Clicking on the link in the following HTML snippet results in a crash: <p>This is a piece of text. This <a href='#' onclick='javascript:window.open("http://google.com/");'>link</a> will open a popup window.</p> Crash log is as follows: Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x000000f1 Thread 0 Crashed: 0 com.apple.WebCore 0x0140a563 WebCore::ResourceRequest::updateResourceRequest() const + 9 (ResourceRequest.cpp:194) 1 com.apple.WebCore 0x0140a759 WebCore::ResourceRequest::url() const + 17 (ResourceRequest.cpp:49) 2 com.apple.WebCore 0x013b984a WebCore::FrameLoader::originalRequestURL() const + 40 (FrameLoader.cpp:4265) 3 com.apple.WebCore 0x013bb855 WebCore::FrameLoader::commitIconURLToIconDatabase(WebCore::KURL const&) + 291 (FrameLoader.cpp:981) 4 com.apple.WebCore 0x013bc62a WebCore::FrameLoader::startIconLoader() + 280 (FrameLoader.cpp:967) 5 com.apple.WebCore 0x013c8026 WebCore::FrameLoader::endIfNotLoading() + 144 (FrameLoader.cpp:944) 6 com.apple.WebCore 0x013c804f WebCore::FrameLoader::end() + 27 (FrameLoader.cpp:921) 7 com.apple.WebCore 0x01278d2f KJS::WindowFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 4457 (kjs_window.cpp:1662) 8 com.apple.JavaScriptCore 0x02117a30 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 9 com.apple.JavaScriptCore 0x0210d8b7 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 843 (nodes.cpp:780) 10 com.apple.JavaScriptCore 0x0210aad4 KJS::ExprStatementNode::execute(KJS::ExecState*) + 148 (nodes.cpp:1680) 11 com.apple.JavaScriptCore 0x02107a24 KJS::LabelNode::execute(KJS::ExecState*) + 160 (nodes.cpp:2267) 12 com.apple.JavaScriptCore 0x021086cc KJS::SourceElementsNode::execute(KJS::ExecState*) + 256 (nodes.cpp:2457) 13 com.apple.JavaScriptCore 0x02107004 KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1656) 14 com.apple.JavaScriptCore 0x020f941e KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 50 (function.cpp:362) 15 com.apple.JavaScriptCore 0x020fb701 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 573 (function.cpp:111) 16 com.apple.JavaScriptCore 0x02117a30 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 17 com.apple.WebCore 0x012625a2 KJS::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 574 (kjs_events.cpp:123) 18 com.apple.WebCore 0x0122d7de WebCore::EventTargetNode::handleLocalEvents(WebCore::Event*, bool) + 352 (EventTargetNode.cpp:166) 19 com.apple.WebCore 0x0122dfe4 WebCore::EventTargetNode::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 1172 (EventTargetNode.cpp:220) 20 com.apple.WebCore 0x0122fc67 WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool, WebCore::EventTarget*) + 329 (EventTargetNode.cpp:304) 21 com.apple.WebCore 0x0122fce3 WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 75 (EventTargetNode.cpp:288) 22 com.apple.WebCore 0x0122ea77 WebCore::EventTargetNode::dispatchMouseEvent(WebCore::AtomicString const&, int, int, int, int, int, int, bool, bool, bool, bool, bool, WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) + 691 (EventTargetNode.cpp:466) 23 com.apple.WebCore 0x0122f1a9 WebCore::EventTargetNode::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WebCore::AtomicString const&, int, WebCore::Node*) + 533 (EventTargetNode.cpp:393) 24 com.apple.WebCore 0x013f0502 WebCore::EventHandler::dispatchMouseEvent(WebCore::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 572 (EventHandler.cpp:1094) 25 com.apple.WebCore 0x013f0b07 WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&) + 625 (EventHandler.cpp:947) 26 com.apple.WebCore 0x013eb767 WebCore::EventHandler::mouseUp(NSEvent*) + 427 (EventHandlerMac.mm:653) 27 com.apple.WebKit 0x0043cfe5 -[WebHTMLView mouseUp:] + 273 (WebHTMLView.mm:3014) 28 com.apple.AppKit 0x9334c42b -[NSWindow sendEvent:] + 5403 29 com.apple.Safari 0x000c38ad -[Window sendEvent:] + 403 (Window.m:85) 30 com.apple.AppKit 0x9333e350 -[NSApplication sendEvent:] + 5023 31 com.apple.Safari 0x000266c2 -[BrowserApplication sendEvent:] + 515 32 com.apple.AppKit 0x93268dfe -[NSApplication run] + 547 33 com.apple.AppKit 0x9325cd2f NSApplicationMain + 573 34 com.apple.Safari 0x000bdece main + 113 (main.m:27) 35 com.apple.Safari 0x00002bc6 _start + 216 36 com.apple.Safari 0x00002aed start + 41
Created attachment 13145 [details] Test case Test case as attachment for clickability.
I have a sneaking suspicion that r19583 is to blame for this.
Rolling out r19583 locally makes the crash go away.
<rdar://problem/4993466>
*** Bug 12757 has been marked as a duplicate of this bug. ***
*** Bug 12762 has been marked as a duplicate of this bug. ***
(In reply to comment #3) > Rolling out r19583 locally makes the crash go away. > Rolled out in <http://trac.webkit.org/projects/webkit/changeset/19602>.