this=0x17074c40) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/MainResourceLoaderMac.mm:323
#10 0x01377c0f in WebCore::MainResourceLoader::continueAfterContentPolicy (this=0x17074c40, contentPolicy=WebCore::PolicyUse, r=0x17047ee0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/MainResourceLoaderMac.mm:259
#11 0x01377cce in WebCore::MainResourceLoader::continueAfterContentPolicy (this=0x17074c40, policy=WebCore::PolicyUse) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/MainResourceLoaderMac.mm:272
#12 0x01377cfa in WebCore::MainResourceLoader::callContinueAfterContentPolicy (argument=0x17074c40, policy=WebCore::PolicyUse) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/MainResourceLoaderMac.mm:264
#13 0x0136f836 in WebCore::PolicyCheck::call (this=0xbfffc624, action=WebCore::PolicyUse) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/FrameLoaderMac.mm:1342
#14 0x0139a4a0 in WebCore::FrameLoader::continueAfterContentPolicy (this=0x218cc00, policy=WebCore::PolicyUse) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:2287
#15 0x003987eb in WebFrameLoaderClient::receivedPolicyDecison (this=0x170678a0, action=WebCore::PolicyUse) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:989
#16 0x003993bf in -[WebFramePolicyListener receivedPolicyDecision:] (self=0x17065c50, _cmd=0x3cee84, action=WebCore::PolicyUse) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:1085
#17 0x00398689 in -[WebFramePolicyListener use] (self=0x17065c50, _cmd=0x90acd128) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:1100
#18 0x000207c1 in ?? ()
#19 0x90a57c56 in objc_msgSendv ()
#20 0x925fc43e in -[NSInvocation invoke] ()
#21 0x92622433 in -[NSInvocation invokeWithTarget:] ()
#22 0x00364252 in -[_WebSafeForwarder forwardInvocation:] (self=0x1848f400, _cmd=0x90aa6194, anInvocation=0x17065d80) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebView.mm:1645
#23 0x925fb4f4 in -[NSObject(NSForwardInvocation) forward::] ()
#24 0x90a57ba1 in _objc_msgForward ()
#25 0x00398bf1 in WebFrameLoaderClient::dispatchDecidePolicyForMIMEType (this=0x170678a0, function={__pfn = 0x139a45c <WebCore::FrameLoader::continueAfterContentPolicy(WebCore::PolicyAction)>, __delta = 0}, MIMEType=@0xbfffcbcc, request=@0x218d1dc) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:491
#26 0x01372057 in WebCore::FrameLoader::checkContentPolicy (this=0x218cc00, MIMEType=@0xbfffcbcc, function=0x1377ce2 <WebCore::MainResourceLoader::callContinueAfterContentPolicy(void*, WebCore::PolicyAction)>, argument=0x17074c40) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/FrameLoaderMac.mm:585
#27 0x0137772e in WebCore::MainResourceLoader::didReceiveResponse (this=0x17074c40, r=0x17047ee0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/MainResourceLoaderMac.mm:299
#28 0x01376e0d in WebCore::MainResourceLoader::loadNow (this=0x17074c40, r=0x17066620) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/MainResourceLoaderMac.mm:366
#29 0x0137702f in WebCore::MainResourceLoader::load (this=0x17074c40, r=0x17074d40) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/MainResourceLoaderMac.mm:386
#30 0x013703b8 in WebCore::FrameLoader::startLoadingMainResource (this=0x218cc00, request=@0x218d1dc, identifier=0x17074bc0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/FrameLoaderMac.mm:294
#31 0x01370516 in WebCore::FrameLoader::startLoading (this=0x218cc00) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/FrameLoaderMac.mm:320
#32 0x01390347 in WebCore::FrameLoader::continueAfterWillSubmitForm (this=0x218cc00) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:2293
#33 0x01371d4a in WebCore::FrameLoader::continueLoadAfterNavigationPolicy (this=0x218cc00, request=@0xbfffd0a4, formState=@0xbfffd008, shouldContinue=true) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/FrameLoaderMac.mm:851
#34 0x01371d98 in WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy (argument=0x218cc00, request=@0xbfffd0a4, formState=@0xbfffd058, shouldContinue=true) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/FrameLoaderMac.mm:799
#35 0x013718d3 in WebCore::PolicyCheck::call (this=0xbfffd0a4, shouldContinue=true) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/FrameLoaderMac.mm:1331
#36 0x01374200 in WebCore::FrameLoader::continueAfterNavigationPolicy (this=0x218cc00, policy=WebCore::PolicyUse) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/FrameLoaderMac.mm:792
#37 0x003987eb in WebFrameLoaderClient::receivedPolicyDecison (this=0x170678a0, action=WebCore::PolicyUse) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:989
#38 0x003993bf in -[WebFramePolicyListener receivedPolicyDecision:] (self=0x17035c80, _cmd=0x3cee84, action=WebCore::PolicyUse) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:1085
#39 0x00398689 in -[WebFramePolicyListener use] (self=0x17035c80, _cmd=0x90acd128) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:1100
#40 0x90a57c56 in objc_msgSendv ()
#41 0x925fc43e in -[NSInvocation invoke] ()
#42 0x92622433 in -[NSInvocation invokeWithTarget:] ()
#43 0x00364252 in -[_WebSafeForwarder forwardInvocation:] (self=0x1848f400, _cmd=0x90aa6194, anInvocation=0x17036b10) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebView.mm:1645
#44 0x925fb4f4 in -[NSObject(NSForwardInvocation) forward::] ()
#45 0x90a57ba1 in _objc_msgForward ()
#46 0x00398a2c in WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction (this=0x170678a0, function={__pfn = 0x137407c <WebCore::FrameLoader::continueAfterNavigationPolicy(WebCore::PolicyAction)>, __delta = 0}, action=@0xbfffd5b4, request=@0x218d1dc) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:513
#47 0x01372496 in WebCore::FrameLoader::checkNavigationPolicy (this=0x218cc00, request=@0x218d1dc, loader=0x218d000, formState=@0xbfffd6c8, function=0x1371d52 <WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>, argument=0x218cc00) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/FrameLoaderMac.mm:765
#48 0x0137269d in WebCore::FrameLoader::load (this=0x218cc00, loader=0x218d000, type=WebCore::FrameLoadTypeReload, formState=@0xbfffd6fc) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/FrameLoaderMac.mm:272
#49 0x01372b43 in WebCore::FrameLoader::load (this=0x218cc00, request=@0xbfffd74c, action=@0xbfffd830, type=WebCore::FrameLoadTypeReload, formState=@0xbfffd910) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/FrameLoaderMac.mm:222
#50 0x013735be in WebCore::FrameLoader::load (this=0x218cc00, URL=@0xbfffd994, referrer=@0xbfffd990, newLoadType=WebCore::FrameLoadTypeReload, frameName=@0xbfffd98c, event=0x0, form=0x0, values=@0xbfffd974) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/FrameLoaderMac.mm:177
#51 0x00333ead in -[WebFrame(WebInternal) _loadURL:referrer:intoChild:] (self=0x2964510, _cmd=0x3aa268, URL=0x170359c0, referrer=0x3da3c0, childFrame=0x17067eb0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebFrame.mm:338
#52 0x0032bb40 in -[WebFrameBridge createChildFrameNamed:withURL:referrer:ownerElement:allowsScrolling:marginWidth:marginHeight:] (self=0x29643a0, _cmd=0x14816f4, frameName=0x17067f10, URL=0x17067ef0, referrer=@0x2022758, ownerElement=0x17067c80, allowsScrolling=1 '\001', width=-1, height=-1) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebCoreSupport/WebFrameBridge.mm:411
#53 0x0136f0dd in WebCore::FrameLoader::createFrame (this=0x2022600, url=@0xbfffdcdc, name=@0x17067cf4, ownerElement=0x17067c80, referrer=@0x2022758) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/FrameLoaderMac.mm:1135
#54 0x013997cc in WebCore::FrameLoader::loadSubframe (this=0x2022600, ownerElement=0x17067c80, url=@0xbfffdcdc, name=@0x17067cf4, referrer=@0x2022758) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:400
#55 0x0139ab77 in WebCore::FrameLoader::requestFrame (this=0x2022600, ownerElement=0x17067c80, urlString=@0x17067cf0, frameName=@0x17067cf4) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:387
#56 0x0137f7be in WebCore::HTMLFrameElementBase::openURL (this=0x17067c80) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/html/HTMLFrameElementBase.cpp:103
#57 0x0137fced in WebCore::HTMLFrameElementBase::openURLCallback (n=0x17067c80) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/html/HTMLFrameElementBase.cpp:159
#58 0x010faf5f in WebCore::ContainerNode::attach (this=0x17067c80) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/ContainerNode.cpp:605
#59 0x0123ec1e in WebCore::Element::attach (this=0x17067c80) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Element.cpp:563
#60 0x0137ef28 in WebCore::HTMLFrameElementBase::attach (this=0x17067c80) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/html/HTMLFrameElementBase.cpp:181
#61 0x01286a1f in WebCore::HTMLIFrameElement::attach (this=0x17067c80) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/html/HTMLIFrameElement.cpp:111
#62 0x0101b294 in WebCore::HTMLParser::insertNode (this=0x18499aa0, n=0x17067c80, flat=false) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/html/HTMLParser.cpp:289
#63 0x0101cdff in WebCore::HTMLParser::parseToken (this=0x18499aa0, t=0x2171014) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/html/HTMLParser.cpp:221
#64 0x0101fb56 in WebCore::HTMLTokenizer::processToken (this=0x2171000) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/html/HTMLTokenizer.cpp:1643
#65 0x01022c01 in WebCore::HTMLTokenizer::parseTag (this=0x2171000, src=@0x2171530, state={static EntityShift = 4, m_bits = 0}) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/html/HTMLTokenizer.cpp:1216
#66 0x01023588 in WebCore::HTMLTokenizer::write (this=0x2171000, str=@0xbfffe4ec, appendData=true) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/html/HTMLTokenizer.cpp:1442
#67 0x01392cc0 in WebCore::FrameLoader::write (this=0x2022600, str=0x215d200 "<html>\n<head>\n    <title>Test HTML Page</title>\n    <style type=\"text/css\">\n    html\n    {\n    font-family:Zapf Dingbats;\n    -webkit-marquee-style:-161177604cm;\n    border-top:102596064en;\n    text-u"..., len=4322) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:889
#68 0x01392de9 in WebCore::FrameLoader::addData (this=0x2022600, bytes=0x215d200 "<html>\n<head>\n    <title>Test HTML Page</title>\n    <style type=\"text/css\">\n    html\n    {\n    font-family:Zapf Dingbats;\n    -webkit-marquee-style:-161177604cm;\n    border-top:102596064en;\n    text-u"..., length=4322) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:1509
#69 0x010fbf2b in -[WebCoreFrameBridge addData:] (self=0x29643a0, _cmd=0x90a96118, data=0x17068330) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/mac/WebCoreFrameBridge.mm:299
#70 0x010ff972 in -[WebCoreFrameBridge receivedData:textEncodingName:] (self=0x29643a0, _cmd=0x90aba160, data=0x17068330, textEncodingName=0x0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/mac/WebCoreFrameBridge.mm:1649
#71 0x00334625 in -[WebHTMLRepresentation receivedData:withDataSource:] (self=0x2911e90, _cmd=0x90aba180, data=0x17068330, dataSource=0x170a71b0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebHTMLRepresentation.m:157
#72 0x0032d1cf in -[WebDataSource(WebInternal) _receivedData:] (self=0x170a71b0, _cmd=0x90a830f8, data=0x17068330) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebDataSource.mm:174
#73 0x003973b9 in WebFrameLoaderClient::committedLoad (this=0x2964810, loader=0x2141400, data=0x215d200 "<html>\n<head>\n    <title>Test HTML Page</title>\n    <style type=\"text/css\">\n    html\n    {\n    font-family:Zapf Dingbats;\n    -webkit-marquee-style:-161177604cm;\n    border-top:102596064en;\n    text-u"..., length=4322) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:626
#74 0x0136ede1 in WebCore::FrameLoader::committedLoad (this=0x2022600, loader=0x2141400, data=0x215d200 "<html>\n<head>\n    <title>Test HTML Page</title>\n    <style type=\"text/css\">\n    html\n    {\n    font-family:Zapf Dingbats;\n    -webkit-marquee-style:-161177604cm;\n    border-top:102596064en;\n    text-u"..., length=4322) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/FrameLoaderMac.mm:673
#75 0x0136d58f in WebCore::DocumentLoader::commitLoad (this=0x2141400, data=0x215d200 "<html>\n<head>\n    <title>Test HTML Page</title>\n    <style type=\"text/css\">\n    html\n    {\n    font-family:Zapf Dingbats;\n    -webkit-marquee-style:-161177604cm;\n    border-top:102596064en;\n    text-u"..., length=4322) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/DocumentLoaderMac.mm:341
#76 0x0136d79e in WebCore::DocumentLoader::receivedData (this=0x2141400, data=0x215d200 "<html>\n<head>\n    <title>Test HTML Page</title>\n    <style type=\"text/css\">\n    html\n    {\n    font-family:Zapf Dingbats;\n    -webkit-marquee-style:-161177604cm;\n    border-top:102596064en;\n    text-u"..., length=4322) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/DocumentLoaderMac.mm:353
#77 0x0136ea7f in WebCore::FrameLoader::receivedData (this=0x2022600, data=0x215d200 "<html>\n<head>\n    <title>Test HTML Page</title>\n    <style type=\"text/css\">\n    html\n    {\n    font-family:Zapf Dingbats;\n    -webkit-marquee-style:-161177604cm;\n    border-top:102596064en;\n    text-u"..., length=4322) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/FrameLoaderMac.mm:526
#78 0x01376302 in WebCore::MainResourceLoader::addData (this=0x170a29a0, data=0x215d200 "<html>\n<head>\n    <title>Test HTML Page</title>\n    <style type=\"text/css\">\n    html\n    {\n    font-family:Zapf Dingbats;\n    -webkit-marquee-style:-161177604cm;\n    border-top:102596064en;\n    text-u"..., length=4322, allAtOnce=false) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/MainResourceLoaderMac.mm:147
#79 0x01374c17 in WebCore::ResourceLoader::didReceiveData (this=0x170a29a0, data=0x215d200 "<html>\n<head>\n    <title>Test HTML Page</title>\n    <style type=\"text/css\">\n    html\n    {\n    font-family:Zapf Dingbats;\n    -webkit-marquee-style:-161177604cm;\n    border-top:102596064en;\n    text-u"..., length=4322, lengthReceived=4322, allAtOnce=false) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/ResourceLoaderMac.mm:281
#80 0x01376637 in WebCore::MainResourceLoader::didReceiveData (this=0x170a29a0, data=0x215d200 "<html>\n<head>\n    <title>Test HTML Page</title>\n    <style type=\"text/css\">\n    html\n    {\n    font-family:Zapf Dingbats;\n    -webkit-marquee-style:-161177604cm;\n    border-top:102596064en;\n    text-u"..., length=4322, lengthReceived=4322, allAtOnce=false) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/MainResourceLoaderMac.mm:312
#81 0x013748a6 in WebCore::ResourceLoader::didReceiveData (this=0x170a29a0, data=0x215d200 "<html>\n<head>\n    <title>Test HTML Page</title>\n    <style type=\"text/css\">\n    html\n    {\n    font-family:Zapf Dingbats;\n    -webkit-marquee-style:-161177604cm;\n    border-top:102596064en;\n    text-u"..., length=4322, lengthReceived=4322) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/ResourceLoaderMac.mm:441
#82 0x01383c2a in -[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] (self=0x170a4e20, _cmd=0x90a9d084, con=0x170a4e40, data=0x170a1830, lengthReceived=4322) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/platform/network/mac/ResourceHandleMac.mm:290
#83 0x9265bb86 in -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] ()
#84 0x92659e67 in -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] ()
#85 0x92659b41 in _sendCallbacks ()
#86 0x90829379 in CFRunLoopRunSpecific ()
#87 0x90828eb5 in CFRunLoopRunInMode ()
#88 0x92dcdb90 in RunCurrentEventLoopInMode ()
#89 0x92dcd1ce in ReceiveNextEventCommon ()
#90 0x92dcd0ee in BlockUntilNextEventMatchingListInMode ()
#91 0x9326f465 in _DPSNextEvent ()
#92 0x9326f056 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] ()
#93 0x00006f96 in ?? ()
#94 0x93268ddb in -[NSApplication run] ()
#95 0x9325cd2f in NSApplicationMain ()
#96 0x0005f7de in ?? ()
#97 0x0005f6f9 in ?? ()
(gdb)

Comment 1 Brady Eidson 2007-01-02 21:53:48 PST

Source of the crash is somewhat obvious - 

#2  0x0136c9fb in WebCore::DocumentLoader::unreachableURL (this=0x0) at
/Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/DocumentLoaderMac.mm:196
#3  0x0139437d in WebCore::FrameLoader::updateHistoryForCommit (this=0x218cc00)
at
/Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:3073

Question is, why do we have a NULL DocumentLoader?

Comment 2 David Kilzer (:ddkilzer) 2007-01-03 10:04:37 PST

See also Bug 11891 Comment #24 through #26 and Attachment 12187 [details].

Comment 3 Brady Eidson 2007-01-03 17:35:57 PST

Created attachment 12204 [details]
Proposed fix

Comment 4 Brady Eidson 2007-01-03 17:37:52 PST

Landed in r18568

Comment 5 Patricia Warwick 2007-01-05 06:22:22 PST

I agree that the problem is fixed today.