14127 – iframe with 'help:' protocol crashes Safari 3.0 beta

RESOLVED DUPLICATE of bug 14116 14127

iframe with 'help:' protocol crashes Safari 3.0 beta

https://bugs.webkit.org/show_bug.cgi?id=14127

Summary iframe with 'help:' protocol crashes Safari 3.0 beta

Richard Parker

Reported 2007-06-13 16:09:30 PDT

An iframe that species its source using the help:' protocol causes Safari 3.0 beta (522.11) to crash in WebCore. Sample HTML that crashes Safari 3.0 beta (522.11) [see attachment]: <html> <head> <title>Crash Safari 3.0 beta</title> </head> <body> <iframe src='help:'></iframe> </body> </html> Process call chain at time of crash [see attachment for full report]: 0 com.apple.WebCore 0x961e9c70 WebCore::DocumentLoader::frameLoader() const + 0 1 com.apple.WebCore 0x961ea0f8 WebCore::DocumentLoader::isLoadingInAPISense() const + 24 2 com.apple.WebCore 0x961dd92c WebCore::FrameLoader::checkLoadCompleteForThisFrame() + 700 3 com.apple.WebCore 0x961ddfe8 WebCore::FrameLoader::recursiveCheckLoadComplete() + 504 4 com.apple.WebCore 0x961ddfd8 WebCore::FrameLoader::recursiveCheckLoadComplete() + 488 5 com.apple.WebCore 0x961de270 WebCore::FrameLoader::finishedLoading() + 368 6 com.apple.WebCore 0x961ee5e8 WebCore::MainResourceLoader::didFinishLoading() + 56 7 com.apple.WebCore 0x961c5174 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 84

Attachments
The HTML that crashes Safari 3.0 beta (116 bytes, text/html) 2007-06-13 16:11 PDT, Richard Parker	no flags	Details
Crash report (19.80 KB, text/plain) 2007-06-13 16:11 PDT, Richard Parker	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Richard Parker

Comment 1 2007-06-13 16:11:24 PDT

Created attachment 15008 [details] The HTML that crashes Safari 3.0 beta

Richard Parker

Comment 2 2007-06-13 16:11:52 PDT

Created attachment 15009 [details] Crash report

Mark Rowe (bdash)

Comment 3 2007-06-13 16:14:01 PDT

This does not appear to crash SVN HEAD, but I do see a suspicious console log: 2007-06-13 16:12:58.362 Safari[5704:10b] *** -[NSCFSet removeObject:]: attempt to remove nil

Mark Rowe (bdash)

Comment 4 2007-06-13 16:14:58 PDT

Thanks for the report! After looking at your crash log this looks to be the same as bug 14116. *** This bug has been marked as a duplicate of 14116 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 14116

Priority P2

Severity Normal

Classification Unclassified

Version 523.x (Safari 3)

Hardware Mac

OS OS X 10.4

Product WebKit

Component WebCore Misc.

Assignee

Nobody

Reported

2007-06-13 16:09 PDT

Modified

2007-06-13 16:14 PDT History

CC List

1 user Show

URL

Keywords

Depends on

Blocks