RESOLVED FIXED 13514
REGRESSION (r20997-21003): Crash in WebCore::Node::Document
https://bugs.webkit.org/show_bug.cgi?id=13514
Summary REGRESSION (r20997-21003): Crash in WebCore::Node::Document
Frank Young
Reported 2007-04-26 18:37:09 PDT
I just downloaded the newest version of WebKit.app, version 522+, for testing locally on my PowerBook. I am using Mac OS X 10.4.9; Previously, all versions of WebKit nightlies worked just fine on all sites that I frequent. This version however, makes WebKit.app crash as soon as you navigate to the login page of BlackPlanet (http://blackplanet.com). I'm not sure exactly what causes WebKit.app to crash as the page never gets to fully render before the app crashes. I've searched through Bugzilla and I didn't see any other reported bugs in reference to BlackPlanet so I'm a filing a bug report now. If one of the Devs could take a look at this, I'd really appreciate it.
Attachments
proposed fix (5.06 KB, patch)
2007-04-28 08:50 PDT, Alexey Proskuryakov
darin: review+
Matt Lilek
Comment 1 2007-04-26 19:13:09 PDT
Confirmed with r21103 (you need to click through the browser warning thing for it to crash). This crashlog seems familiar, though I can't seem to find a bug for it right now. Thread 0 Crashed: 0 com.apple.WebCore 0x015ba3e4 WebCore::Node::document() const + 156 (Node.h:282) 1 com.apple.WebCore 0x012e6fb8 KJS::toJS(KJS::ExecState*, WTF::PassRefPtr<WebCore::Node>) + 112 (kjs_dom.cpp:964) 2 com.apple.WebCore 0x012e8104 KJS::DOMNodeList::indexGetter(KJS::ExecState*, KJS::JSObject*, KJS::Identifier const&, KJS::PropertySlot const&) + 156 (kjs_dom.cpp:727) 3 com.apple.JavaScriptCore 0x005e78f0 KJS::PropertySlot::getValue(KJS::ExecState*, KJS::JSObject*, unsigned) const + 120 (property_slot.h:54) 4 com.apple.JavaScriptCore 0x0057a148 KJS::JSObject::get(KJS::ExecState*, unsigned) const + 84 (object.cpp:174) 5 com.apple.JavaScriptCore 0x005b00d8 KJS::BracketAccessorNode::evaluate(KJS::ExecState*) + 392 (nodes.cpp:552) 6 com.apple.JavaScriptCore 0x005aeb90 KJS::ArgumentListNode::evaluateList(KJS::ExecState*) + 112 (nodes.cpp:581) 7 com.apple.JavaScriptCore 0x005f2e48 KJS::ArgumentsNode::evaluateList(KJS::ExecState*) + 128 (nodes.h:361) 8 com.apple.JavaScriptCore 0x005af7c8 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 604 (nodes.cpp:682) 9 com.apple.JavaScriptCore 0x005ab6f8 KJS::ExprStatementNode::execute(KJS::ExecState*) + 220 (nodes.cpp:1723) 10 com.apple.JavaScriptCore 0x005a7ee8 KJS::SourceElementsNode::execute(KJS::ExecState*) + 284 (nodes.cpp:2523) 11 com.apple.JavaScriptCore 0x00579780 KJS::BlockNode::execute(KJS::ExecState*) + 216 (nodes.cpp:1700) 12 com.apple.JavaScriptCore 0x005aa4dc KJS::ForNode::execute(KJS::ExecState*) + 1008 (nodes.cpp:1871) 13 com.apple.JavaScriptCore 0x005a7ee8 KJS::SourceElementsNode::execute(KJS::ExecState*) + 284 (nodes.cpp:2523) 14 com.apple.JavaScriptCore 0x00579780 KJS::BlockNode::execute(KJS::ExecState*) + 216 (nodes.cpp:1700) 15 com.apple.JavaScriptCore 0x005ab604 KJS::IfNode::execute(KJS::ExecState*) + 636 (nodes.cpp:1750) 16 com.apple.JavaScriptCore 0x005a803c KJS::SourceElementsNode::execute(KJS::ExecState*) + 624 (nodes.cpp:2529) 17 com.apple.JavaScriptCore 0x00579780 KJS::BlockNode::execute(KJS::ExecState*) + 216 (nodes.cpp:1700) 18 com.apple.JavaScriptCore 0x005798d0 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 92 (function.cpp:319) 19 com.apple.JavaScriptCore 0x00598e94 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 688 (function.cpp:107) 20 com.apple.JavaScriptCore 0x0057dc54 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 288 (object.cpp:97) 21 com.apple.JavaScriptCore 0x005af884 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 792 (nodes.cpp:694) 22 com.apple.JavaScriptCore 0x005ab6f8 KJS::ExprStatementNode::execute(KJS::ExecState*) + 220 (nodes.cpp:1723) 23 com.apple.JavaScriptCore 0x005a7ee8 KJS::SourceElementsNode::execute(KJS::ExecState*) + 284 (nodes.cpp:2523) 24 com.apple.JavaScriptCore 0x00579780 KJS::BlockNode::execute(KJS::ExecState*) + 216 (nodes.cpp:1700) 25 com.apple.JavaScriptCore 0x005aa4dc KJS::ForNode::execute(KJS::ExecState*) + 1008 (nodes.cpp:1871) 26 com.apple.JavaScriptCore 0x005a7ee8 KJS::SourceElementsNode::execute(KJS::ExecState*) + 284 (nodes.cpp:2523) 27 com.apple.JavaScriptCore 0x00579780 KJS::BlockNode::execute(KJS::ExecState*) + 216 (nodes.cpp:1700) 28 com.apple.JavaScriptCore 0x005ab604 KJS::IfNode::execute(KJS::ExecState*) + 636 (nodes.cpp:1750) 29 com.apple.JavaScriptCore 0x005a803c KJS::SourceElementsNode::execute(KJS::ExecState*) + 624 (nodes.cpp:2529) 30 com.apple.JavaScriptCore 0x00579780 KJS::BlockNode::execute(KJS::ExecState*) + 216 (nodes.cpp:1700) 31 com.apple.JavaScriptCore 0x005798d0 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 92 (function.cpp:319) [snip] 158 com.apple.JavaScriptCore 0x0057dc54 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 288 (object.cpp:97) 159 com.apple.WebCore 0x012ebe2c KJS::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 736 (kjs_events.cpp:123) 160 com.apple.WebCore 0x01105eb0 WebCore::Document::handleWindowEvent(WebCore::Event*, bool) + 416 (Document.cpp:2344) 161 com.apple.WebCore 0x012ab0e4 WebCore::EventTargetNode::dispatchWindowEvent(WebCore::AtomicString const&, bool, bool) + 360 (EventTargetNode.cpp:339) 162 com.apple.WebCore 0x01108fac WebCore::Document::implicitClose() + 796 (Document.cpp:1388) 163 com.apple.WebCore 0x0149056c WebCore::FrameLoader::checkEmitLoadEvent() + 596 (FrameLoader.cpp:1190) 164 com.apple.WebCore 0x0149cafc WebCore::FrameLoader::checkCompleted() + 492 (FrameLoader.cpp:1150) 165 com.apple.WebCore 0x0149dc64 WebCore::FrameLoader::loadDone() + 80 (FrameLoader.cpp:1114) 166 com.apple.WebCore 0x01129938 WebCore::DocLoader::setLoadInProgress(bool) + 92 (DocLoader.cpp:178) 167 com.apple.WebCore 0x0112b7b8 WebCore::Loader::didFinishLoading(WebCore::SubresourceLoader*) + 400 (loader.cpp:109) 168 com.apple.WebCore 0x014a9d7c WebCore::SubresourceLoader::didFinishLoading() + 204 (SubresourceLoader.cpp:194) 169 com.apple.WebCore 0x014a7bc4 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) + 60 170 com.apple.WebCore 0x0147d184 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 144 (ResourceHandleMac.mm:370) 171 com.apple.Foundation 0x92c1389c -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 188 172 com.apple.Foundation 0x92c11b08 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 556
Matt Lilek
Comment 2 2007-04-26 20:08:42 PDT
Regressed between r20997 and r21003.
Mark Rowe (bdash)
Comment 3 2007-04-27 02:56:35 PDT
Alexey Proskuryakov
Comment 4 2007-04-28 08:50:22 PDT
Created attachment 14242 [details] proposed fix
Darin Adler
Comment 5 2007-04-28 10:36:34 PDT
Comment on attachment 14242 [details] proposed fix r=me
Alexey Proskuryakov
Comment 6 2007-04-28 11:49:48 PDT
Committed revision 21169.
Note You need to log in before you can comment on or make changes to this bug.