Steps to reproduce ------------------ 1. Visit http://www.quirksmode.org/dom/w3c_css.html#t01 In the markup code: (<!-- GETCOMPUTEDSTYLE --> <tr> <td id="t01") 2. Scroll down a bit and find the "getComputedStyle() The current style of the element, however this style is set" row. You should see a "Test page" link in the leftmost cell which href value refers to the url http://www.quirksmode.org/dom/tests/style.html (see addendum) 3. Right-click that link source code: <a href="tests/style.html">Test page</a> and choose "Open Link in New Tab" Actual results in Safari 3.0.2 build 522.13.1: application crash Expected results: no crash, normal window loading and document fetched+rendered Reproducible: 100% Error signature AppName: safari.exe AppVer: 3.522.13.1 ModName: safari.exe ModVer: 3.522.13.1 Offset: 000ab3be Exception Information: Code: 0xc0000005 Flags: 0x00000000 etc.. If I knew what (exactly, precisely) could be useful regarding crash data from data sent via MS Error report, I would include it in here. Let me know if I can help on this... Notes ----- Component -> HTML DOM is a rough guess. Addendum: actually, any of the first 3 "Test page" links with the absolute URL pointing to http://www.quirksmode.org/dom/tests/style.html will cause an application crash if you follow the above given steps (right-click and open in new tab)
Confirmed on Windows XP with Safari 3.0.2 Beta and r23677.
Crash still happening in Safari 3.0.3 build 522.15.5 with the same steps to reproduce.
Gérard and/or Matt, can you attach crash information to this bug as described at <http://webkit.org/quality/crashlogs.html>?
Adam, I followed the instructions given in crashlogs.html. Now, I can attach the user.dmp file in here. I don't know/am not sure about the correct portion of the drwtsn32.log...
Created attachment 15840 [details] user.dmp of the crash user.dmp file: I was not sure about the content-type: I chose plain text (text/plain).
Created attachment 15841 [details] Portion of DrWatson's crash log for bug 14340 Ok. Portion of crash data collected by DrWatson. I hope this is correct and sufficient. If there is a problem, let me know... One more detail. Before trying the steps to reproduce, I cleared Safari's cache.
Possible duplicate of bug 14919.
Good catch, Mitz! Yes, bug 14919 and this bug 14340 are the same since both have an <body onload="alert(...something...);"> execution to do. I am able to reproduce the crash with a minimized testcase (5 lines long).
5 lines long testcase: http://www.gtalbot.org/BugzillaSection/Bug14340-1.html
<rdar://problem/5401061>
*** Bug 14919 has been marked as a duplicate of this bug. ***
Thanks for the bug report, crash log, and reduction, Gérard! They were very helpful in tracking this problem down. It turns out this is a Safari bug, not a WebKit bug, so we will continue to track this issue with <rdar://problem/5401061>.