12670 – REGRESSION: Many 3rd Party Apps crash in WebCore::DocumentLoader::frameLoader()

Bug 12670 - REGRESSION: Many 3rd Party Apps crash in WebCore::DocumentLoader::frameLoader()

Summary: REGRESSION: Many 3rd Party Apps crash in WebCore::DocumentLoader::frameLoader()

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Page Loading (show other bugs)
Version:	420+
Hardware:	Mac OS X 10.4

Importance:	P1 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2007-02-06 23:35 PST by Maciej Stachowiak
Modified:	2007-02-19 13:51 PST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Maciej Stachowiak 2007-02-06 23:35:55 PST

2006-12-06 13:00:21 CrashTracer System:
PLEASE NOTE: This crash was automatically generated based on user crash reports. Go here to learn how to deal with it: http://howto.apple.com/db.cgi?CrashTracer

* APPLICATION: Safari
* CRASH: com.apple.WebCore:  WebCore::DocumentLoader::frameLoader const + 6
* MORE INFORMATION: http://crashtracer.apple.com/detail.php?crash_id=5906767&app=Safari&build=9A300 (may not immediately have data)

This crash was escalated to Radar by the CrashTracer System because an internal user (mweiher@apple.com) explicitly requested it. The user provided the following comments:

Browsing new.bbc.co.uk, closing a tab while other background tabs were loading

Possible third-party binary images occurring in over 75% in processes that crashed here:
    100.00% (2 of 2)  com.yourcompany.yourcocoaframework   
                   1 occurrences of version ??? (1.0)	/Volumes/Data/jul/Library/Frameworks/iMatorKit.framework/iMatorKit
                   1 occurrences of version ??? (1.0)	/Volumes/Data/jul/Library/Frameworks/iMatorUI.framework/iMatorUI


Summary of a selection of backtraces attributed to this bug. The stack frame considered to be the unique "crash point" is highlighted ==> like this <==. This frame is used for aggregation when filing these bugs and does not necessarily imply fault.

   ==> 2  com.apple.WebCore:  WebCore::DocumentLoader::frameLoader const + 6 <==
            1  com.apple.WebKit:  WebFrameLoaderClient::dispatchDidFinishLoading + 28
            +-1  com.apple.WebCore:  WebCore::FrameLoader::didFinishLoad + 79
            +---1  com.apple.WebCore:  WebCore::ResourceLoader::didFinishLoadingOnePart + 52
            +-----1  com.apple.WebCore:  WebCore::ResourceLoader::didFinishLoading + 30
            +-------1  com.apple.WebCore:  WebCore::SubresourceLoader::didFinishLoading + 149
            +---------1  com.apple.WebCore:  -[WebCoreResourceLoaderAsDelegate connectionDidFinishLoading:] + 37
            +-----------1  com.apple.Foundation:  -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 176
            +-------------1  com.apple.Foundation:  -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 748
            +---------------1  com.apple.Foundation:  _sendCallbacks + 201
            +-----------------1  com.apple.CoreFoundation:  CFRunLoopRunSpecific + 1213
            +-------------------1  com.apple.CoreFoundation:  CFRunLoopRunInMode + 61
            +---------------------1  com.apple.HIToolbox:  RunCurrentEventLoopInMode + 285
            +-----------------------1  com.apple.HIToolbox:  ReceiveNextEventCommon + 385
            +-------------------------1  com.apple.HIToolbox:  BlockUntilNextEventMatchingListInMode + 81
            +---------------------------1  com.apple.AppKit:  _DPSNextEvent + 572
            +-----------------------------1  com.apple.AppKit:  -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 137
            +-------------------------------1  com.apple.Safari:  0x6f96
            +---------------------------------1  com.apple.AppKit:  -[NSApplication run] + 512
            +-----------------------------------1  com.apple.AppKit:  NSApplicationMain + 573
            +-------------------------------------1  com.apple.Safari:  0x5f7de
            +---------------------------------------1  com.apple.Safari:  0x5f6f9
            +-----------------------------------------1  Main thread
            pruning:  1  com.apple.WebKit:  WebFrameLoaderClient::dispatchDidFinishLoading + 29


Overall this crash was reported 2 times in OS builds 8L2127 to 9A300, Safari versions 521.30 to 17930. Of these crashes, 1 was in the latest OS build, 9A300, and 1 was in the latest Safari version, 17930.

2006-12-08 19:33:24 Stephanie Lewis:
Couldn't reproduce

2006-12-13 12:53:35 Brady Eidson:
This code path can't exist any longer - this was likely a null deref introduced in loader refactoring.  9A300 is eons behind in WebKit loader-land.

Closing

2007-01-05 09:56:57 Reese Schreiber:
The following application: http://mekentosj.com/papers/ crashes on launch under 9A334 and CrashReporter links me to this bug (it happens ever time):

Process:         Papers [1444]
Path:            /Volumes/Papers Public Preview/Papers.app/Contents/MacOS/Papers
Version:         1.0b1 (1.0b1)
Code Type:       X86 (Native)
Parent Process:  launchd [156]

Date/Time:       2007-01-05 09:56:35.093 -0800
OS Version:      Mac OS X 10.5 (9A334)
Report Version:  6

Exception Type:  EXC_RPC_ALERT
Exception Codes: 0xff000001, 0x000005a4
Crashed Thread:  0

Thread 0 Crashed:
0   com.apple.WebCore             	0x948edc36 WebCore::DocumentLoader::frameLoader() const + 6
1   com.apple.WebKit              	0x9d900080 WebFrameLoaderClient::dispatchWillSendRequest(WebCore::DocumentLoader*, objc_object*, NSURLRequest*, NSURLResponse*) + 32
2   com.apple.WebCore             	0x948f29a5 WebCore::FrameLoader::willSendRequest(WebCore::ResourceLoader*, NSMutableURLRequest*, NSURLResponse*) + 85
3   com.apple.WebCore             	0x948f8365 WebCore::ResourceLoader::willSendRequest(NSURLRequest*, NSURLResponse*) + 165
4   com.apple.WebCore             	0x948f96eb WebCore::MainResourceLoader::willSendRequest(NSURLRequest*, NSURLResponse*) + 155
5   com.apple.WebCore             	0x948f7415 -[WebCoreResourceLoaderAsDelegate connection:willSendRequest:redirectResponse:] + 53
6   com.apple.Foundation          	0x9133c0b2 -[NSURLConnection(NSURLConnectionInternal_ClientThread) _sendWillSendRequestCallback:] + 978
7   com.apple.Foundation          	0x9133b9bf -[NSURLConnection(NSURLConnectionInternal_ClientThread) _sendCallbacks] + 655
8   com.apple.Foundation          	0x9121b729 _sendCallbacks + 297
9   com.apple.CoreFoundation      	0x9efa3c0d CFRunLoopRunSpecific + 3229
10  com.apple.CoreFoundation      	0x9efa2f5d CFRunLoopRunInMode + 61
11  com.apple.HIToolbox           	0x917f1c87 RunCurrentEventLoopInMode + 305
12  com.apple.HIToolbox           	0x917f1320 ReceiveNextEventCommon + 175
13  com.apple.HIToolbox           	0x917f1253 BlockUntilNextEventMatchingListInMode + 106
14  com.apple.AppKit              	0x91dbbe23 _DPSNextEvent + 657
15  com.apple.AppKit              	0x91dbb776 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
16  com.apple.AppKit              	0x91db5178 -[NSApplication run] + 795
17  com.apple.AppKit              	0x91da8d30 NSApplicationMain + 663
18  com.mekentosj.papers          	0x00002402 _start + 216
19  com.mekentosj.papers          	0x00002329 start + 41
20  ???                           	0x00000001 0 + 1

Thread 1:
0   libSystem.B.dylib             	0x900057a7 mach_msg_trap + 7
1   com.apple.CoreFoundation      	0x9efa34fe CFRunLoopRunSpecific + 1422
2   com.apple.CoreFoundation      	0x9efa2f5d CFRunLoopRunInMode + 61
3   com.apple.Foundation          	0x9133d850 +[NSURLConnection(NSURLConnectionInternal_LoaderThread) _resourceLoadLoop:] + 272
4   com.apple.Foundation          	0x9133397d -[NSThread main] + 45
5   com.apple.Foundation          	0x91333634 __main__ + 308
6   libSystem.B.dylib             	0x900170e7 _pthread_body + 27

Thread 2:
0   libSystem.B.dylib             	0x90029c7f syscall_thread_switch + 7
1   com.apple.AppKit              	0x91e8a869 -[NSUIHeartBeat _heartBeatThread:] + 1552
2   com.apple.Foundation          	0x9133397d -[NSThread main] + 45
3   com.apple.Foundation          	0x91333634 __main__ + 308
4   libSystem.B.dylib             	0x900170e7 _pthread_body + 27

Thread 0 crashed with X86 Thread State (32-bit):
  eax: 0x00000000  ebx: 0x9d90006b  ecx: 0x006089b0  edx: 0x00418ef0
  edi: 0x00418ef0  esi: 0x0060dd00  ebp: 0xbfffeb98  esp: 0xbfffeb98
   ss: 0x0000001f  efl: 0x00010286  eip: 0x948edc36   cs: 0x00000017
   ds: 0x0000001f   es: 0x0000001f   fs: 0x00000000   gs: 0x00000037

Binary Images:
    0x1000 -    0xebfe5 +com.mekentosj.papers ??? (1.0b1) /Volumes/Papers Public Preview/Papers.app/Contents/MacOS/Papers
  0x742000 -   0x7c7fef  com.apple.RawCamera.bundle 2.0 (2.0) /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera
0x8fe00000 - 0x8fe4d521  dyld 0.0 (???) /usr/lib/dyld
0x90000000 - 0x9013cfec  libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib
0x901a0000 - 0x901a2fe3  libmathCommon.A.dylib ??? (???) /usr/lib/system/libmathCommon.A.dylib
0x901f7000 - 0x90246fea  com.apple.CoreText 2.0.0 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText
0x90395000 - 0x904d3fc3  libicucore.A.dylib ??? (???) /usr/lib/libicucore.A.dylib
0x90516000 - 0x9059cff9  libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib
0x905c7000 - 0x905e7ff1  libauto.dylib ??? (???) /usr/lib/libauto.dylib
0x905f0000 - 0x905f7fed  libgcc_s.1.dylib ??? (???) /usr/lib/libgcc_s.1.dylib
0x905fa000 - 0x90660fdb  libstdc++.6.dylib ??? (???) /usr/lib/libstdc++.6.dylib
0x90862000 - 0x90862fff  com.apple.ApplicationServices 30 (30) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
0x90919000 - 0x909b7003  com.apple.DesktopServices 1.4 (1.4) /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv
0x90a74000 - 0x90a7cfff  com.apple.DiskArbitration 2.2 (2.2) /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
0x90a83000 - 0x90a8afff  libbsm.dylib ??? (???) /usr/lib/libbsm.dylib
0x90a8e000 - 0x90a9cffd  libz.1.dylib ??? (???) /usr/lib/libz.1.dylib
0x90a9f000 - 0x90c78fc3  com.apple.security 5.0 (29968) /System/Library/Frameworks/Security.framework/Versions/A/Security
0x90d92000 - 0x90d92fff  com.apple.CoreServices 26 (26) /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
0x90d94000 - 0x90df8fd7  com.apple.CFNetwork 166 (166) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
0x90e1e000 - 0x90e5a047  com.apple.Metadata 10.5.0 (310) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata
0x90eac000 - 0x90eacff3  com.apple.Carbon 135 (135) /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
0x90eba000 - 0x90ec6fe7  com.apple.opengl 1.5.0 (1.5.0) /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
0x90f5b000 - 0x90f5bffb  com.apple.Cocoa 6.5 (???) /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa
0x90f5f000 - 0x90fe5ff5  com.apple.SearchKit 1.2.0 (1.2.0) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit
0x91040000 - 0x9104ffff  com.apple.LangAnalysis 1.6.4 (1.6.4) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis
0x91061000 - 0x9106dfef  com.apple.speech.synthesis.framework 3.6.18 (3.6.18) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis
0x910ef000 - 0x91122fff  com.apple.SystemConfiguration 1.9.0 (1.9.0) /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
0x91137000 - 0x91197fff  libsqlite3.0.dylib ??? (???) /usr/lib/libsqlite3.0.dylib
0x911a3000 - 0x91432fff  com.apple.Foundation 6.5 (624.2) /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x91550000 - 0x91632fd7  libxml2.2.dylib ??? (???) /usr/lib/libxml2.2.dylib
0x9164f000 - 0x9173cfc4  libiconv.2.dylib ??? (???) /usr/lib/libiconv.2.dylib
0x9174c000 - 0x9176aff2  libGL.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
0x91775000 - 0x917d1fc7  libGLU.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
0x917e8000 - 0x91ae6fe6  com.apple.HIToolbox 1.5.0 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox
0x91c5f000 - 0x91cb6fd7  com.apple.HIServices 1.6.0 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices
0x91da4000 - 0x92514fe7  com.apple.AppKit 6.5 (888.2) /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
0x92c61000 - 0x92cbdff3  libvMisc.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib
0x92cc6000 - 0x93084fe7  libLAPACK.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib
0x933c3000 - 0x933e7fff  libxslt.1.dylib ??? (???) /usr/lib/libxslt.1.dylib
0x933ee000 - 0x933fefff  com.apple.DSObjCWrappers.Framework 1.2 (1.2) /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers
0x93406000 - 0x93410fff  com.apple.audio.SoundManager 3.9.2 (3.9.2) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound
0x93423000 - 0x93423ffd  com.apple.Accelerate 1.4 (Accelerate 1.4) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
0x93425000 - 0x934d3fe2  com.apple.vImage 3.0 (3.0) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage
0x934dd000 - 0x934ddffd  com.apple.Accelerate.vecLib 3.4 (vecLib 3.4) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib
0x934df000 - 0x93506fff  libvDSP.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib
0x93618000 - 0x936abfdf  com.apple.ink.framework 101.3 (80) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink
0x939dd000 - 0x93a62ff2  com.apple.JavaScriptCore 521.32 (521.32) /System/Library/Frameworks/JavaScriptCore.framework/Versions/A/JavaScriptCore
0x93cd2000 - 0x93cd6fff  libGIF.dylib ??? (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib
0x93cd8000 - 0x93cf5fd7  libJPEG.dylib ??? (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib
0x93dc1000 - 0x93ddbff3  libPng.dylib ??? (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
0x93de0000 - 0x93de2ffb  libRadiance.dylib ??? (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib
0x93de4000 - 0x93e21fef  libTIFF.dylib ??? (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib
0x93e27000 - 0x93e6fff3  libGLImage.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib
0x93e73000 - 0x942b0f7d  libGLProgrammability.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib
0x94585000 - 0x94a3ffff  com.apple.WebCore 521.32.1 (521.32.1) /System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebCore.framework/Versions/A/WebCore
0x954d6000 - 0x95536fef  com.apple.PDFKit 1.1 (1.1) /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/PDFKit.framework/Versions/A/PDFKit
0x95721000 - 0x957e0fe3  com.apple.CoreData 100 (145) /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
0x95a2b000 - 0x95afbfdf  com.apple.ColorSync 4.5.0 (4.5.0) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync
0x95bdb000 - 0x95bdffef  com.apple.IMUtils 4.0 (533) /System/Library/Frameworks/InstantMessage.framework/Frameworks/IMUtils.framework/Versions/A/IMUtils
0x95db5000 - 0x95e3ffe7  com.apple.ApplicationServices.ATS 3.0 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS
0x96801000 - 0x9693afef  com.apple.ImageIO.framework 2.0.0 (2.0.0) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO
0x97089000 - 0x97090ff7  com.apple.agl 2.6.1 (AGL-2.6.1) /System/Library/Frameworks/AGL.framework/Versions/A/AGL
0x9710d000 - 0x97411fef  com.apple.QuartzCore 1.5.0 (1.5.0) /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
0x976b0000 - 0x976b1079  com.apple.MonitorPanelFramework 1.2.0 (1.2.0) /System/Library/PrivateFrameworks/MonitorPanel.framework/Versions/A/MonitorPanel
0x98051000 - 0x981adfcf  com.apple.QuartzComposer 2.0 (53.1) /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzComposer.framework/Versions/A/QuartzComposer
0x983a0000 - 0x983a0ff3  com.apple.quartzframework 1.5 (1.5) /System/Library/Frameworks/Quartz.framework/Versions/A/Quartz
0x996da000 - 0x996f3fff  com.apple.IMFramework 4.0 (533) /System/Library/Frameworks/InstantMessage.framework/Versions/A/InstantMessage
0x9b391000 - 0x9b3f5fe7  com.apple.htmlrendering 66.1 (1.1.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering
0x9b9be000 - 0x9b9d9fdf  com.apple.coreui 0.1 (30) /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI
0x9b9ed000 - 0x9ba1effb  com.apple.quartzfilters 1.5.0 (1.5.0) /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzFilters.framework/Versions/A/QuartzFilters
0x9bbb6000 - 0x9bbc7ff7  com.apple.CoreVideo 1.4 (1.4) /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo
0x9c041000 - 0x9c12dff9  com.apple.imageKit 1.0 (1.0) /System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/ImageKit.framework/Versions/A/ImageKit
0x9c1e3000 - 0x9c1f0073  com.apple.backup.framework 1.0 (1.0) /System/Library/PrivateFrameworks/Backup.framework/Versions/A/Backup
0x9c241000 - 0x9c2b3fef  com.apple.QTKit 7.2 (7.2) /System/Library/Frameworks/QTKit.framework/Versions/A/QTKit
0x9c681000 - 0x9c6a7fff  com.apple.shortcut 1 (1.0) /System/Library/PrivateFrameworks/Shortcut.framework/Versions/A/Shortcut
0x9c909000 - 0x9c94efef  com.apple.TundraServices 1.0 (1.0) /System/Library/PrivateFrameworks/TundraServices.framework/Versions/A/TundraServices
0x9d068000 - 0x9d070ff9  com.apple.helpdata 1.0 (6) /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/HelpData
0x9d1d8000 - 0x9d217fff  com.apple.QuickLookFramework 1.0 (50.0) /System/Library/Frameworks/QuickLook.framework/Versions/A/QuickLook
0x9d880000 - 0x9d923fd0  com.apple.WebKit 521.32 (521.32) /System/Library/Frameworks/WebKit.framework/Versions/A/WebKit
0x9dd25000 - 0x9dd27fff  com.apple.securityhi 3.0 (30221) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI
0x9dee1000 - 0x9defdfeb  com.apple.openscripting 1.2.6 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting
0x9df1e000 - 0x9df20fff  com.apple.DisplayServicesFW 1.8.4 (1.8.4) /System/Library/PrivateFrameworks/DisplayServices.framework/Versions/A/DisplayServices
0x9e0cf000 - 0x9e10afe7  libRIP.A.dylib ??? (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib
0x9e112000 - 0x9e118fef  libCGATS.A.dylib ??? (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib
0x9e11d000 - 0x9e129fcb  libCSync.A.dylib ??? (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib
0x9e12f000 - 0x9e14dfff  libresolv.9.dylib ??? (???) /usr/lib/libresolv.9.dylib
0x9e154000 - 0x9e179feb  libssl.0.9.7.dylib ??? (???) /usr/lib/libssl.0.9.7.dylib
0x9e185000 - 0x9e194fff  libsasl2.2.dylib ??? (???) /usr/lib/libsasl2.2.dylib
0x9e198000 - 0x9e1c4fdf  com.apple.LDAPFramework 1.4.3 (78) /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
0x9e1ca000 - 0x9e1e7fcf  com.apple.DirectoryService.Framework 3.5 (3.5) /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService
0x9e1f1000 - 0x9e364fc3  com.apple.AddressBook.framework 4.1 (647.1) /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook
0x9e3fe000 - 0x9e420fef  com.apple.FigCore 1.0 (1.0) /System/Library/PrivateFrameworks/FigCore.framework/Versions/A/FigCore
0x9e42c000 - 0x9e6edfc3  com.apple.QuickTime 7.2.0 (7.2.0) /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime
0x9e76a000 - 0x9e770fff  com.apple.print.framework.Print 5.5 (207) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print
0x9e776000 - 0x9e7b8fcf  com.apple.NavigationServices 3.5 (147) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices
0x9e7e5000 - 0x9e7fdfff  com.apple.ImageCapture 4.0 (5.0.0) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture
0x9e812000 - 0x9e815fff  com.apple.help 1.1 (34) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help
0x9e818000 - 0x9e81cff7  com.apple.CommonPanels 1.2.4 (81) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels
0x9e820000 - 0x9e894fd7  com.apple.audio.CoreAudio 3.1.0 (3.1) /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
0x9e8e0000 - 0x9e904fdf  libcups.2.dylib ??? (???) /usr/lib/libcups.2.dylib
0x9e90b000 - 0x9ed64ff7  libBLAS.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
0x9edb1000 - 0x9ee66fef  libcrypto.0.9.7.dylib ??? (???) /usr/lib/libcrypto.0.9.7.dylib
0x9eeac000 - 0x9ef0eff6  com.apple.LaunchServices 237 (237) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices
0x9ef3f000 - 0x9ef6afff  com.apple.AE 376 (376) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE
0x9ef7e000 - 0x9f083fff  com.apple.CoreFoundation 6.5 (424) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x9f16f000 - 0x9f215ff3  com.apple.CoreServices.OSServices 154 (154) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices
0x9f263000 - 0x9f525feb  com.apple.CoreServices.CarbonCore 736 (736) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore
0x9f572000 - 0x9f619fdc  com.apple.QD 3.11.32 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD
0x9f63d000 - 0x9f6b5fe8  com.apple.print.framework.PrintCore 5.5 (207) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore
0x9f6ed000 - 0x9fd6ffc3  com.apple.CoreGraphics 1.300.0 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
0x9fe04000 - 0x9fe0dff9  com.apple.speech.recognition.framework 3.7.8 (3.7.8) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition
0x9fe14000 - 0x9fe96fff  com.apple.framework.IOKit 1.5.0 (???) /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x9feb0000 - 0x9feb0ffc  com.apple.audio.units.AudioUnit 1.5 (1.5) /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
0x9feb2000 - 0x9ffa7fe2  com.apple.audio.toolbox.AudioToolbox 1.5 (1.5) /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
0xfffe8000 - 0xfffebfff  libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib
0xffff0000 - 0xffff1780  libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib

2007-01-09 13:28:02 Frederik Seiffert:
<rdar://problem/4915671> might be a duplicate. Should I try in anything newer than 9A321?

2007-01-10 17:29:58 Stephanie Lewis:
The application mentioned above is reproducible in Leopard 9A334, moving back into Leopard.

2007-01-15 13:57:30 Alice Liu:
Safari blocker reviewed

2007-01-16 18:19:49 Frederik Seiffert:
Same thing with Papers (available at <http://mekentosj.com/papers/papers.dmg>): crashes on load.

2007-01-29 22:02:39 Stephanie Lewis:
also iSale 4962983, this bug is blocking work

2007-02-01 00:07:25 Brady Eidson:
I cannot reproduce with Papers
iSale is protected against GDB with ptrace, which is just lameness.  ugh

2007-02-01 00:11:34 Brady Eidson:
Found the way around the ptrace crap - 
break ptrace if *(int *)($esp + 4) == 31
Lets you return early and actually launch!

That said, I do indeed see a crash on launch with iSale!

Top of the BT is -
#1  0x00491e75 in WebFrameLoaderClient::dispatchDidFinishLoading (this=0x11f576a0, loader=0x0, identifier=1) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:348
#2  0x01535efb in WebCore::FrameLoader::didFinishLoad (this=0x2b40200, loader=0x2b49200) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/FrameLoader.cpp:4124
#3  0x01548a31 in WebCore::ResourceLoader::didFinishLoadingOnePart (this=0x2b49200) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/ResourceLoader.cpp:238
#4  0x01548aa0 in WebCore::ResourceLoader::didFinishLoading (this=0x2b49200) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/ResourceLoader.cpp:225
#5  0x01547434 in WebCore::MainResourceLoader::didFinishLoading (this=0x2b49200) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/MainResourceLoader.cpp:302
#6  0x01548ba6 in WebCore::ResourceLoader::didFinishLoading (this=0x2b49200) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/ResourceLoader.cpp:323
#7  0x01527ac5 in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] (self=0x11f60a40, _cmd=0x90a9d160, con=0x11f60e70) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/platform/network/mac/ResourceHandleMac.mm:367
#8  0x9265be00 in -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] ()
#9  0x92659ea5 in -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] ()

2007-02-01 00:12:17 Brady Eidson:
ACCK - left off frame 0

#0  0x0045cecd in WebViewGetResourceLoadDelegate (webView=0x0) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebKit/WebView/WebView.mm:900
#1  0x00491e75 in WebFrameLoaderClient::dispatchDidFinishLoading (this=0x11f576a0, loader=0x0, identifier=1) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:348
#2  0x01535efb in WebCore::FrameLoader::didFinishLoad (this=0x2b40200, loader=0x2b49200) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/FrameLoader.cpp:4124
#3  0x01548a31 in WebCore::ResourceLoader::didFinishLoadingOnePart (this=0x2b49200) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/ResourceLoader.cpp:238
#4  0x01548aa0 in WebCore::ResourceLoader::didFinishLoading (this=0x2b49200) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/ResourceLoader.cpp:225
#5  0x01547434 in WebCore::MainResourceLoader::didFinishLoading (this=0x2b49200) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/MainResourceLoader.cpp:302
#6  0x01548ba6 in WebCore::ResourceLoader::didFinishLoading (this=0x2b49200) at /Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/ResourceLoader.cpp:323

2007-02-01 00:17:38 Brady Eidson:
Found another app seeing this.  WOW...  Since it's easier than either Papers (not reproducible) and iSale (requires ptrace mangling), I'll be working with CSSEdit from here on out

2007-02-01 00:41:45 Brady Eidson:
If I plug a short chain of potential null derefs exposed in this case, I stop this crash.  But behavior is incorrect.  For example in the CSSEdit case, while importing a page, it will no longer crash but the progress bar will freeze halfway as if its not getting any delegate callbacks (which it isn't)
In the iSale case, I can successfully launch but just about any action I take after the launch causes another crash with some bizarre data loading anomalies (calling didReceiveData with valid data, but data length 0)

So, I don't think plugging the potential null derefs is the right thing to do.  The real problem here is that WebFrameLoaderClient::dispatchDidFinishLoading gets called with a null loader (which leads to the null derefs later while trying to find the webkit objects mapped to that loader)

Will explore more tomorrow

<rdar://problem/4868242>

Comment 1 Anders Carlsson 2007-02-19 13:51:13 PST

Committed revision 19709.