Process: Safari [3748] Path: /Applications/WebKit.app/Contents/MacOS/WebKit Identifier: org.webkit.nightly.WebKit Version: r28007 (28007) Code Type: X86 (Native) Parent Process: launchd [136] Date/Time: 2007-11-25 16:08:02.085 +0100 OS Version: Mac OS X 10.5.1 (9B18) Report Version: 6 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000e8e2ffe8 Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x002fbe47 WTF::fastMalloc(unsigned long) + 359 1 com.apple.JavaScriptCore 0x0036a5d5 kjsyyparse() + 9877 2 com.apple.JavaScriptCore 0x0036da27 KJS::Parser::parse(KJS::UString const&, int, KJS::UChar const*, unsigned int, int*, int*, KJS::UString*) + 327 3 com.apple.JavaScriptCore 0x00370b81 KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UChar const*, int, KJS::JSValue*) + 209 4 com.apple.WebCore 0x010ae40a WebCore::KJSProxy::evaluate(WebCore::String const&, int, WebCore::String const&) + 202 5 com.apple.WebCore 0x00c74f2b WebCore::FrameLoader::executeScript(WebCore::String const&, int, WebCore::String const&) + 75 6 com.apple.WebCore 0x00cd1b5b WebCore::HTMLTokenizer::scriptExecution(WebCore::DeprecatedString const&, WebCore::HTMLTokenizer::State, WebCore::DeprecatedString, int) + 363 7 com.apple.WebCore 0x00cd21a2 WebCore::HTMLTokenizer::notifyFinished(WebCore::CachedResource*) + 1138 8 com.apple.WebCore 0x00b6bd8c WebCore::CachedScript::checkNotify() + 60 9 com.apple.WebCore 0x00b6c0f0 WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) + 240 10 com.apple.WebCore 0x010bc290 WebCore::Loader::didFinishLoading(WebCore::SubresourceLoader*) + 288 11 com.apple.WebCore 0x01042b21 WebCore::SubresourceLoader::didFinishLoading() + 49 12 com.apple.WebCore 0x00f0b048 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 72 13 com.apple.Foundation 0x929a0357 -[NSURLConnection(NSURLConnectionReallyInternal) sendDidFinishLoading] + 87 14 com.apple.Foundation 0x929a02e4 _NSURLConnectionDidFinishLoading + 68 15 com.apple.CFNetwork 0x9391badf sendDidFinishLoadingCallback + 148 16 com.apple.CFNetwork 0x939189d2 _CFURLConnectionSendCallbacks + 1908 17 com.apple.CFNetwork 0x939181e3 muxerSourcePerform + 283 18 com.apple.CoreFoundation 0x967ea64e CFRunLoopRunSpecific + 3166 19 com.apple.CoreFoundation 0x967ead38 CFRunLoopRunInMode + 88 20 com.apple.HIToolbox 0x95c2d8a4 RunCurrentEventLoopInMode + 283 21 com.apple.HIToolbox 0x95c2d6bd ReceiveNextEventCommon + 374 22 com.apple.HIToolbox 0x95c2d531 BlockUntilNextEventMatchingListInMode + 106 23 com.apple.AppKit 0x9079fd5b _DPSNextEvent + 657 24 com.apple.AppKit 0x9079f6a0 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 25 com.apple.Safari 0x00009d4e 0x1000 + 36174 26 com.apple.AppKit 0x907986d1 -[NSApplication run] + 795 27 com.apple.AppKit 0x907659ba NSApplicationMain + 574 28 com.apple.Safari 0x00002876 0x1000 + 6262 Thread 1: 0 libSystem.B.dylib 0x900bcace __semwait_signal + 10 1 libSystem.B.dylib 0x900e6ced pthread_cond_wait$UNIX2003 + 73 2 com.apple.WebCore 0x00ce6c4f WebCore::IconDatabase::syncThreadMainLoop() + 239 3 com.apple.WebCore 0x00ce6d65 WebCore::IconDatabase::iconDatabaseSyncThread() + 181 4 libSystem.B.dylib 0x900e6075 _pthread_start + 321 5 libSystem.B.dylib 0x900e5f32 thread_start + 34 Thread 2: 0 libSystem.B.dylib 0x900b58e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x900bd0dc mach_msg + 72 2 com.apple.CoreFoundation 0x967ea0fe CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x967ead38 CFRunLoopRunInMode + 88 4 com.apple.CFNetwork 0x939137c2 CFURLCacheWorkerThread(void*) + 396 5 libSystem.B.dylib 0x900e6075 _pthread_start + 321 6 libSystem.B.dylib 0x900e5f32 thread_start + 34 Thread 3: 0 libSystem.B.dylib 0x900b58e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x900bd0dc mach_msg + 72 2 com.apple.CoreFoundation 0x967ea0fe CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x967ead38 CFRunLoopRunInMode + 88 4 com.apple.Foundation 0x9299e560 +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] + 320 5 com.apple.Foundation 0x9293b04d -[NSThread main] + 45 6 com.apple.Foundation 0x9293abf4 __NSThread__main__ + 308 7 libSystem.B.dylib 0x900e6075 _pthread_start + 321 8 libSystem.B.dylib 0x900e5f32 thread_start + 34 Thread 4: 0 libSystem.B.dylib 0x90104f5a select$DARWIN_EXTSN + 10 1 libSystem.B.dylib 0x900e6075 _pthread_start + 321 2 libSystem.B.dylib 0x900e5f32 thread_start + 34 Thread 5: 0 libSystem.B.dylib 0x900b58e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x900bd0dc mach_msg + 72 2 com.apple.CoreFoundation 0x967ea0fe CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x967ead38 CFRunLoopRunInMode + 88 4 com.apple.CFNetwork 0x93960d45 _KeychainThread + 230 5 libSystem.B.dylib 0x900e6075 _pthread_start + 321 6 libSystem.B.dylib 0x900e5f32 thread_start + 34 Thread 6: 0 libSystem.B.dylib 0x900b5946 semaphore_timedwait_signal_trap + 10 1 libSystem.B.dylib 0x900e71cf _pthread_cond_wait + 1244 2 libSystem.B.dylib 0x900e8a53 pthread_cond_timedwait_relative_np + 47 3 com.apple.Foundation 0x92980f9c -[NSCondition waitUntilDate:] + 236 4 com.apple.Foundation 0x92980db0 -[NSConditionLock lockWhenCondition:beforeDate:] + 144 5 com.apple.Foundation 0x92980d15 -[NSConditionLock lockWhenCondition:] + 69 6 com.apple.AppKit 0x90805c19 -[NSUIHeartBeat _heartBeatThread:] + 746 7 com.apple.Foundation 0x9293b04d -[NSThread main] + 45 8 com.apple.Foundation 0x9293abf4 __NSThread__main__ + 308 9 libSystem.B.dylib 0x900e6075 _pthread_start + 321 10 libSystem.B.dylib 0x900e5f32 thread_start + 34 Thread 7: 0 libSystem.B.dylib 0x900b58e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x900bd0dc mach_msg + 72 2 com.apple.CoreFoundation 0x967ea0fe CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x967ead38 CFRunLoopRunInMode + 88 4 com.apple.Foundation 0x9296f5b5 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 213 5 com.apple.Foundation 0x9297b6d4 -[NSRunLoop(NSRunLoop) run] + 84 6 com.apple.Safari 0x0004edd0 0x1000 + 318928 7 com.apple.Foundation 0x9293b04d -[NSThread main] + 45 8 com.apple.Foundation 0x9293abf4 __NSThread__main__ + 308 9 libSystem.B.dylib 0x900e6075 _pthread_start + 321 10 libSystem.B.dylib 0x900e5f32 thread_start + 34 Thread 0 crashed with X86 Thread State (32-bit): eax: 0x00000002 ebx: 0x002fbceb ecx: 0x00000010 edx: 0xe8e2ffe8 edi: 0x0044f01c esi: 0x0044f01c ebp: 0xbfffcc08 esp: 0xbfffcb30 ss: 0x0000001f efl: 0x00010202 eip: 0x002fbe47 cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 cr2: 0xe8e2ffe8 Binary Images: 0x1000 - 0x12efef com.apple.Safari 3.0.4 (5523.10) <c10a33847b3bae1843862f299f82c6ab> /Applications/Safari.app/Contents/MacOS/Safari 0x176000 - 0x177ffc +WebKitNightlyEnabler.dylib ??? (???) /Applications/WebKit.app/Contents/Resources/WebKitNightlyEnabler.dylib 0x17c000 - 0x239fff com.apple.WebKit 525.1+ (525.1+) /Applications/WebKit.app/Contents/Frameworks/10.5/WebKit.framework/Versions/A/WebKit 0x2cb000 - 0x2d9ff8 SyndicationUI ??? (???) <8adc35e1eb5001dead3c18ee25f2e8db> /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI 0x2e8000 - 0x3bfff3 com.apple.JavaScriptCore 525.1+ (525.1+) /Applications/WebKit.app/Contents/Frameworks/10.5/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x63a000 - 0x63fff3 libCGXCoreImage.A.dylib ??? (???) <978986709159e5fe9e094df5efddac1d> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXCoreImage.A.dylib 0xaf1000 - 0x114afff com.apple.WebCore 525.1+ (525.1+) /Applications/WebKit.app/Contents/Frameworks/10.5/WebCore.framework/Versions/A/WebCore 0x129c3000 - 0x12aa9ff7 com.apple.RawCamera.bundle 2.0 (2.0) /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera 0x153d1000 - 0x153d2ff3 ATSHI.dylib ??? (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/ATSHI.dylib 0x162ba000 - 0x162baffe com.apple.JavaPluginCocoa 12.0.0 (12.0.0) <02a9f23a8bfc902c32ac0adfb66d6816> /Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/MacOS/JavaPluginCocoa 0x17ae9000 - 0x17af0ffd com.apple.JavaVM 12.0.0 (12.0.0) <44b9536fe4d7c7fcb3506adb695a180f> /System/Library/Frameworks/JavaVM.framework/Versions/A/JavaVM 0x17f50000 - 0x17f51ff7 +com.google.GoogleNotifierQuickAddCMPlugin ??? (0.0.1.2) /Users/dieterkomendera/Library/Contextual Menu Items/Google Notifier Quick Add CM Plugin.plugin/Contents/MacOS/Google Notifier Quick Add CM Plugin 0x17f56000 - 0x17f58ffe com.apple.AutomatorCMM 1.1 (153) <1437bba93b42b020c74a4fd2574b53ea> /System/Library/Contextual Menu Items/AutomatorCMM.plugin/Contents/MacOS/AutomatorCMM 0x17f5e000 - 0x17f5fffc com.apple.BluetoothMenu 2.0 (2.0f20) /System/Library/Contextual Menu Items/BluetoothContextualMenu.plugin/Contents/MacOS/BluetoothContextualMenu 0x17f64000 - 0x17f67fff com.apple.BezelServicesFW 1.4.533 (1.4.533) /System/Library/PrivateFrameworks/BezelServices.framework/Versions/A/BezelServices 0x17f6e000 - 0x17f73fff com.apple.FolderActionsMenu 1.3.2 (1.3.2) <9ba69ef0bec96264a79fa28b3a5f058b> /System/Library/Contextual Menu Items/FolderActionsMenu.plugin/Contents/MacOS/FolderActionsMenu 0x18100000 - 0x1816dff7 com.apple.Bluetooth 2.0 (2.0f20) <3607252944b8cd29f3e9f5a00cc32247> /System/Library/Frameworks/IOBluetooth.framework/Versions/A/IOBluetooth 0x8fe00000 - 0x8fe2d883 dyld 95.3 (???) <81592e798780564b5d46b988f7ee1a6a> /usr/lib/dyld 0x90003000 - 0x90039fff com.apple.SystemConfiguration 1.9.0 (1.9.0) <7919d9588c3b0d556646e555b7193f1f> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x9003a000 - 0x900b4ff8 com.apple.print.framework.PrintCore 5.5 (245) <9441d178f4b430cf92b67bf346646693> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x900b5000 - 0x9020ffe3 libSystem.B.dylib ??? (???) <8ecc83dc0399be3946f7a46e88cf4bbb> /usr/lib/libSystem.B.dylib 0x9025e000 - 0x9066efef libBLAS.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x9071d000 - 0x9075efe7 libRIP.A.dylib ??? (???) <bdc6d70bf4ed3dace321b4ff76a353b3> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x9075f000 - 0x90f59fef com.apple.AppKit 6.5 (949) <f8d0f6d0bb5ac092f48f42ca684bdb54> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x90f5a000 - 0x91233fe7 com.apple.CoreServices.CarbonCore 783 (783) <8370e664eeb25edc98d5c1f5405b06ae> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x91234000 - 0x9123cfff com.apple.DiskArbitration 2.2 (2.2) <1551b2af557fdf6f368f93e093933852> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x9123d000 - 0x912cfff3 com.apple.ApplicationServices.ATS 3.0 (???) <fb5f572243dbc370a0ea5efc8e81ae11> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x912d0000 - 0x912d7ffe libbsm.dylib ??? (???) <d25c63378a5029648ffd4b4669be31bf> /usr/lib/libbsm.dylib 0x912d8000 - 0x912e8ffc com.apple.LangAnalysis 1.6.4 (1.6.4) <cbeb17ab39f28351fe2ab5b82bf465bc> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x912e9000 - 0x912f3feb com.apple.audio.SoundManager 3.9.2 (3.9.2) <0f2ba6e891d3761212cf5a5e6134d683> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x912f4000 - 0x912f9fff com.apple.backup.framework 1.0 (1.0) /System/Library/PrivateFrameworks/Backup.framework/Versions/A/Backup 0x912fa000 - 0x91318ff3 com.apple.DirectoryService.Framework 3.5 (3.5) <899d8c9ee31b004a6ff73dab88982b1a> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x913c3000 - 0x91456fff com.apple.ink.framework 101.3 (86) <bf3fa8927b4b8baae92381a976fd2079> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x9161b000 - 0x91626fe7 libCSync.A.dylib ??? (???) <df82fc093e498a9eb5490761cb292218> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x91627000 - 0x9170bffb com.apple.CoreData 100 (185) <a4e63784275e25e62f57e75e0af0b94d> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x9170c000 - 0x9170eff5 libRadiance.dylib ??? (???) <20eadb285da83df96c795c2c5fa20590> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x9171c000 - 0x9172cfff com.apple.speech.synthesis.framework 3.6.59 (3.6.59) <4ffef145fad3d4d787e0c33eab26b336> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x9172d000 - 0x9175afeb libvDSP.dylib ??? (???) <a26683d121ee0f96df9a9d0bfca36049> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x9175b000 - 0x9175dfff com.apple.securityhi 3.0 (30817) <2b2854123fed609d1820d2779e2e0963> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x9175e000 - 0x917dafeb com.apple.audio.CoreAudio 3.1.0 (3.1) <70bb7c657061631491029a61babe0b26> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x917de000 - 0x917edffe com.apple.DSObjCWrappers.Framework 1.2 (1.2) <f5b58d1d3a855a63d493ccbec417a1e9> /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x917ee000 - 0x917f7fff com.apple.speech.recognition.framework 3.7.24 (3.7.24) <d3180f9edbd9a5e6f283d6156aa3c602> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x917fe000 - 0x91837ffe com.apple.securityfoundation 3.0 (32768) <1e9885d63ced51f81bc1f39af624637d> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x91838000 - 0x91882fe1 com.apple.securityinterface 3.0 (32532) <f521dae416ce7a3bdd594b0d4e2fb517> /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x918a2000 - 0x918c1ffa libJPEG.dylib ??? (???) <0cfb80109d624beb9ceb3c43b6c5ec10> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x918c2000 - 0x918feff7 com.apple.CoreMediaIOServicesPrivate 1.2 (1.2) /System/Library/PrivateFrameworks/CoreMediaIOServicesPrivate.framework/Versions/A/CoreMediaIOServicesPrivate 0x918ff000 - 0x91923feb libssl.0.9.7.dylib ??? (???) <acee7fc534674498dcac211318aa23e8> /usr/lib/libssl.0.9.7.dylib 0x91924000 - 0x91929fff com.apple.CommonPanels 1.2.4 (85) <ea0665f57cd267609466ed8b2b20e893> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x9192a000 - 0x919d9fff com.apple.DesktopServices 1.4.3 (1.4.3) <66d5ed56111c43d234e235d365d02469> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x919da000 - 0x91a1cfef com.apple.NavigationServices 3.5.1 (161) <cc6bd78eabf1e2e7166914e9f12f5850> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x91c98000 - 0x91ccafff com.apple.LDAPFramework 1.4.3 (106) <3a5c9df6032143cd6bc2658a9d328d8e> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x91ccb000 - 0x91e10ff7 com.apple.ImageIO.framework 2.0.0 (2.0.0) <154d4d8cda2bd99518cbabc9f2d69833> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x91e11000 - 0x91e15fff libGIF.dylib ??? (???) <d4234e6f5e5f530bdafb969157f1f17b> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x91e16000 - 0x91ec6fff edu.mit.Kerberos 6.0.11 (6.0.11) <33c25789baedcd70a7e24881775dd9ad> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos 0x91edb000 - 0x91ef1fe7 com.apple.CoreVideo 1.5.0 (1.5.0) <8947e88900afa1d2ca78b69bff98b0d7> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x91ef2000 - 0x91f31fef libTIFF.dylib ??? (???) <6d0f80e9d4d81f3f64c876aca005bd53> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x91f32000 - 0x91f32ffc com.apple.audio.units.AudioUnit 1.5 (1.5) /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x91fef000 - 0x92025fef libtidy.A.dylib ??? (???) <e4d3e7399fb83d7f145f9b4ec8196242> /usr/lib/libtidy.A.dylib 0x92026000 - 0x920b0fff com.apple.framework.IOKit 1.5.1 (???) <5176a7383151a19c962334009fef2c6d> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x920b1000 - 0x9210effb libstdc++.6.dylib ??? (???) <04b812dcec670daa8b7d2852ab14be60> /usr/lib/libstdc++.6.dylib 0x92115000 - 0x922defef com.apple.security 5.0.1 (32736) <8c9eda0fcc1d8a571543025ac900715f> /System/Library/Frameworks/Security.framework/Versions/A/Security 0x92314000 - 0x923dffff com.apple.ColorSync 4.5.0 (4.5.0) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x923e0000 - 0x923e0ffb com.apple.installserver.framework 1.0 (8) /System/Library/PrivateFrameworks/InstallServer.framework/Versions/A/InstallServer 0x92518000 - 0x92571fff libGLU.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x92572000 - 0x92930fea libLAPACK.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x92931000 - 0x92baafe7 com.apple.Foundation 6.5.1 (677.1) <85ac18c7cd454378db6122bea0c00965> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x92bb7000 - 0x92bf4ff7 libGLImage.dylib ??? (???) <202d73e6a4688fc06ff11b71910c2ce7> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x92bf5000 - 0x92bf5fff com.apple.Carbon 136 (136) <98a5e3bc0c4fa44bbb09713bb88707fe> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x92bf6000 - 0x92c9dfff com.apple.QD 3.11.50 (???) <e2f71720ae1dad06a8883ac80775b21a> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x92c9e000 - 0x92d29ff7 com.apple.QTKit 7.3 (7.3) /System/Library/Frameworks/QTKit.framework/Versions/A/QTKit 0x92e3c000 - 0x92e3cff8 com.apple.Cocoa 6.5 (???) <e064f94d969ce25cb7de3cfb980c3249> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x92e3d000 - 0x92e65ff7 com.apple.shortcut 1 (1.0) <057783867138902b52bc0941fedb74d1> /System/Library/PrivateFrameworks/Shortcut.framework/Versions/A/Shortcut 0x92e66000 - 0x92f8afe3 com.apple.audio.toolbox.AudioToolbox 1.5 (1.5) /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x92f8b000 - 0x92f98fe7 com.apple.opengl 1.5.5 (1.5.5) <aa08b52d2a84b44dc6ee5d544a53fe8a> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x92f99000 - 0x92faffff com.apple.DictionaryServices 1.0.0 (1.0.0) <ad0aa0252e3323d182e17f50defe56fc> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices 0x92fe0000 - 0x93030ff7 com.apple.HIServices 1.6.0 (???) <d74aa73e4cfd30a08fb169198a8d2539> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x93031000 - 0x93049fff com.apple.openscripting 1.2.6 (???) <b8e553df643f2aec68fa968b3b459b2b> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x9304a000 - 0x9304bffc libffi.dylib ??? (???) <a3b573eb950ca583290f7b2b4c486d09> /usr/lib/libffi.dylib 0x9304c000 - 0x93073fff libcups.2.dylib ??? (???) <6b61eb99e6f5dd2d66cd224e9f82427d> /usr/lib/libcups.2.dylib 0x93074000 - 0x9370bfef com.apple.CoreGraphics 1.351.0 (???) <7a6f399039eed6dbe845c169f7d21a70> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x9370c000 - 0x9378bff5 com.apple.SearchKit 1.2.0 (1.2.0) <277b460da86bc222785159fe77e2e2ed> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x9378c000 - 0x93842fe3 com.apple.CoreServices.OSServices 210.2 (210.2) <4ed69f07fc0f211ab32d1ee96e281fc2> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x93843000 - 0x938a8ffb com.apple.ISSupport 1.6 (34) /System/Library/PrivateFrameworks/ISSupport.framework/Versions/A/ISSupport 0x938a9000 - 0x938a9ff8 com.apple.ApplicationServices 34 (34) <8f910fa65f01d401ad8d04cc933cf887> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x938aa000 - 0x938cefff libxslt.1.dylib ??? (???) <4933ddc7f6618743197aadc85b33b5ab> /usr/lib/libxslt.1.dylib 0x938dd000 - 0x93907fef libauto.dylib ??? (???) <d468bc4a8a69343f1748c293db1b57fb> /usr/lib/libauto.dylib 0x93908000 - 0x9397ffe3 com.apple.CFNetwork 220 (220) <0ae8fbcbadcb9bd8d673aa4531c0fcfc> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x93a75000 - 0x93a84fff libsasl2.2.dylib ??? (???) <b9e1ca0b6612e280b6cbea6df0eec5f6> /usr/lib/libsasl2.2.dylib 0x93a85000 - 0x93adfff7 com.apple.CoreText 2.0.0 (???) <7fa39cd5bc847615ec02e7c7a37c0508> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x93ae0000 - 0x93afefff libresolv.9.dylib ??? (???) <54e6a08c2f108bdf5916fb483d51961b> /usr/lib/libresolv.9.dylib 0x93aff000 - 0x93e95ff7 com.apple.QuartzCore 1.5.1 (1.5.1) <deb61cbeb3f734a1b2f4669f6268b9de> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x93ec7000 - 0x93ec7ffa com.apple.CoreServices 32 (32) <2fcc8f3bd5bbfc000b476cad8e6a3dd2> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x93ec8000 - 0x93fc9fff com.apple.PubSub 1.0.1 (59) /System/Library/Frameworks/PubSub.framework/Versions/A/PubSub 0x93fca000 - 0x93fd8ffd libz.1.dylib ??? (???) <5ddd8539ae2ebfd8e7cc1c57525385c7> /usr/lib/libz.1.dylib 0x93fd9000 - 0x93ffcfff com.apple.CoreMediaPrivate 1.2 (1.2) <f2f275de4f50406fbebc42603399f029> /System/Library/PrivateFrameworks/CoreMediaPrivate.framework/Versions/A/CoreMediaPrivate 0x93ffd000 - 0x94003fff com.apple.print.framework.Print 218 (220) <c35172175abbe554ddadd9b6401351fa> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x94004000 - 0x94004ffd com.apple.vecLib 3.4 (vecLib 3.4) /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x9413a000 - 0x9413dfff com.apple.help 1.1 (36) <b507b08e484cb89033e9cf23062d77de> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x9413e000 - 0x94152ff3 com.apple.ImageCapture 4.0 (5.0.0) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x94fd4000 - 0x9509bff2 com.apple.vImage 3.0 (3.0) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x9509c000 - 0x9521afff com.apple.AddressBook.framework 4.1 (687) <3f005092d08e963eabe8f7f66c09cc1e> /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x9521b000 - 0x9521cfef libmathCommon.A.dylib ??? (???) /usr/lib/system/libmathCommon.A.dylib 0x95262000 - 0x9526eff5 libGL.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x9526f000 - 0x95276ff7 libCGATS.A.dylib ??? (???) <9b29a5500efe01cc3adea67bbc42568e> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x9578d000 - 0x95798ff9 com.apple.helpdata 1.0 (14) /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/HelpData 0x95a12000 - 0x95ac4ffb libcrypto.0.9.7.dylib ??? (???) <330b0e48e67faffc8c22dfc069ca7a47> /usr/lib/libcrypto.0.9.7.dylib 0x95ac5000 - 0x95bfdff7 libicucore.A.dylib ??? (???) <afcea652ff2ec36885b2c81c57d06d4c> /usr/lib/libicucore.A.dylib 0x95bfe000 - 0x95f04fff com.apple.HIToolbox 1.5.0 (???) <1b872a7151ee3f80c9c736a3e46d00d9> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x95f05000 - 0x963d1ffe libGLProgrammability.dylib ??? (???) <e8bc0af671427cf2b6279a035805a086> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib 0x963d2000 - 0x96459ff7 libsqlite3.0.dylib ??? (???) <273efcb717e89c21207c851d7d33fda4> /usr/lib/libsqlite3.0.dylib 0x9645a000 - 0x9645affd com.apple.Accelerate.vecLib 3.4 (vecLib 3.4) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x96465000 - 0x96777fe2 com.apple.QuickTime 7.3.0 (7.3.0) <adfe6f92ffe38bc57df6b8cb2e6ea9d9> /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime 0x96778000 - 0x968aafe7 com.apple.CoreFoundation 6.5 (476) <8bfebc0dbad6fc33bea0fa00a1b9ec37> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x968ab000 - 0x968dafe3 com.apple.AE 402 (402) <994ba8e884aefe7bf1fc5987df099e7b> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x968e5000 - 0x9691fff7 com.apple.coreui 0.1 (60) /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI 0x96920000 - 0x96927fe9 libgcc_s.1.dylib ??? (???) <f53c808e87d1184c0f9df63aef53ce0b> /usr/lib/libgcc_s.1.dylib 0x96928000 - 0x96943ffb libPng.dylib ??? (???) <b6abcac36ec7654ff3e1cfa786b0117b> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x96944000 - 0x96a23fff libobjc.A.dylib ??? (???) <5eda47fec2d0e7853b3506aa1fd2dafa> /usr/lib/libobjc.A.dylib 0x96a24000 - 0x96a69fef com.apple.Metadata 10.5.0 (398) <4fd74fba0062c2e08ec4b1c10b40ff63> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x96a6a000 - 0x96af6ff7 com.apple.LaunchServices 284 (284) <0fb50a7a6fd38875f727fc2592a496e4> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x96b49000 - 0x96bbdfef libvMisc.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x96c0b000 - 0x96cecff7 libxml2.2.dylib ??? (???) <450ec38b57fb46013847cce851001a2f> /usr/lib/libxml2.2.dylib 0x96ced000 - 0x96d49ff7 com.apple.htmlrendering 68 (1.1.3) <fe87a9dede38db00e6c8949942c6bd4f> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x96d4a000 - 0x96d4cfff com.apple.CrashReporterSupport 10.5.0 (156) <3088b785b10d03504ed02f3fee5d3aab> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Versions/A/CrashReporterSupport 0x96d4d000 - 0x96d4dffd com.apple.Accelerate 1.4 (Accelerate 1.4) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0xba900000 - 0xba916fff libJapaneseConverter.dylib ??? (???) <7b0248c392848338f5d6ed093313eeef> /System/Library/CoreServices/Encodings/libJapaneseConverter.dylib 0xfffe8000 - 0xfffebfff libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib 0xffff0000 - 0xffff1780 libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib

Confirmed with r28011. My debug build spits a bunch of this to the console: Safari(16501,0xa01c3f60) malloc: *** error for object 0x1a3a2c00: incorrect checksum for freed object - object was probably modified after being freed. *** set a breakpoint in malloc_error_break to debug Safari(16501,0xa01c3f60) malloc: *** error for object 0x1a3a2c10: incorrect checksum for freed object - object was probably modified after being freed. *** set a breakpoint in malloc_error_break to debug Safari(16501,0xa01c3f60) malloc: *** error for object 0x1a3a2c20: incorrect checksum for freed object - object was probably modified after being freed. *** set a breakpoint in malloc_error_break to debug Safari(16501,0xa01c3f60) malloc: *** error for object 0xf800d0: incorrect checksum for freed object - object was probably modified after being freed. *** set a breakpoint in malloc_error_break to debug Safari(16501,0xb02cd000) malloc: *** error for object 0xf82cd0: Non-aligned pointer being freed (2) *** set a breakpoint in malloc_error_break to debug Safari(16501,0xb02cd000) malloc: *** error for object 0xf82d20: Non-aligned pointer being freed (2) *** set a breakpoint in malloc_error_break to debug Safari(16501,0xb02cd000) malloc: *** error for object 0xf845f0: Non-aligned pointer being freed (2) *** set a breakpoint in malloc_error_break to debug Safari(16501,0xb02cd000) malloc: *** error for object 0xf84630: Non-aligned pointer being freed (2) *** set a breakpoint in malloc_error_break to debug Safari(16501,0xb02cd000) malloc: *** error for object 0xf85bb0: Non-aligned pointer being freed (2) *** set a breakpoint in malloc_error_break to debug ERROR: free is not supported ERROR: (/Users/matt/Code/WebKit/JavaScriptCore/kjs/CollectorHeapIntrospector.h:56 static void KJS::CollectorHeapIntrospector::zoneFree(malloc_zone_t*, void*)) ERROR: free is not supported (/Users/matt/Code/WebKit/JavaScriptCore/kjs/CollectorHeapIntrospector.h:56 static void KJS::CollectorHeapIntrospector::zoneFree(malloc_zone_t*, void*)) ERROR: free is not supported (/Users/matt/Code/WebKit/JavaScriptCore/kjs/CollectorHeapIntrospector.h:56 static void KJS::CollectorHeapIntrospector::zoneFree(malloc_zone_t*, void*)) ERROR: free is not supported (/Users/matt/Code/WebKit/JavaScriptCore/kjs/CollectorHeapIntrospector.h:56 static void KJS::CollectorHeapIntrospector::zoneFree(malloc_zone_t*, void*)) ERROR: free is not supported (/Users/matt/Code/WebKit/JavaScriptCore/kjs/CollectorHeapIntrospector.h:56 static void KJS::CollectorHeapIntrospector::zoneFree(malloc_zone_t*, void*)) ERROR: free is not supported (/Users/matt/Code/WebKit/JavaScriptCore/kjs/CollectorHeapIntrospector.h:56 static void KJS::CollectorHeapIntrospector::zoneFree(malloc_zone_t*, void*)) Safari(16501,0xb02cd000) malloc: *** error for object 0xf87830: Non-aligned pointer being freed (2) *** set a breakpoint in malloc_error_break to debug Safari(16501,0xb02cd000) malloc: *** error for object 0xf87870: Non-aligned pointer being freed (2) *** set a breakpoint in malloc_error_break to debug ERROR: free is not supported And the stack trace from my debug build: Thread 0 Crashed: 0 libSystem.B.dylib 0x911ec2af szone_free + 2101 1 libSystem.B.dylib 0x911eb9ed free + 106 2 com.apple.JavaScriptCore 0x0041ef9e WTF::fastFree(void*) + 86 (FastMalloc.cpp:172) 3 com.apple.JavaScriptCore 0x0046714f WTF::VectorBufferBase<WTF::RefPtr<KJS::StatementNode> >::deallocateBuffer(WTF::RefPtr<KJS::StatementNode>*) + 17 (Vector.h:257) 4 com.apple.JavaScriptCore 0x00467172 WTF::VectorBuffer<WTF::RefPtr<KJS::StatementNode>, 0ul>::~VectorBuffer() + 32 (Vector.h:313) 5 com.apple.JavaScriptCore 0x00467191 WTF::VectorBuffer<WTF::RefPtr<KJS::StatementNode>, 0ul>::~VectorBuffer() + 17 (Vector.h:313) 6 com.apple.JavaScriptCore 0x00476d3b WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>::~Vector() + 31 (Vector.h:409) 7 com.apple.JavaScriptCore 0x00476d4f WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>::~Vector() + 17 (Vector.h:409) 8 com.apple.JavaScriptCore 0x00478de7 void WTF::deleteOwnedPtr<WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul> >(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>*) + 29 (OwnPtr.h:52) 9 com.apple.JavaScriptCore 0x00478e0d WTF::OwnPtr<WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul> >::~OwnPtr() + 19 (OwnPtr.h:70) 10 com.apple.JavaScriptCore 0x00478e2b WTF::OwnPtr<WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul> >::~OwnPtr() + 17 (OwnPtr.h:70) 11 com.apple.JavaScriptCore 0x0047f0ef KJS::BlockNode::~BlockNode() + 41 (nodes.h:1751) 12 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 13 com.apple.JavaScriptCore 0x00476c1a WTF::RefPtr<KJS::StatementNode>::~RefPtr() + 28 (RefPtr.h:45) 14 com.apple.JavaScriptCore 0x00476c2d WTF::RefPtr<KJS::StatementNode>::~RefPtr() + 17 (RefPtr.h:45) 15 com.apple.JavaScriptCore 0x0047eead KJS::IfNode::~IfNode() + 55 (nodes.h:1779) 16 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 17 com.apple.JavaScriptCore 0x00476c1a WTF::RefPtr<KJS::StatementNode>::~RefPtr() + 28 (RefPtr.h:45) 18 com.apple.JavaScriptCore 0x00476c2d WTF::RefPtr<KJS::StatementNode>::~RefPtr() + 17 (RefPtr.h:45) 19 com.apple.JavaScriptCore 0x00476c49 WTF::VectorDestructor<true, WTF::RefPtr<KJS::StatementNode> >::destruct(WTF::RefPtr<KJS::StatementNode>*, WTF::RefPtr<KJS::StatementNode>*) + 25 (Vector.h:53) 20 com.apple.JavaScriptCore 0x00476c72 WTF::VectorTypeOperations<WTF::RefPtr<KJS::StatementNode> >::destruct(WTF::RefPtr<KJS::StatementNode>*, WTF::RefPtr<KJS::StatementNode>*) + 24 (Vector.h:209) 21 com.apple.JavaScriptCore 0x00476cf0 WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>::shrink(unsigned long) + 124 (Vector.h:632) 22 com.apple.JavaScriptCore 0x00476d19 WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>::clear() + 25 (Vector.h:455) 23 com.apple.JavaScriptCore 0x00476d2d WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>::~Vector() + 17 (Vector.h:409) 24 com.apple.JavaScriptCore 0x00476d4f WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>::~Vector() + 17 (Vector.h:409) 25 com.apple.JavaScriptCore 0x00478de7 void WTF::deleteOwnedPtr<WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul> >(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>*) + 29 (OwnPtr.h:52) 26 com.apple.JavaScriptCore 0x00478e0d WTF::OwnPtr<WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul> >::~OwnPtr() + 19 (OwnPtr.h:70) 27 com.apple.JavaScriptCore 0x00478e2b WTF::OwnPtr<WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul> >::~OwnPtr() + 17 (OwnPtr.h:70) 28 com.apple.JavaScriptCore 0x0047e84f KJS::BlockNode::~BlockNode() + 41 (nodes.h:1751) 29 com.apple.JavaScriptCore 0x004814a6 KJS::FunctionBodyNode::~FunctionBodyNode() + 112 (nodes.h:1954) 30 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 31 com.apple.JavaScriptCore 0x00476be8 WTF::RefPtr<KJS::FunctionBodyNode>::~RefPtr() + 28 (RefPtr.h:45) 32 com.apple.JavaScriptCore 0x00476bfb WTF::RefPtr<KJS::FunctionBodyNode>::~RefPtr() + 17 (RefPtr.h:45) 33 com.apple.JavaScriptCore 0x0047e5eb KJS::FuncExprNode::~FuncExprNode() + 41 (nodes.h:1994) 34 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 35 com.apple.JavaScriptCore 0x004769ca WTF::RefPtr<KJS::ExpressionNode>::~RefPtr() + 28 (RefPtr.h:45) 36 com.apple.JavaScriptCore 0x004769dd WTF::RefPtr<KJS::ExpressionNode>::~RefPtr() + 17 (RefPtr.h:45) 37 com.apple.JavaScriptCore 0x00480fe9 KJS::PropertyNode::~PropertyNode() + 41 (nodes.h:388) 38 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 39 com.apple.JavaScriptCore 0x004775e6 WTF::RefPtr<KJS::PropertyNode>::~RefPtr() + 28 (RefPtr.h:45) 40 com.apple.JavaScriptCore 0x004775f9 WTF::RefPtr<KJS::PropertyNode>::~RefPtr() + 17 (RefPtr.h:45) 41 com.apple.JavaScriptCore 0x00478a3f KJS::PropertyListNode::~PropertyListNode() + 55 (nodes.h:407) 42 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 43 com.apple.JavaScriptCore 0x0047740c WTF::RefPtr<KJS::PropertyListNode>::operator=(WTF::PassRefPtr<KJS::PropertyListNode> const&) + 46 (RefPtr.h:120) 44 com.apple.JavaScriptCore 0x00477535 WTF::ListRefPtr<KJS::PropertyListNode>::~ListRefPtr() + 99 (ListRefPtr.h:42) 45 com.apple.JavaScriptCore 0x0047759f WTF::ListRefPtr<KJS::PropertyListNode>::~ListRefPtr() + 17 (ListRefPtr.h:42) 46 com.apple.JavaScriptCore 0x00478a31 KJS::PropertyListNode::~PropertyListNode() + 41 (nodes.h:407) 47 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 48 com.apple.JavaScriptCore 0x004774bc WTF::RefPtr<KJS::PropertyListNode>::~RefPtr() + 28 (RefPtr.h:45) 49 com.apple.JavaScriptCore 0x004774cf WTF::RefPtr<KJS::PropertyListNode>::~RefPtr() + 17 (RefPtr.h:45) 50 com.apple.JavaScriptCore 0x0047bc33 KJS::ObjectLiteralNode::~ObjectLiteralNode() + 41 (nodes.h:426) 51 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 52 com.apple.JavaScriptCore 0x004769ca WTF::RefPtr<KJS::ExpressionNode>::~RefPtr() + 28 (RefPtr.h:45) 53 com.apple.JavaScriptCore 0x004769dd WTF::RefPtr<KJS::ExpressionNode>::~RefPtr() + 17 (RefPtr.h:45) 54 com.apple.JavaScriptCore 0x00478b09 KJS::ArgumentListNode::~ArgumentListNode() + 41 (nodes.h:484) 55 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 56 com.apple.JavaScriptCore 0x0047720e WTF::RefPtr<KJS::ArgumentListNode>::~RefPtr() + 28 (RefPtr.h:45) 57 com.apple.JavaScriptCore 0x00477221 WTF::RefPtr<KJS::ArgumentListNode>::~RefPtr() + 17 (RefPtr.h:45) 58 com.apple.JavaScriptCore 0x00478bd3 KJS::ArgumentsNode::~ArgumentsNode() + 41 (nodes.h:502) 59 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 60 com.apple.JavaScriptCore 0x004771dc WTF::RefPtr<KJS::ArgumentsNode>::~RefPtr() + 28 (RefPtr.h:45) 61 com.apple.JavaScriptCore 0x004771ef WTF::RefPtr<KJS::ArgumentsNode>::~RefPtr() + 17 (RefPtr.h:45) 62 com.apple.JavaScriptCore 0x00480ca5 KJS::FunctionCallDotNode::~FunctionCallDotNode() + 41 (nodes.h:609) 63 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 64 com.apple.JavaScriptCore 0x004769ca WTF::RefPtr<KJS::ExpressionNode>::~RefPtr() + 28 (RefPtr.h:45) 65 com.apple.JavaScriptCore 0x004769dd WTF::RefPtr<KJS::ExpressionNode>::~RefPtr() + 17 (RefPtr.h:45) 66 com.apple.JavaScriptCore 0x0047ef93 KJS::ExprStatementNode::~ExprStatementNode() + 41 (nodes.h:1769) 67 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 68 com.apple.JavaScriptCore 0x00476c1a WTF::RefPtr<KJS::StatementNode>::~RefPtr() + 28 (RefPtr.h:45) 69 com.apple.JavaScriptCore 0x00476c2d WTF::RefPtr<KJS::StatementNode>::~RefPtr() + 17 (RefPtr.h:45) 70 com.apple.JavaScriptCore 0x00476c49 WTF::VectorDestructor<true, WTF::RefPtr<KJS::StatementNode> >::destruct(WTF::RefPtr<KJS::StatementNode>*, WTF::RefPtr<KJS::StatementNode>*) + 25 (Vector.h:53) 71 com.apple.JavaScriptCore 0x00476c72 WTF::VectorTypeOperations<WTF::RefPtr<KJS::StatementNode> >::destruct(WTF::RefPtr<KJS::StatementNode>*, WTF::RefPtr<KJS::StatementNode>*) + 24 (Vector.h:209) 72 com.apple.JavaScriptCore 0x00476cf0 WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>::shrink(unsigned long) + 124 (Vector.h:632) 73 com.apple.JavaScriptCore 0x00476d19 WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>::clear() + 25 (Vector.h:455) 74 com.apple.JavaScriptCore 0x00476d2d WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>::~Vector() + 17 (Vector.h:409) 75 com.apple.JavaScriptCore 0x00476d4f WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>::~Vector() + 17 (Vector.h:409) 76 com.apple.JavaScriptCore 0x00478de7 void WTF::deleteOwnedPtr<WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul> >(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>*) + 29 (OwnPtr.h:52) 77 com.apple.JavaScriptCore 0x00478e0d WTF::OwnPtr<WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul> >::~OwnPtr() + 19 (OwnPtr.h:70) 78 com.apple.JavaScriptCore 0x00478e2b WTF::OwnPtr<WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul> >::~OwnPtr() + 17 (OwnPtr.h:70) 79 com.apple.JavaScriptCore 0x0047e84f KJS::BlockNode::~BlockNode() + 41 (nodes.h:1751) 80 com.apple.JavaScriptCore 0x004814a6 KJS::FunctionBodyNode::~FunctionBodyNode() + 112 (nodes.h:1954) 81 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 82 com.apple.JavaScriptCore 0x00476be8 WTF::RefPtr<KJS::FunctionBodyNode>::~RefPtr() + 28 (RefPtr.h:45) 83 com.apple.JavaScriptCore 0x00476bfb WTF::RefPtr<KJS::FunctionBodyNode>::~RefPtr() + 17 (RefPtr.h:45) 84 com.apple.JavaScriptCore 0x0047e5eb KJS::FuncExprNode::~FuncExprNode() + 41 (nodes.h:1994) 85 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 86 com.apple.JavaScriptCore 0x004769ca WTF::RefPtr<KJS::ExpressionNode>::~RefPtr() + 28 (RefPtr.h:45) 87 com.apple.JavaScriptCore 0x004769dd WTF::RefPtr<KJS::ExpressionNode>::~RefPtr() + 17 (RefPtr.h:45) 88 com.apple.JavaScriptCore 0x00480fe9 KJS::PropertyNode::~PropertyNode() + 41 (nodes.h:388) 89 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 90 com.apple.JavaScriptCore 0x004775e6 WTF::RefPtr<KJS::PropertyNode>::~RefPtr() + 28 (RefPtr.h:45) 91 com.apple.JavaScriptCore 0x004775f9 WTF::RefPtr<KJS::PropertyNode>::~RefPtr() + 17 (RefPtr.h:45) 92 com.apple.JavaScriptCore 0x00478a3f KJS::PropertyListNode::~PropertyListNode() + 55 (nodes.h:407) 93 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 94 com.apple.JavaScriptCore 0x004774bc WTF::RefPtr<KJS::PropertyListNode>::~RefPtr() + 28 (RefPtr.h:45) 95 com.apple.JavaScriptCore 0x004774cf WTF::RefPtr<KJS::PropertyListNode>::~RefPtr() + 17 (RefPtr.h:45) 96 com.apple.JavaScriptCore 0x0047bc33 KJS::ObjectLiteralNode::~ObjectLiteralNode() + 41 (nodes.h:426) 97 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 98 com.apple.JavaScriptCore 0x004769ca WTF::RefPtr<KJS::ExpressionNode>::~RefPtr() + 28 (RefPtr.h:45) 99 com.apple.JavaScriptCore 0x004769dd WTF::RefPtr<KJS::ExpressionNode>::~RefPtr() + 17 (RefPtr.h:45) 100 com.apple.JavaScriptCore 0x0047fe61 KJS::AssignResolveNode::~AssignResolveNode() + 41 (nodes.h:1561) 101 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 102 com.apple.JavaScriptCore 0x004769ca WTF::RefPtr<KJS::ExpressionNode>::~RefPtr() + 28 (RefPtr.h:45) 103 com.apple.JavaScriptCore 0x004769dd WTF::RefPtr<KJS::ExpressionNode>::~RefPtr() + 17 (RefPtr.h:45) 104 com.apple.JavaScriptCore 0x0047ef93 KJS::ExprStatementNode::~ExprStatementNode() + 41 (nodes.h:1769) 105 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 106 com.apple.JavaScriptCore 0x00476c1a WTF::RefPtr<KJS::StatementNode>::~RefPtr() + 28 (RefPtr.h:45) 107 com.apple.JavaScriptCore 0x00476c2d WTF::RefPtr<KJS::StatementNode>::~RefPtr() + 17 (RefPtr.h:45) 108 com.apple.JavaScriptCore 0x00476c49 WTF::VectorDestructor<true, WTF::RefPtr<KJS::StatementNode> >::destruct(WTF::RefPtr<KJS::StatementNode>*, WTF::RefPtr<KJS::StatementNode>*) + 25 (Vector.h:53) 109 com.apple.JavaScriptCore 0x00476c72 WTF::VectorTypeOperations<WTF::RefPtr<KJS::StatementNode> >::destruct(WTF::RefPtr<KJS::StatementNode>*, WTF::RefPtr<KJS::StatementNode>*) + 24 (Vector.h:209) 110 com.apple.JavaScriptCore 0x00476cf0 WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>::shrink(unsigned long) + 124 (Vector.h:632) 111 com.apple.JavaScriptCore 0x00476d19 WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>::clear() + 25 (Vector.h:455) 112 com.apple.JavaScriptCore 0x00476d2d WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>::~Vector() + 17 (Vector.h:409) 113 com.apple.JavaScriptCore 0x00476d4f WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>::~Vector() + 17 (Vector.h:409) 114 com.apple.JavaScriptCore 0x00478de7 void WTF::deleteOwnedPtr<WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul> >(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>*) + 29 (OwnPtr.h:52) 115 com.apple.JavaScriptCore 0x00478e0d WTF::OwnPtr<WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul> >::~OwnPtr() + 19 (OwnPtr.h:70) 116 com.apple.JavaScriptCore 0x00478e2b WTF::OwnPtr<WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul> >::~OwnPtr() + 17 (OwnPtr.h:70) 117 com.apple.JavaScriptCore 0x0047e84f KJS::BlockNode::~BlockNode() + 41 (nodes.h:1751) 118 com.apple.JavaScriptCore 0x00481536 KJS::FunctionBodyNode::~FunctionBodyNode() + 112 (nodes.h:1954) 119 com.apple.JavaScriptCore 0x00481592 KJS::ProgramNode::~ProgramNode() + 40 (nodes.h:2089) 120 com.apple.JavaScriptCore 0x00423a77 KJS::Node::deref() + 307 (nodes.cpp:191) 121 com.apple.JavaScriptCore 0x00477618 WTF::RefPtr<KJS::ProgramNode>::~RefPtr() + 28 (RefPtr.h:45) 122 com.apple.JavaScriptCore 0x0047762b WTF::RefPtr<KJS::ProgramNode>::~RefPtr() + 17 (RefPtr.h:45) 123 com.apple.JavaScriptCore 0x0045c303 KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UChar const*, int, KJS::JSValue*) + 1349 (interpreter.cpp:399) 124 com.apple.WebCore 0x023f7029 WebCore::KJSProxy::evaluate(WebCore::String const&, int, WebCore::String const&) + 235 (kjs_proxy.cpp:87) 125 com.apple.WebCore 0x01f37c5c WebCore::FrameLoader::executeScript(WebCore::String const&, int, WebCore::String const&) + 92 (FrameLoader.cpp:757) 126 com.apple.WebCore 0x01fb504e WebCore::HTMLTokenizer::scriptExecution(WebCore::DeprecatedString const&, WebCore::HTMLTokenizer::State, WebCore::DeprecatedString, int) + 308 (HTMLTokenizer.cpp:520) 127 com.apple.WebCore 0x01fb596c WebCore::HTMLTokenizer::notifyFinished(WebCore::CachedResource*) + 820 (HTMLTokenizer.cpp:1737) 128 com.apple.WebCore 0x01e135aa WebCore::CachedScript::checkNotify() + 68 (CachedScript.cpp:97) 129 com.apple.WebCore 0x01e1370b WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) + 279 (CachedScript.cpp:89) 130 com.apple.WebCore 0x024058cc WebCore::Loader::didFinishLoading(WebCore::SubresourceLoader*) + 340 (loader.cpp:116) 131 com.apple.WebCore 0x02373847 WebCore::SubresourceLoader::didFinishLoading() + 169 (SubresourceLoader.cpp:195) 132 com.apple.WebCore 0x0223a020 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) + 24 (ResourceLoader.cpp:362) 133 com.apple.WebCore 0x02237a60 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 116 (ResourceHandleMac.mm:456) 134 com.apple.Foundation 0x9372b357 -[NSURLConnection(NSURLConnectionReallyInternal) sendDidFinishLoading] + 87 135 com.apple.Foundation 0x9372b2e4 _NSURLConnectionDidFinishLoading + 68 136 com.apple.CFNetwork 0x966e6adf sendDidFinishLoadingCallback + 148 137 com.apple.CFNetwork 0x966e39d2 _CFURLConnectionSendCallbacks + 1908 138 com.apple.CFNetwork 0x966e31e3 muxerSourcePerform + 283 139 com.apple.CoreFoundation 0x9063b64e CFRunLoopRunSpecific + 3166 140 com.apple.CoreFoundation 0x9063bd38 CFRunLoopRunInMode + 88 141 com.apple.HIToolbox 0x968f78a4 RunCurrentEventLoopInMode + 283 142 com.apple.HIToolbox 0x968f76bd ReceiveNextEventCommon + 374 143 com.apple.HIToolbox 0x968f7531 BlockUntilNextEventMatchingListInMode + 106 144 com.apple.AppKit 0x90746d5b _DPSNextEvent + 657 145 com.apple.AppKit 0x907466a0 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 146 com.apple.Safari 0x00009d4e 0x1000 + 36174 147 com.apple.AppKit 0x9073f6d1 -[NSApplication run] + 795 148 com.apple.AppKit 0x9070c9ba NSApplicationMain + 574 149 com.apple.Safari 0x00002876 0x1000 + 6262

This is a regression from shipping Safari 3.0.4 (523.12) with original WebKit on Mac OS X 10.4.11 (8S165). (The page doesn't work, but loading it doesn't crash.)

The bisect-builds script reports: Works: r27761 Fails: r27811

A delta <http://delta.tigris.org/> reduction of the original web page points to this JavaScript (opening this tag in an HTML file will reproduce the crash): <script type="text/javascript" src="http://mysit.es/javascripts/codeeditors.js?v=1195518434"></script> Note that I had to create my own "topformatflat" script: #!/bin/sh exec cat My testit.sh script was: #!/bin/sh `/Volumes/WebKit/WebKit.app/Contents/MacOS/WebKit /tmp/delta/MySit.es.html` STATUS=$? echo ">>>>> $STATUS" if [ $STATUS -eq 139 -o $STATUS -eq 138 ]; then exit 0; fi exit 1;

(In reply to comment #5) > `/Volumes/WebKit/WebKit.app/Contents/MacOS/WebKit /tmp/delta/MySit.es.html` Used WebKit nightly r28007.

Loading this page under guard malloc triggers the following crash: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0xe28f9000 0x00627c3a in jsRegExpCompile (pattern=0xe28f0fd0, patternLength=17, ignoreCase=JSRegExpDoNotIgnoreCase, multiline=JSRegExpSingleLine, numSubpatterns=0xe28f6ffc, errorptr=0xe28f6ff8) at /Volumes/Data/Home/Documents/Work/WebKit-git/OpenSource/JavaScriptCore/pcre/pcre_compile.cpp:3048 3048 *code = OP_BRA; (gdb) bt #0 0x00627c3a in jsRegExpCompile (pattern=0xe28f0fd0, patternLength=17, ignoreCase=JSRegExpDoNotIgnoreCase, multiline=JSRegExpSingleLine, numSubpatterns=0xe28f6ffc, errorptr=0xe28f6ff8) at /Volumes/Data/Home/Documents/Work/WebKit-git/OpenSource/JavaScriptCore/pcre/pcre_compile.cpp:3048 #1 0x005953df in KJS::RegExp::RegExp (this=0xe28f6fe0, pattern=@0x31bb2ff8, flags=@0x31bb2ffc) at regexp.cpp:70 #2 0x0059540d in KJS::RegExp::RegExp (this=0xe28f6fe0, pattern=@0x31bb2ff8, flags=@0x31bb2ffc) at regexp.cpp:71 #3 0x005f6905 in KJS::RegExpNode::RegExpNode (this=0xe28f4ff0, pattern=@0x31bb2ff8, flags=@0x31bb2ffc) at nodes.h:281 #4 0x005f693b in KJS::RegExpNode::RegExpNode (this=0xe28f4ff0, pattern=@0x31bb2ff8, flags=@0x31bb2ffc) at nodes.h:283 #5 0x005c5653 in kjsyyparse () at grammar.y:227 I'm waiting through another guardmalloc run to see whether fixing this regexp issue fixed the malloc errors.

Created attachment 17513 [details] Reduced test case (will crash ToT) Another regular expression crasher. I "inlined" the <script> tag and reran multidelta with the new source file. It got the file down to 7 lines (including the script tags), but it was obvious that the regex was causing a crash at that point.

I just need to build a layout test then I'll throw my fix up for review.

Created attachment 17514 [details] Patch

Comment on attachment 17514 [details] Patch r=me

Landed in r28018.