12791 – REGRESSION: WebKit crashes on RSS feed after another one is already open

Bug 12791 - REGRESSION: WebKit crashes on RSS feed after another one is already open

Summary: REGRESSION: WebKit crashes on RSS feed after another one is already open

Status:	RESOLVED DUPLICATE of bug 12768

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Page Loading (show other bugs)
Version:	420+
Hardware:	Mac OS X 10.4

Importance:	P1 Major
Assignee:	Nobody

URL:
Keywords:	Regression

Depends on:
Blocks:

Reported:	2007-02-16 10:55 PST by Gustaaf Groenendaal (MysteryQuest)
Modified:	2007-02-16 11:45 PST (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Gustaaf Groenendaal (MysteryQuest) 2007-02-16 10:55:01 PST

When a (bookmarked) RSS feed is open in WebKit's FeedView and a new feed is opened over the other feed, WebKit will crash. When opening a completly other page over the RSS feed and then again a new feed over this page, WebKit won't crash, but will do again when opening an another feed.

This crash occured for the first time in the r19614 nightly. Taking a look at the revisions, then r19595, r19597, r19602 and r19614 are candidates to be the cause of this crash.

Comment 1 David Kilzer (:ddkilzer) 2007-02-16 11:33:18 PST

Confirmed with a local debug build of WebKit r19660 with Safari 2.0.4 (419.3) on Mac OS X 10.4.8 (8N1037).

Steps to reproduce:

1. Open Safari/WebKit.
2. Choose a bookmarked feed and wait for it to load.
3. Choose a different bookmarked feed.

Stack trace (looks like it may be related to Bug 12768):

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x000000ac

Thread 0 Crashed:
0   com.apple.WebCore        	0x014ec125 WebCore::RenderView::frameView() const + 9
1   com.apple.WebCore        	0x0117fa18 WebCore::RenderLayer::scrollToOffset(int, int, bool, bool) + 528 (RenderLayer.cpp:722)
2   com.apple.WebCore        	0x011a86fe WebCore::RenderTextControl::forwardEvent(WebCore::Event*) + 222 (RenderTextControl.cpp:749)
3   com.apple.WebCore        	0x010ce49f WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event*) + 3073 (HTMLInputElement.cpp:1298)
4   com.apple.WebCore        	0x0122eb44 WebCore::EventTargetNode::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 2164 (EventTargetNode.cpp:268)
5   com.apple.WebCore        	0x012303e7 WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool, WebCore::EventTarget*) + 329 (EventTargetNode.cpp:304)
6   com.apple.WebCore        	0x01230463 WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 75 (EventTargetNode.cpp:288)
7   com.apple.WebCore        	0x0122ecff WebCore::EventTargetNode::dispatchHTMLEvent(WebCore::AtomicString const&, bool, bool) + 197 (EventTargetNode.cpp:527)
8   com.apple.WebCore        	0x0122ed4b WebCore::EventTargetNode::dispatchBlurEvent() + 51 (EventTargetNode.cpp:521)
9   com.apple.WebCore        	0x010cab3d WebCore::HTMLInputElement::dispatchBlurEvent() + 177 (HTMLInputElement.cpp:243)
10  com.apple.WebCore        	0x010f09fa WebCore::Document::setFocusedNode(WTF::PassRefPtr<WebCore::Node>) + 764 (Document.cpp:2127)
11  com.apple.WebCore        	0x010f0e3d WebCore::Document::focusedNodeRemoved(WebCore::Node*) + 43 (Document.cpp:2052)
12  com.apple.WebCore        	0x01246a75 WebCore::Node::willRemove() + 49 (Node.cpp:817)
13  com.apple.WebCore        	0x010fa294 WebCore::ContainerNode::willRemove() + 68 (ContainerNode.cpp:334)
14  com.apple.WebCore        	0x010fa275 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331)
15  com.apple.WebCore        	0x010fa275 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331)
16  com.apple.WebCore        	0x010fa275 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331)
17  com.apple.WebCore        	0x010fa275 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331)
18  com.apple.WebCore        	0x010fa275 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331)
19  com.apple.WebCore        	0x010fa275 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331)
20  com.apple.WebCore        	0x013be6df WebCore::FrameLoader::clear(bool) + 159 (FrameLoader.cpp:739)
21  com.apple.WebCore        	0x013c4589 WebCore::FrameLoader::begin(WebCore::KURL const&) + 61 (FrameLoader.cpp:813)
22  com.apple.WebCore        	0x013c4a8b WebCore::FrameLoader::receivedFirstData() + 39 (FrameLoader.cpp:772)
23  com.apple.WebCore        	0x013c4c6b WebCore::FrameLoader::setEncoding(WebCore::String const&, bool) + 45 (FrameLoader.cpp:1510)
24  com.apple.WebCore        	0x01101892 -[WebCoreFrameBridge receivedData:textEncodingName:] + 220 (WebCoreFrameBridge.mm:1482)
25  com.apple.WebKit         	0x003319c9 -[WebHTMLRepresentation receivedData:withDataSource:] + 199 (WebHTMLRepresentation.mm:175)
26  com.apple.WebKit         	0x0032d04f -[WebDataSource(WebInternal) _receivedData:] + 89 (WebDataSource.mm:178)
27  com.apple.WebKit         	0x00392f8d WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 127 (WebFrameLoaderClient.mm:642)
28  com.apple.WebCore        	0x013bac69 WebCore::FrameLoader::committedLoad(WebCore::DocumentLoader*, char const*, int) + 53 (FrameLoader.cpp:2948)
29  com.apple.WebCore        	0x013cb7b5 WebCore::DocumentLoader::commitLoad(char const*, int) + 87 (DocumentLoader.cpp:320)
30  com.apple.WebCore        	0x013cb80e WebCore::DocumentLoader::receivedData(char const*, int) + 76 (DocumentLoader.cpp:333)
31  com.apple.WebCore        	0x013ba24b WebCore::FrameLoader::receivedData(char const*, int) + 41 (FrameLoader.cpp:1915)
32  com.apple.WebCore        	0x013cca68 WebCore::MainResourceLoader::addData(char const*, int, bool) + 80 (MainResourceLoader.cpp:134)
33  com.apple.WebCore        	0x013ceac5 WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) + 83
34  com.apple.WebCore        	0x013ccdad WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool) + 281 (MainResourceLoader.cpp:291)
35  com.apple.WebCore        	0x013ce72c WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) + 58
36  com.apple.WebCore        	0x013ad094 -[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] + 172 (ResourceHandleMac.mm:352)
37  com.apple.Foundation     	0x9265eb86 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 641
38  com.apple.Foundation     	0x9265ce67 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 686
39  com.apple.Foundation     	0x9265cb41 _sendCallbacks + 201
40  com.apple.CoreFoundation 	0x9082b09a CFRunLoopRunSpecific + 1413
41  com.apple.CoreFoundation 	0x9082ab0e CFRunLoopRunInMode + 61
42  com.apple.HIToolbox      	0x92ddabef RunCurrentEventLoopInMode + 285
43  com.apple.HIToolbox      	0x92dda234 ReceiveNextEventCommon + 184
44  com.apple.HIToolbox      	0x92dda154 BlockUntilNextEventMatchingListInMode + 81
45  com.apple.AppKit         	0x9327f465 _DPSNextEvent + 572
46  com.apple.AppKit         	0x9327f056 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 137
47  com.apple.Safari         	0x00006cea 0x1000 + 23786
48  com.apple.AppKit         	0x93278ddb -[NSApplication run] + 512
49  com.apple.AppKit         	0x9326cd2f NSApplicationMain + 573
50  com.apple.Safari         	0x0005f54a 0x1000 + 386378
51  com.apple.Safari         	0x0005f471 0x1000 + 386161

Comment 2 Adele Peterson 2007-02-16 11:45:13 PST


*** This bug has been marked as a duplicate of 12768 ***