WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
12671
CrashTracer: [USER] 1 crashes in Safari at com.apple.WebCore: WebCore::Frame::scriptProxy + 28
https://bugs.webkit.org/show_bug.cgi?id=12671
Summary
CrashTracer: [USER] 1 crashes in Safari at com.apple.WebCore: WebCore::Frame:...
Maciej Stachowiak
Reported
2007-02-06 23:36:25 PST
2007-02-02 20:01:55 CrashTracer System: * SUMMARY Safari has crashed on 9A343. Crash log attached. This Radar was filed by the CrashTrace System on behalf of
slewis@apple.com
. More data for this crash and similar instances will eventually be available at:
http://crashtracer.apple.com/detail.php?crash_id=6290252&app=Safari&build=9A343
* ALERT Note: This issue *may* be a duplicate of this radar which has the same crashing stack frame but different offset,
rdar://4872556
. Please consider this when screening, but make no assumptions. * STEPS TO REPRODUCE Trying to reproduce 4693380 on Leopard 9A343. Got this crash instead. 100% reproducible * STEPS TO REPRODUCE 1. launch Safari and go to www.apple.com 2. After page loads, press command -R 3. As the page starts to reload, click the bookmark icon to switch to bookmark view THEN immediately click the bookmark icon again to exit bookmark view. 4. A crash occurs for me when attempting to leave bookmark view * BACKTRACE ('>' indicates stack frame used for CrashTracer aggregation) Thread 0 Crashed:
>#0 com.apple.WebCore 0x965ba90c WebCore::Frame::scriptProxy() + 28
#1 com.apple.WebCore 0x967488e8 KJS::JSHTMLElement::implementsCall() const + 168 #2 com.apple.JavaScriptCore 0x96c89280 typeStringForValue(KJS::JSValue*) + 336 #3 com.apple.JavaScriptCore 0x96c89ab8 KJS::TypeOfResolveNode::evaluate(KJS::ExecState*) + 200 #4 com.apple.JavaScriptCore 0x96c65f54 KJS::EqualNode::evaluate(KJS::ExecState*) + 52 #5 com.apple.JavaScriptCore 0x96c68d74 KJS::IfNode::execute(KJS::ExecState*) + 100 #6 com.apple.JavaScriptCore 0x96c65074 KJS::SourceElementsNode::execute(KJS::ExecState*) + 468 #7 com.apple.JavaScriptCore 0x96c64e14 KJS::BlockNode::execute(KJS::ExecState*) + 148 #8 com.apple.JavaScriptCore 0x96c69404 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 52 #9 com.apple.JavaScriptCore 0x96c8359c KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 444 #10 com.apple.JavaScriptCore 0x96c94c10 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 112 #11 com.apple.JavaScriptCore 0x96c8b734 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 596 #12 com.apple.JavaScriptCore 0x96c8a4cc KJS::AssignResolveNode::evaluate(KJS::ExecState*) + 236 #13 com.apple.JavaScriptCore 0x96c65ca4 KJS::ExprStatementNode::execute(KJS::ExecState*) + 100 #14 com.apple.JavaScriptCore 0x96c64f98 KJS::SourceElementsNode::execute(KJS::ExecState*) + 248 #15 com.apple.JavaScriptCore 0x96c64e14 KJS::BlockNode::execute(KJS::ExecState*) + 148 #16 com.apple.JavaScriptCore 0x96c69404 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 52 #17 com.apple.JavaScriptCore 0x96c8359c KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 444 #18 com.apple.JavaScriptCore 0x96c94c10 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 112 #19 com.apple.JavaScriptCore 0x96c8b1f4 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 644 #20 com.apple.JavaScriptCore 0x96c65ca4 KJS::ExprStatementNode::execute(KJS::ExecState*) + 100 #21 com.apple.JavaScriptCore 0x96c65074 KJS::SourceElementsNode::execute(KJS::ExecState*) + 468 #22 com.apple.JavaScriptCore 0x96c64e14 KJS::BlockNode::execute(KJS::ExecState*) + 148 #23 com.apple.JavaScriptCore 0x96c68e94 KJS::IfNode::execute(KJS::ExecState*) + 388 #24 com.apple.JavaScriptCore 0x96c64f98 KJS::SourceElementsNode::execute(KJS::ExecState*) + 248 #25 com.apple.JavaScriptCore 0x96c64e14 KJS::BlockNode::execute(KJS::ExecState*) + 148 #26 com.apple.JavaScriptCore 0x96c69404 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 52 #27 com.apple.JavaScriptCore 0x96c8359c KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 444 #28 com.apple.JavaScriptCore 0x96c94c10 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 112 #29 com.apple.JavaScriptCore 0x96c81450 KJS::FunctionProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 1600 #30 com.apple.JavaScriptCore 0x96c94c10 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 112 #31 com.apple.JavaScriptCore 0x96c8b1f4 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 644 #32 com.apple.JavaScriptCore 0x96c6a064 KJS::ReturnNode::execute(KJS::ExecState*) + 228 #33 com.apple.JavaScriptCore 0x96c64f98 KJS::SourceElementsNode::execute(KJS::ExecState*) + 248 #34 com.apple.JavaScriptCore 0x96c64e14 KJS::BlockNode::execute(KJS::ExecState*) + 148 #35 com.apple.JavaScriptCore 0x96c69404 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 52 #36 com.apple.JavaScriptCore 0x96c8359c KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 444 #37 com.apple.JavaScriptCore 0x96c94c10 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 112 #38 com.apple.WebCore 0x964e191c KJS::ScheduledAction::execute(KJS::Window*) + 220 #39 com.apple.WebCore 0x9675a278 KJS::Window::timerFired(KJS::DOMWindowTimer*) + 232 #40 com.apple.WebCore 0x9675a3bc KJS::DOMWindowTimer::fired() + 44 #41 com.apple.WebCore 0x966f6e90 WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*, 0ul> const&) + 176 #42 com.apple.WebCore 0x966f6f2c WebCore::TimerBase::sharedTimerFired() + 108 #43 com.apple.CoreFoundation 0x9094b58c CFRunLoopRunSpecific + 2724 #44 com.apple.HIToolbox 0x93466c5c RunCurrentEventLoopInMode + 288 #45 com.apple.HIToolbox 0x9346632c ReceiveNextEventCommon + 412 #46 com.apple.HIToolbox 0x93466168 BlockUntilNextEventMatchingListInMode + 84 #47 com.apple.AppKit 0x94586278 _DPSNextEvent + 580 #48 com.apple.AppKit 0x94585cd0 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 108 #49 com.apple.Safari 0x000068a0 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 192 #50 com.apple.AppKit 0x9458007c -[NSApplication run] + 736 #51 com.apple.AppKit 0x94574a54 NSApplicationMain + 548 #52 com.apple.Safari 0x00002650 _start + 348 #53 com.apple.Safari 0x0005026c start + 44 * REGRESSION So far this crash has been reported 1 time in OS build 9A343, Safari version 521.32.1. * ABOUT CRASHTRACER More information:
http://howto.apple.com/db.cgi?CrashTracer
Questions, Comments, Concerns? email:
crashtracer-help@group.apple.com
2007-02-03 05:35:35 John Sullivan: This is crashing in JavaScript code, so it can't be a Safari Front End bug. 2007-02-05 13:16:07 Stephanie Lewis: By virtue of being Safari Blocker Reviewed, these have been Safari BRB Reviewed <
rdar://problem/4974258
>
Attachments
Add attachment
proposed patch, testcase, etc.
mitz
Comment 1
2007-02-24 22:54:44 PST
Based on the steps to reproduce, I think this is related to
bug 11547
and
bug 12661
. A non-HTML document view (in this case, the bookmarks view, but I have also been able to reproduce with PDFs) replacing an HTML document that's going into the page cache doesn't stop processing of that document (see
bug 12661 comment #2
).
Maciej Stachowiak
Comment 2
2007-03-13 01:21:34 PDT
Resolved in Radar.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug