Bug 12585 - PAC file: after closing a window that contains macworld.com, new window crashes (KJS::PropertyMap::mark())
Summary: PAC file: after closing a window that contains macworld.com, new window crash...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore JavaScript (show other bugs)
Version: 420+
Hardware: Mac OS X 10.4
: P1 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2007-02-04 10:59 PST by Maciej Stachowiak
Modified: 2007-03-06 20:46 PST (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Maciej Stachowiak 2007-02-04 10:59:37 PST
2006-05-27 17:15:11 Geoff Garen:
Reason for clone:
Cloning to Leopard because we need to fix this in TOT, too.



<original text: begin>

5/25/06 11:01 AM Chris Petersen:
* SUMMARY
After loading macworld.com an closing the window, attempting to open a new window results in a crash.
This crash only occurs when I have a proxy set using the attached file. 

* STEPS TO REPRODUCE
1. Download the attached test.pac file
2. Go to System Prefs - Network -Built in Ethernet.  Click Proxies tab and check "Automatic Proxy Configuration".  Click Choose file button and select the test.pac file. Click Apply Now.
3. Under 8J117, launch Safari and go to macworld.com.
4. After page loads, close this window.
5. Pressing command -N creates a new window then crashes.

* RESULTS
No crash should occur after opening a new window but does.

* REGRESSION
This does occur with 8J117 /8JJ16 but not sure if this occurs under 10.4.6. Going to take a look.


Date/Time:      2006-05-25 10:41:12.130 -0700
OS Version:     10.4.7 (Build 8J117)
Report Version: 4

Command: Safari
Path:    /Applications/Safari.app/Contents/MacOS/Safari
Parent:  WindowServer [209]

Version:        2.0.4 (419.1)
Build Version:  2
Project Name:   WebBrowser
Source Version: 4190100

PID:    242
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000008

Thread 0 Crashed:
0   com.apple.JavaScriptCore 	0x95bd0b48 KJS::PropertyMap::mark() const + 164
1   com.apple.JavaScriptCore 	0x95bd0a58 KJS::ObjectImp::mark() + 84
2   com.apple.WebCore        	0x95dfd174 KJS::ScriptInterpreter::mark(bool) + 172
3   com.apple.JavaScriptCore 	0x95bed910 KJS::InterpreterImp::mark(bool) + 348
4   com.apple.JavaScriptCore 	0x95bd072c KJS::Collector::collect() + 96
5   com.apple.JavaScriptCore 	0x95bac308 KJS::Collector::allocate(unsigned long) + 64
6   com.apple.JavaScriptCore 	0x95bf25f4 KJS::Value::Value[unified](KJS::UString const&) + 44
7   com.apple.JavaScriptCore 	0x95bc6b04 KJS::StringNode::evaluate(KJS::ExecState*) + 28
8   com.apple.JavaScriptCore 	0x95bc9154 KJS::AddNode::evaluate(KJS::ExecState*) + 156
9   com.apple.JavaScriptCore 	0x95bc612c KJS::AssignNode::evaluate(KJS::ExecState*) + 448
10  com.apple.JavaScriptCore 	0x95bc5eac KJS::ExprStatementNode::execute(KJS::ExecState*) + 120
11  com.apple.JavaScriptCore 	0x95bc09ac KJS::SourceElementsNode::execute(KJS::ExecState*) + 544
12  com.apple.JavaScriptCore 	0x95bc071c KJS::BlockNode::execute(KJS::ExecState*) + 140
13  com.apple.JavaScriptCore 	0x95bd0214 KJS::ForNode::execute(KJS::ExecState*) + 592
14  com.apple.JavaScriptCore 	0x95bc09ac KJS::SourceElementsNode::execute(KJS::ExecState*) + 544
15  com.apple.JavaScriptCore 	0x95bc071c KJS::BlockNode::execute(KJS::ExecState*) + 140
16  com.apple.JavaScriptCore 	0x95bcd60c KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 44
17  com.apple.JavaScriptCore 	0x95bcce88 KJS::FunctionImp::call(KJS::ExecState*, KJS::Object&, KJS::List const&) + 408
18  com.apple.JavaScriptCore 	0x95bc2988 KJS::Object::call(KJS::ExecState*, KJS::Object&, KJS::List const&) + 136
19  com.apple.JavaScriptCore 	0x95bc12a8 KJS::FunctionCallNode::evaluate(KJS::ExecState*) + 1040
20  com.apple.JavaScriptCore 	0x95bc9154 KJS::AddNode::evaluate(KJS::ExecState*) + 156
21  com.apple.JavaScriptCore 	0x95bc6070 KJS::AssignNode::evaluate(KJS::ExecState*) + 260
22  com.apple.JavaScriptCore 	0x95bc5eac KJS::ExprStatementNode::execute(KJS::ExecState*) + 120
23  com.apple.JavaScriptCore 	0x95bc09ac KJS::SourceElementsNode::execute(KJS::ExecState*) + 544
24  com.apple.JavaScriptCore 	0x95bc071c KJS::BlockNode::execute(KJS::ExecState*) + 140
25  com.apple.JavaScriptCore 	0x95bcbbf4 KJS::IfNode::execute(KJS::ExecState*) + 440
26  com.apple.JavaScriptCore 	0x95bc09ac KJS::SourceElementsNode::execute(KJS::ExecState*) + 544
27  com.apple.JavaScriptCore 	0x95bc071c KJS::BlockNode::execute(KJS::ExecState*) + 140
28  com.apple.JavaScriptCore 	0x95bef2b4 KJS::WithNode::execute(KJS::ExecState*) + 456
29  com.apple.JavaScriptCore 	0x95bc085c KJS::SourceElementsNode::execute(KJS::ExecState*) + 208
30  com.apple.JavaScriptCore 	0x95bc071c KJS::BlockNode::execute(KJS::ExecState*) + 140
31  com.apple.JavaScriptCore 	0x95bcd60c KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 44
32  com.apple.JavaScriptCore 	0x95bcce88 KJS::FunctionImp::call(KJS::ExecState*, KJS::Object&, KJS::List const&) + 408
33  com.apple.JavaScriptCore 	0x95bc2988 KJS::Object::call(KJS::ExecState*, KJS::Object&, KJS::List const&) + 136
34  com.apple.JavaScriptCore 	0x95bc12a8 KJS::FunctionCallNode::evaluate(KJS::ExecState*) + 1040
35  com.apple.JavaScriptCore 	0x95bc6070 KJS::AssignNode::evaluate(KJS::ExecState*) + 260
36  com.apple.JavaScriptCore 	0x95bc5eac KJS::ExprStatementNode::execute(KJS::ExecState*) + 120
37  com.apple.JavaScriptCore 	0x95bc09ac KJS::SourceElementsNode::execute(KJS::ExecState*) + 544
38  com.apple.JavaScriptCore 	0x95bc071c KJS::BlockNode::execute(KJS::ExecState*) + 140
39  com.apple.JavaScriptCore 	0x95bcd60c KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 44
40  com.apple.JavaScriptCore 	0x95bcce88 KJS::FunctionImp::call(KJS::ExecState*, KJS::Object&, KJS::List const&) + 408
41  com.apple.JavaScriptCore 	0x95bc2988 KJS::Object::call(KJS::ExecState*, KJS::Object&, KJS::List const&) + 136
42  com.apple.JavaScriptCore 	0x95bdc494 KJS::DeclaredFunctionImp::construct(KJS::ExecState*, KJS::List const&) + 244
43  com.apple.JavaScriptCore 	0x95bc8880 KJS::NewExprNode::evaluate(KJS::ExecState*) + 652
44  com.apple.JavaScriptCore 	0x95bc6070 KJS::AssignNode::evaluate(KJS::ExecState*) + 260
45  com.apple.JavaScriptCore 	0x95bc6650 KJS::GroupNode::evaluate(KJS::ExecState*) + 40
46  com.apple.JavaScriptCore 	0x95bce3bc KJS::ConditionalNode::evaluate(KJS::ExecState*) + 200
47  com.apple.JavaScriptCore 	0x95bc5eac KJS::ExprStatementNode::execute(KJS::ExecState*) + 120
48  com.apple.JavaScriptCore 	0x95bc09ac KJS::SourceElementsNode::execute(KJS::ExecState*) + 544
49  com.apple.JavaScriptCore 	0x95bc071c KJS::BlockNode::execute(KJS::ExecState*) + 140
50  com.apple.JavaScriptCore 	0x95bb9554 KJS::InterpreterImp::evaluate(KJS::UString const&, KJS::Value const&, KJS::UString const&, int) + 1156
51  com.apple.JavaScriptCore 	0x95bb8f60 KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UString const&, KJS::Value const&) + 64
52  com.apple.WebCore        	0x95cd8528 KJSProxyImpl::evaluate(QString, int, QString const&, DOM::Node const&) + 192
53  com.apple.WebCore        	0x95cd83fc KHTMLPart::executeScript(QString, int, DOM::Node const&, QString const&) + 144
54  com.apple.WebCore        	0x95cd8200 khtml::HTMLTokenizer::scriptExecution(QString const&, QString, int) + 448
55  com.apple.WebCore        	0x95d0dbd8 khtml::HTMLTokenizer::notifyFinished(khtml::CachedObject*) + 312
56  com.apple.WebCore        	0x95cd7bd4 khtml::HTMLTokenizer::scriptHandler() + 916
57  com.apple.WebCore        	0x95cccf4c khtml::HTMLTokenizer::parseSpecial(khtml::TokenizerString&) + 548
58  com.apple.WebCore        	0x95ca9784 khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&) + 6660
59  com.apple.WebCore        	0x95ca753c khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) + 928
60  com.apple.WebCore        	0x95ca2ba8 KHTMLPart::write(char const*, int) + 852
61  com.apple.WebKit         	0x95b0766c -[WebDataSource(WebPrivate) _commitLoadWithData:] + 92
62  com.apple.WebKit         	0x95ad2e28 -[WebMainResourceClient addData:] + 84
63  com.apple.WebKit         	0x95ad2d54 -[WebBaseResourceHandleDelegate didReceiveData:lengthReceived:] + 68
64  com.apple.WebKit         	0x95b2e62c -[WebMainResourceClient didReceiveData:lengthReceived:] + 136
65  com.apple.WebKit         	0x95ad2cf0 -[WebBaseResourceHandleDelegate connection:didReceiveData:lengthReceived:] + 60
66  com.apple.Foundation     	0x929725d4 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564
67  com.apple.Foundation     	0x92970a74 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 488
68  com.apple.Foundation     	0x92970810 _sendCallbacks + 156
69  com.apple.CoreFoundation 	0x907dc4cc __CFRunLoopDoSources0 + 384
70  com.apple.CoreFoundation 	0x907db9fc __CFRunLoopRun + 452
71  com.apple.CoreFoundation 	0x907db47c CFRunLoopRunSpecific + 268
72  com.apple.HIToolbox      	0x931e6740 RunCurrentEventLoopInMode + 264
73  com.apple.HIToolbox      	0x931e5dd4 ReceiveNextEventCommon + 380
74  com.apple.HIToolbox      	0x931e5c40 BlockUntilNextEventMatchingListInMode + 96
75  com.apple.AppKit         	0x93710ae4 _DPSNextEvent + 384
76  com.apple.AppKit         	0x937107a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
77  com.apple.Safari         	0x00006700 0x1000 + 22272
78  com.apple.AppKit         	0x9370ccec -[NSApplication run] + 472
79  com.apple.AppKit         	0x937fd87c NSApplicationMain + 452
80  com.apple.Safari         	0x0005c73c 0x1000 + 374588
81  com.apple.Safari         	0x0005c5e4 0x1000 + 374244

Thread 1:
0   libSystem.B.dylib        	0x9000b268 mach_msg_trap + 8
1   libSystem.B.dylib        	0x9000b1bc mach_msg + 60
2   com.apple.CoreFoundation 	0x907dbb78 __CFRunLoopRun + 832
3   com.apple.CoreFoundation 	0x907db47c CFRunLoopRunSpecific + 268
4   com.apple.Foundation     	0x9294f164 -[NSRunLoop runMode:beforeDate:] + 172
5   com.apple.Foundation     	0x9294f09c -[NSRunLoop run] + 76
6   com.apple.WebKit         	0x95ac3f70 +[WebFileDatabase _syncLoop:] + 176
7   com.apple.Foundation     	0x92940194 forkThreadForFunction + 108
8   libSystem.B.dylib        	0x9002bc28 _pthread_body + 96

Thread 2:
0   libSystem.B.dylib        	0x9000b268 mach_msg_trap + 8
1   libSystem.B.dylib        	0x9000b1bc mach_msg + 60
2   com.apple.CoreFoundation 	0x907dbb78 __CFRunLoopRun + 832
3   com.apple.CoreFoundation 	0x907db47c CFRunLoopRunSpecific + 268
4   com.apple.Foundation     	0x9296769c +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 264
5   com.apple.Foundation     	0x92940194 forkThreadForFunction + 108
6   libSystem.B.dylib        	0x9002bc28 _pthread_body + 96

Thread 3:
0   libSystem.B.dylib        	0x9000b268 mach_msg_trap + 8
1   libSystem.B.dylib        	0x9000b1bc mach_msg + 60
2   com.apple.CoreFoundation 	0x907dbb78 __CFRunLoopRun + 832
3   com.apple.CoreFoundation 	0x907db47c CFRunLoopRunSpecific + 268
4   com.apple.Foundation     	0x929687dc +[NSURLCache _diskCacheSyncLoop:] + 152
5   com.apple.Foundation     	0x92940194 forkThreadForFunction + 108
6   libSystem.B.dylib        	0x9002bc28 _pthread_body + 96

Thread 4:
0   libSystem.B.dylib        	0x9001f7ac select + 12
1   com.apple.CoreFoundation 	0x907ee40c __CFSocketManager + 472
2   libSystem.B.dylib        	0x9002bc28 _pthread_body + 96

Thread 5:
0   libSystem.B.dylib        	0x9002c2e8 semaphore_wait_signal_trap + 8
1   libSystem.B.dylib        	0x90030dcc pthread_cond_wait + 480
2   com.apple.Foundation     	0x92947300 -[NSConditionLock lockWhenCondition:] + 68
3   com.apple.Syndication    	0x9b53442c -[AsyncDB _run:] + 192
4   com.apple.Foundation     	0x92940194 forkThreadForFunction + 108
5   libSystem.B.dylib        	0x9002bc28 _pthread_body + 96

Thread 0 crashed with PPC Thread State 64:
  srr0: 0x0000000095bd0b48 srr1: 0x100000000200f030                        vrsave: 0x0000000000000000
    cr: 0x24022488          xer: 0x0000000020000000   lr: 0x0000000095bd0a58  ctr: 0x0000000095bd0a04
    r0: 0x0000000000006858   r1: 0x00000000bfffbfc0   r2: 0x0000000000000000   r3: 0x0000000004568cc8
    r4: 0x0000000000000002   r5: 0x0000000001965400   r6: 0xffffffffffffffff   r7: 0x0000000000000002
    r8: 0x0000000000000001   r9: 0x0000000000000000  r10: 0x0000000095cecdec  r11: 0x00000000a5c7f568
   r12: 0x0000000095bd0a04  r13: 0x0000000000000000  r14: 0x0000000000000001  r15: 0x0000000000000001
   r16: 0x0000000000000000  r17: 0x0000000000000000  r18: 0x0000000000006157  r19: 0x0000000000000000
   r20: 0x0000000000000001  r21: 0x0000000000000000  r22: 0x00000000bfffc950  r23: 0x00000000bfffc880
   r24: 0x00000000a5bc5f80  r25: 0x00000000bfffc4a0  r26: 0x0000000000000001  r27: 0x00000000bfffc0a0
   r28: 0x0000000000000010  r29: 0x000000000000000c  r30: 0x0000000005e66118  r31: 0x0000000095bed7c0

Binary Images Description:
    0x1000 -    0xdcfff com.apple.Safari 2.0.4 (419.1)	/Applications/Safari.app/Contents/MacOS/Safari
 0x4a94000 -  0x4a96fff com.apple.textencoding.unicode 2.0	/System/Library/TextEncodings/Unicode Encodings.bundle/Contents/MacOS/Unicode Encodings
0x8fe00000 - 0x8fe52fff dyld 45.1	/usr/lib/dyld
0x90000000 - 0x901bbfff libSystem.B.dylib 	/usr/lib/libSystem.B.dylib
0x90213000 - 0x90218fff libmathCommon.A.dylib 	/usr/lib/system/libmathCommon.A.dylib
0x9021a000 - 0x90267fff com.apple.CoreText 1.0.2 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText
0x90292000 - 0x90343fff ATS 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS
0x90372000 - 0x9072cfff com.apple.CoreGraphics 1.258.32 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
0x907b9000 - 0x90892fff com.apple.CoreFoundation 6.4.6 (368.27)	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x908db000 - 0x908dbfff com.apple.CoreServices 10.4 (???)	/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
0x908dd000 - 0x909dffff libicucore.A.dylib 	/usr/lib/libicucore.A.dylib
0x90a39000 - 0x90abdfff libobjc.A.dylib 	/usr/lib/libobjc.A.dylib
0x90ae7000 - 0x90b57fff IOKit 	/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x90b6d000 - 0x90b7ffff libauto.dylib 	/usr/lib/libauto.dylib
0x90b86000 - 0x90e5dfff com.apple.CoreServices.CarbonCore 681.4	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore
0x90ec3000 - 0x90f43fff com.apple.CoreServices.OSServices 4.1	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices
0x90f8d000 - 0x90fcefff com.apple.CFNetwork 129.16	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
0x90fe3000 - 0x90ffbfff com.apple.WebServices 1.1.2 (1.1.0)	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/WebServicesCore
0x9100b000 - 0x9108cfff com.apple.SearchKit 1.0.5	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit
0x910d2000 - 0x910fbfff com.apple.Metadata 10.4.4 (121.36)	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata
0x9110c000 - 0x9111afff libz.1.dylib 	/usr/lib/libz.1.dylib
0x9111d000 - 0x912d7fff com.apple.security 4.4 (27566)	/System/Library/Frameworks/Security.framework/Versions/A/Security
0x913d5000 - 0x913defff com.apple.DiskArbitration 2.1	/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
0x913e5000 - 0x9140dfff com.apple.SystemConfiguration 1.8.3	/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
0x91420000 - 0x9142bfff libgcc_s.1.dylib 	/usr/lib/libgcc_s.1.dylib
0x91430000 - 0x91438fff libbsm.dylib 	/usr/lib/libbsm.dylib
0x9143c000 - 0x914b7fff com.apple.audio.CoreAudio 3.0.4	/System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
0x914f4000 - 0x914f4fff com.apple.ApplicationServices 10.4 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
0x914f6000 - 0x9152efff com.apple.AE 1.5 (297)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE
0x91549000 - 0x91616fff com.apple.ColorSync 4.4.4	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync
0x9166b000 - 0x916fcfff com.apple.print.framework.PrintCore 4.6 (177.12)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore
0x91743000 - 0x917fafff com.apple.QD 3.10.14 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD
0x91837000 - 0x91895fff com.apple.HIServices 1.5.3 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices
0x918c4000 - 0x918e5fff com.apple.LangAnalysis 1.6.1	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis
0x918f9000 - 0x9191efff com.apple.FindByContent 1.5	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/FindByContent
0x91931000 - 0x91973fff com.apple.LaunchServices 179	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices
0x9198f000 - 0x919a3fff com.apple.speech.synthesis.framework 3.3	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis
0x919b1000 - 0x919f1fff com.apple.ImageIO.framework 1.4.7	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO
0x91a07000 - 0x91acffff libcrypto.0.9.7.dylib 	/usr/lib/libcrypto.0.9.7.dylib
0x91b1d000 - 0x91b32fff libcups.2.dylib 	/usr/lib/libcups.2.dylib
0x91b37000 - 0x91b54fff libJPEG.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib
0x91b59000 - 0x91bc8fff libJP2.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib
0x91bdf000 - 0x91be3fff libGIF.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib
0x91be5000 - 0x91c2dfff libRaw.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib
0x91c32000 - 0x91c6ffff libTIFF.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib
0x91c76000 - 0x91c8ffff libPng.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
0x91c94000 - 0x91c97fff libRadiance.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib
0x91c99000 - 0x91c99fff com.apple.Accelerate 1.2.2 (Accelerate 1.2.2)	/System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
0x91c9b000 - 0x91d80fff com.apple.vImage 2.4	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage
0x91d88000 - 0x91da7fff com.apple.Accelerate.vecLib 3.2.2 (vecLib 3.2.2)	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib
0x91e13000 - 0x91e81fff libvMisc.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib
0x91e8c000 - 0x91f21fff libvDSP.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib
0x91f3b000 - 0x924c3fff libBLAS.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
0x924f6000 - 0x92821fff libLAPACK.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib
0x92851000 - 0x928d9fff com.apple.DesktopServices 1.3.4	/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv
0x9291a000 - 0x92b45fff com.apple.Foundation 6.4.6 (567.27)	/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x92c63000 - 0x92d41fff libxml2.2.dylib 	/usr/lib/libxml2.2.dylib
0x92d61000 - 0x92e4ffff libiconv.2.dylib 	/usr/lib/libiconv.2.dylib
0x92e61000 - 0x92e7ffff libGL.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
0x92e8a000 - 0x92ee4fff libGLU.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
0x92f02000 - 0x92f02fff com.apple.Carbon 10.4 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
0x92f04000 - 0x92f18fff com.apple.ImageCapture 3.0	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture
0x92f30000 - 0x92f40fff com.apple.speech.recognition.framework 3.4	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition
0x92f4c000 - 0x92f61fff com.apple.securityhi 2.0 (203)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI
0x92f73000 - 0x92ffafff com.apple.ink.framework 101.2 (69)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink
0x9300e000 - 0x93019fff com.apple.help 1.0.3 (32)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help
0x93023000 - 0x93050fff com.apple.openscripting 1.2.5 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting
0x9306a000 - 0x93079fff com.apple.print.framework.Print 5.2 (192.4)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print
0x93085000 - 0x930ebfff com.apple.htmlrendering 1.1.2	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering
0x9311c000 - 0x9316bfff com.apple.NavigationServices 3.4.4 (3.4.3)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices
0x93199000 - 0x931b6fff com.apple.audio.SoundManager 3.9	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound
0x931c8000 - 0x931d5fff com.apple.CommonPanels 1.2.2 (73)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels
0x931de000 - 0x934ebfff com.apple.HIToolbox 1.4.8 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox
0x9363a000 - 0x93646fff com.apple.opengl 1.4.7	/System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
0x9364b000 - 0x9366bfff com.apple.DirectoryService.Framework 3.1	/System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService
0x93706000 - 0x93706fff com.apple.Cocoa 6.4 (???)	/System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa
0x93708000 - 0x93d3bfff com.apple.AppKit 6.4.7 (824.41)	/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
0x940c8000 - 0x94138fff com.apple.CoreData 80	/System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
0x94171000 - 0x94234fff com.apple.audio.toolbox.AudioToolbox 1.4.3	/System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
0x94286000 - 0x94286fff com.apple.audio.units.AudioUnit 1.4	/System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
0x94288000 - 0x9443bfff com.apple.QuartzCore 1.4.8	/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
0x9448e000 - 0x944cbfff libsqlite3.0.dylib 	/usr/lib/libsqlite3.0.dylib
0x944d3000 - 0x94523fff libGLImage.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib
0x945b3000 - 0x945ebfff com.apple.vmutils 4.0.0 (85)	/System/Library/PrivateFrameworks/vmutils.framework/Versions/A/vmutils
0x9462e000 - 0x9464afff com.apple.securityfoundation 2.2 (27710)	/System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation
0x9465e000 - 0x946a2fff com.apple.securityinterface 2.2 (27692)	/System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface
0x946c6000 - 0x946d5fff libCGATS.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib
0x946dd000 - 0x946eafff libCSync.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib
0x94730000 - 0x94749fff libRIP.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib
0x94cae000 - 0x94ddefff com.apple.AddressBook.framework 4.0.4 (485.1)	/System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook
0x94e70000 - 0x94e7ffff com.apple.DSObjCWrappers.Framework 1.1	/System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers
0x94e87000 - 0x94eb4fff com.apple.LDAPFramework 1.4.1 (69.0.1)	/System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
0x94ebb000 - 0x94ecbfff libsasl2.2.dylib 	/usr/lib/libsasl2.2.dylib
0x94ecf000 - 0x94efefff libssl.0.9.7.dylib 	/usr/lib/libssl.0.9.7.dylib
0x94f0e000 - 0x94f2bfff libresolv.9.dylib 	/usr/lib/libresolv.9.dylib
0x95ac1000 - 0x95b4ffff com.apple.WebKit 418.8	/System/Library/Frameworks/WebKit.framework/Versions/A/WebKit
0x95bab000 - 0x95c41fff com.apple.JavaScriptCore 418.2	/System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/JavaScriptCore.framework/Versions/A/JavaScriptCore
0x95c7e000 - 0x95f8afff com.apple.WebCore 418.9	/System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebCore.framework/Versions/A/WebCore
0x96113000 - 0x9613cfff libxslt.1.dylib 	/usr/lib/libxslt.1.dylib
0x97044000 - 0x97051fff com.apple.JavaScriptGlue 418	/System/Library/PrivateFrameworks/JavaScriptGlue.framework/Versions/A/JavaScriptGlue
0x9b531000 - 0x9b567fff com.apple.Syndication 1.0.6 (54)	/System/Library/PrivateFrameworks/Syndication.framework/Versions/A/Syndication
0x9b584000 - 0x9b596fff com.apple.SyndicationUI 1.0.6 (54)	/System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI

Model: PowerMac7,3, BootROM 5.1.8f7, 2 processors, PowerPC G5  (3.0), 2.5 GHz, 512 MB
Graphics: ATI Radeon 9600 XT, ATY,RV360, AGP, 128 MB
Memory Module: DIMM0/J11, 256 MB, DDR SDRAM, PC3200U-30330
Memory Module: DIMM1/J12, 256 MB, DDR SDRAM, PC3200U-30330
Modem: Jump, , V.92, Version 1.0, 
Network Service: Built-in Ethernet, Ethernet, en0
Serial ATA Device: ST3160023AS, 149.05 GB
Parallel ATA Device: PIONEER DVD-RW  DVR-117D, 
USB Device: Hub in Apple Pro Keyboard, Mitsumi Electric, Up to 12 Mb/sec, 500 mA
USB Device: Apple Optical USB Mouse, Logitech, Up to 1.5 Mb/sec, 100 mA
USB Device: Apple Pro Keyboard, Mitsumi Electric, Up to 12 Mb/sec, 250 mA
USB Device: Hub, , Up to 12 Mb/sec, 500 mA
USB Device: Studio Display, , Up to 1.5 Mb/sec, 500 mA




</original text: end>

2006-05-27 17:15:11 Cloned from problemID rdar://problem/4562599 by: Geoff Garen.

2006-05-27 17:15:11 Geoff Garen:
<original text: begin>

2006-05-25 11:19:04 Alice Liu:
I have no been able to find any similar existing crashes

2006-05-25 11:30:35 Chris Petersen:
This appears to be a regression since I can't reproduce with 10.4.6 with these same steps and PAC file. This also isn't occurring with TOT either.

2006-05-25 14:59:51 Geoff Garen:
I was able to repro, but I'm blocked right now because macworld.com seems to be down. (!)

2006-05-25 15:40:08 Chris Petersen:
Macworld.com is up and running once again :)


2006-05-25 17:08:13 Geoff Garen:
Looks like we've got an object in the DOM node cache that didn't get an opportunity to mark its children during a previous collect. So, it's trying to mark children that have been destroyed already.

I suspect the object should have been removed from the cache when its child was destroyed, but was protected from removal because it was marked as "not thread-safe."

2006-05-25 17:38:51 Chris Petersen:
Another site I have seen this same crash is http://www.businessweek.com/technology/index.html. Clicking on each tab at the top of the page (Top News, BW Magazine, Investing, Asia, Europe, Technology, Autos, Innovation, Small Biz, B-Schools, Careers) has reproduced this crash. I will check against this site too when we have a fix.

2006-05-25 20:17:42 Geoff Garen:
I have a patch awaiting review.

2006-05-26 13:55:52 Geoff Garen:
The issue here was that we were relying on WebCore's ScriptInterpreter to mark certain objects, but, after the last window has been closed, there's no WebCore ScriptInterpreter around to do that collecting.

2006-05-26 19:17:40 Geoff Garen:
Patch had some problems. Re-working now.

2006-05-27 17:13:52 Geoff Garen:
Tim, 'patch-PAC.txt' is ready to land on the branch. Maciej reviewed it.

</original text: end>

Reason for clone:
Cloning to Leopard because we need to fix this in TOT, too.

2006-05-27 17:16:15 Geoff Garen:
On TOT, if we implement the rule that all DOM objects must be put in the cache, then we can eliminate the m_destructorIsThreadSafe bit on JS objects, and just mark the DOM object cache when on an alternate thread.

2006-05-30 11:34:36 Alice Liu:
Safari BRB Reviewed

2006-06-20 11:07:28 Alice Liu:
Safari WWDC BRB Reviewed

2006-12-24 18:45:13 Geoff Garen:
<rdar://problem/4900579> may just require us to make WebCore destructors thread-safe. If so, this bug will just go away.

<rdar://problem/4565394>
Comment 1 Mark Rowe (bdash) 2007-03-06 20:46:31 PST
Geoff landed a fix for this in r20004.