17058 – Acid3 crashes (ASSERT) after double-attach

RESOLVED FIXED 17058

Acid3 crashes (ASSERT) after double-attach

https://bugs.webkit.org/show_bug.cgi?id=17058

Summary Acid3 crashes (ASSERT) after double-attach

Eric Seidel (no email)

Reported 2008-01-28 23:51:32 PST

See /usr/include/servers/bootstrap_defs.h for the error codes. ERROR: unable to initialize with font (null) at not known (/Stuff/Projects/WebKit/WebCore/platform/graphics/mac/SimpleFontDataMac.mm:147 void WebCore::SimpleFontData::platformInit()) ERROR: Corrupt font detected, using (null) in place of (null) located at "not known". (/Stuff/Projects/WebKit/WebCore/platform/graphics/mac/SimpleFontDataMac.mm:154 void WebCore::SimpleFontData::platformInit()) ERROR: failed to set up font, using system font ?kx? (/Stuff/Projects/WebKit/WebCore/platform/graphics/mac/SimpleFontDataMac.mm:161 void WebCore::SimpleFontData::platformInit()) ASSERTION FAILED: !attached() (/Stuff/Projects/WebKit/WebCore/dom/Node.cpp:803 virtual void WebCore::Node::attach()) Process: Safari [23760] Path: /Applications/Safari.app/Contents/MacOS/Safari Identifier: com.apple.Safari Version: 3.0.4 (5523.10.6) Build Info: WebBrowser-55231006~1 Code Type: X86 (Native) Parent Process: perl [23757] Date/Time: 2008-01-28 23:50:09.831 -0800 OS Version: Mac OS X 10.5.1 (9B18) Report Version: 6 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.WebCore 0x01d98333 WebCore::Node::attach() + 75 (Node.cpp:803) 1 com.apple.WebCore 0x01f70f7c WebCore::Text::attach() + 28 (Text.cpp:166) 2 com.apple.WebCore 0x01ab8af7 WebCore::ContainerNode::attach() + 63 (ContainerNode.cpp:629) 3 com.apple.WebCore 0x01b724a6 WebCore::Element::attach() + 28 (Element.cpp:682) 4 com.apple.WebCore 0x01ab8af7 WebCore::ContainerNode::attach() + 63 (ContainerNode.cpp:629) 5 com.apple.WebCore 0x01b724a6 WebCore::Element::attach() + 28 (Element.cpp:682) 6 com.apple.WebCore 0x01ab9eff WebCore::ContainerNode::appendChild(WTF::PassRefPtr<WebCore::Node>, int&) + 933 (ContainerNode.cpp:547) 7 com.apple.WebCore 0x01d02dd2 WebCore::JSNode::appendChild(KJS::ExecState*, KJS::List const&) + 96 (JSNodeCustom.cpp:102) 8 com.apple.WebCore 0x01d01110 WebCore::jsNodePrototypeFunctionAppendChild(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 96 (JSNode.cpp:455) 9 com.apple.JavaScriptCore 0x0041f018 KJS::PrototypeFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 34 (function.cpp:883) 10 com.apple.JavaScriptCore 0x0043bbcc KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 222 (object.cpp:96) 11 com.apple.JavaScriptCore 0x004964b4 KJS::FunctionCallDotNode::inlineEvaluate(KJS::ExecState*) + 776 (nodes.cpp:1225) 12 com.apple.JavaScriptCore 0x00457a8c KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 30 (nodes.cpp:1231) 13 com.apple.JavaScriptCore 0x00449e07 KJS::ExprStatementNode::execute(KJS::ExecState*) + 43 (nodes.cpp:3719) 14 com.apple.JavaScriptCore 0x0042accd KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>&, KJS::ExecState*) + 85 (nodes.cpp:3672) 15 com.apple.JavaScriptCore 0x0042ad5a KJS::BlockNode::execute(KJS::ExecState*) + 26 (nodes.cpp:3698) 16 com.apple.JavaScriptCore 0x0044741e KJS::FunctionBodyNode::execute(KJS::ExecState*) + 34 (nodes.cpp:4617) 17 com.apple.JavaScriptCore 0x00436398 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 116 (function.cpp:76) 18 com.apple.JavaScriptCore 0x0043bbcc KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 222 (object.cpp:96) 19 com.apple.JavaScriptCore 0x00457f54 KJS::FunctionCallBracketNode::evaluate(KJS::ExecState*) + 984 (nodes.cpp:1176) 20 com.apple.JavaScriptCore 0x0044a8fc KJS::AssignLocalVarNode::evaluate(KJS::ExecState*) + 144 (nodes.cpp:3274) 21 com.apple.JavaScriptCore 0x00449da5 KJS::VarStatementNode::execute(KJS::ExecState*) + 43 (nodes.cpp:3736) 22 com.apple.JavaScriptCore 0x0042accd KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>&, KJS::ExecState*) + 85 (nodes.cpp:3672) 23 com.apple.JavaScriptCore 0x0042ad5a KJS::BlockNode::execute(KJS::ExecState*) + 26 (nodes.cpp:3698) 24 com.apple.JavaScriptCore 0x00447623 KJS::TryNode::execute(KJS::ExecState*) + 43 (nodes.cpp:4289) 25 com.apple.JavaScriptCore 0x0042accd KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>&, KJS::ExecState*) + 85 (nodes.cpp:3672) 26 com.apple.JavaScriptCore 0x0042ad5a KJS::BlockNode::execute(KJS::ExecState*) + 26 (nodes.cpp:3698) 27 com.apple.JavaScriptCore 0x00449cbd KJS::IfElseNode::execute(KJS::ExecState*) + 113 (nodes.cpp:3773) 28 com.apple.JavaScriptCore 0x0042accd KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>&, KJS::ExecState*) + 85 (nodes.cpp:3672) 29 com.apple.JavaScriptCore 0x0042ad5a KJS::BlockNode::execute(KJS::ExecState*) + 26 (nodes.cpp:3698) 30 com.apple.JavaScriptCore 0x0044741e KJS::FunctionBodyNode::execute(KJS::ExecState*) + 34 (nodes.cpp:4617) 31 com.apple.JavaScriptCore 0x00436398 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 116 (function.cpp:76) 32 com.apple.JavaScriptCore 0x0043bbcc KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 222 (object.cpp:96) 33 com.apple.WebCore 0x01f4ff55 WebCore::ScheduledAction::execute(KJS::Window*) + 467 (ScheduledAction.cpp:76) 34 com.apple.WebCore 0x01ff10ec KJS::Window::timerFired(KJS::DOMWindowTimer*) + 424 (kjs_window.cpp:1355) 35 com.apple.WebCore 0x01ff1160 KJS::DOMWindowTimer::fired() + 48 (kjs_window.cpp:1392) 36 com.apple.WebCore 0x01f88734 WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*, 0ul> const&) + 198 (Timer.cpp:339) 37 com.apple.WebCore 0x01f887dc WebCore::TimerBase::sharedTimerFired() + 110 (Timer.cpp:359) 38 com.apple.WebCore 0x01f62030 WebCore::timerFired(__CFRunLoopTimer*, void*) + 78 (SharedTimerMac.cpp:85) 39 com.apple.CoreFoundation 0x935c1b7e CFRunLoopRunSpecific + 4494 40 com.apple.CoreFoundation 0x935c1d38 CFRunLoopRunInMode + 88 41 com.apple.HIToolbox 0x900348a4 RunCurrentEventLoopInMode + 283 42 com.apple.HIToolbox 0x900346bd ReceiveNextEventCommon + 374 43 com.apple.HIToolbox 0x90034531 BlockUntilNextEventMatchingListInMode + 106 44 com.apple.AppKit 0x952ced5b _DPSNextEvent + 657 45 com.apple.AppKit 0x952ce6a0 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 46 com.apple.Safari 0x00009d4e 0x1000 + 36174 47 com.apple.AppKit 0x952c76d1 -[NSApplication run] + 795 48 com.apple.AppKit 0x952949ba NSApplicationMain + 574 49 com.apple.Safari 0x00002876 0x1000 + 6262 Thread 1: 0 libSystem.B.dylib 0x922a9ace __semwait_signal + 10 1 libSystem.B.dylib 0x922d3ced pthread_cond_wait$UNIX2003 + 73 2 com.apple.WebCore 0x01f852bf WebCore::ThreadCondition::wait(WebCore::Mutex&) + 39 (ThreadingPthreads.cpp:184) 3 com.apple.WebCore 0x01c5417b WebCore::IconDatabase::syncThreadMainLoop() + 641 (IconDatabase.cpp:1313) 4 com.apple.WebCore 0x01c55996 WebCore::IconDatabase::iconDatabaseSyncThread() + 1198 (IconDatabase.cpp:1015) 5 com.apple.WebCore 0x01c559c5 WebCore::IconDatabase::iconDatabaseSyncThreadStart(void*) + 23 (IconDatabase.cpp:919) 6 libSystem.B.dylib 0x922d3075 _pthread_start + 321 7 libSystem.B.dylib 0x922d2f32 thread_start + 34 Thread 2: 0 libSystem.B.dylib 0x922f1f5a select$DARWIN_EXTSN + 10 1 libSystem.B.dylib 0x922d3075 _pthread_start + 321 2 libSystem.B.dylib 0x922d2f32 thread_start + 34 Thread 3: 0 libSystem.B.dylib 0x922a28e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x922aa0dc mach_msg + 72 2 com.apple.CoreFoundation 0x935c10fe CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x935c1d38 CFRunLoopRunInMode + 88 4 com.apple.CFNetwork 0x938487ba CFURLCacheWorkerThread(void*) + 396 5 libSystem.B.dylib 0x922d3075 _pthread_start + 321 6 libSystem.B.dylib 0x922d2f32 thread_start + 34 Thread 4: 0 libSystem.B.dylib 0x922a28e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x922aa0dc mach_msg + 72 2 com.apple.CoreFoundation 0x935c10fe CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x935c1d38 CFRunLoopRunInMode + 88 4 com.apple.Foundation 0x94e27560 +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] + 320 5 com.apple.Foundation 0x94dc404d -[NSThread main] + 45 6 com.apple.Foundation 0x94dc3bf4 __NSThread__main__ + 308 7 libSystem.B.dylib 0x922d3075 _pthread_start + 321 8 libSystem.B.dylib 0x922d2f32 thread_start + 34 Thread 5: 0 libSystem.B.dylib 0x922a28e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x922aa0dc mach_msg + 72 2 com.apple.CoreFoundation 0x935c10fe CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x935c1d38 CFRunLoopRunInMode + 88 4 com.apple.Foundation 0x94df85b5 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 213 5 com.apple.Foundation 0x94e046d4 -[NSRunLoop(NSRunLoop) run] + 84 6 com.apple.Safari 0x0004edd0 0x1000 + 318928 7 com.apple.Foundation 0x94dc404d -[NSThread main] + 45 8 com.apple.Foundation 0x94dc3bf4 __NSThread__main__ + 308 9 libSystem.B.dylib 0x922d3075 _pthread_start + 321 10 libSystem.B.dylib 0x922d2f32 thread_start + 34 Thread 0 crashed with X86 Thread State (32-bit): eax: 0xbbadbeef ebx: 0x01d982f4 ecx: 0x00000000 edx: 0x00000000 edi: 0x01ab9b5a esi: 0x19e3b400 ebp: 0xbfffd958 esp: 0xbfffd920 ss: 0x0000001f efl: 0x00010286 eip: 0x01d98333 cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 cr2: 0xbbadbeef Binary Images: 0x1000 - 0x12efef com.apple.Safari 3.0.4 (5523.10.6) <53d219fd878088543fd2e1af460bed18> /Applications/Safari.app/Contents/MacOS/Safari 0x176000 - 0x276fe3 com.apple.WebKit 525.7+ (525.7+) <bce01ac153df95931e1e297ebe71943b> /Stuff/Projects/build/Debug/WebKit.framework/Versions/A/WebKit 0x400000 - 0x40eff8 SyndicationUI ??? (???) <8adc35e1eb5001dead3c18ee25f2e8db> /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI 0x41d000 - 0x4e9fe7 com.apple.JavaScriptCore 525.7+ (525.7+) <6efb2b305cbdc7c65e48c136adf87ff6> /Stuff/Projects/build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x6af000 - 0x6b1fff +net.culater.SIMBL 0.8.2 (8) /Library/InputManagers/SIMBL/SIMBL.bundle/Contents/MacOS/SIMBL 0x1a04000 - 0x22ccff2 com.apple.WebCore 525.7+ (525.7+) <cb3bdc82e311855139a77de358b59b62> /Stuff/Projects/build/Debug/WebCore.framework/Versions/A/WebCore 0x3408000 - 0x34eeff7 com.apple.RawCamera.bundle 2.0 (2.0) /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera 0x37c4000 - 0x37c9fff com.apple.DictionaryServiceComponent 1.1 (1.1) <8edc1180f52db18e9ddfb4e95debe61b> /System/Library/Components/DictionaryService.component/Contents/MacOS/DictionaryService 0x37db000 - 0x37e0ff3 libCGXCoreImage.A.dylib ??? (???) <978986709159e5fe9e094df5efddac1d> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXCoreImage.A.dylib 0x18f8d000 - 0x18f8dffe com.apple.JavaPluginCocoa 12.0.0 (12.0.0) <02a9f23a8bfc902c32ac0adfb66d6816> /Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/MacOS/JavaPluginCocoa 0x196e2000 - 0x1974ffff +com.DivXInc.DivXDecoder 6.6.0 (6.6.0) /Library/QuickTime/DivX Decoder.component/Contents/MacOS/DivX Decoder 0x19829000 - 0x1982aff3 ATSHI.dylib ??? (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/ATSHI.dylib 0x198db000 - 0x198e2ffd com.apple.JavaVM 12.0.0 (12.0.0) <44b9536fe4d7c7fcb3506adb695a180f> /System/Library/Frameworks/JavaVM.framework/Versions/A/JavaVM 0x8fe00000 - 0x8fe2d883 dyld 95.3 (???) <81592e798780564b5d46b988f7ee1a6a> /usr/lib/dyld 0x90003000 - 0x90004fef libmathCommon.A.dylib ??? (???) /usr/lib/system/libmathCommon.A.dylib 0x90005000 - 0x9030bfff com.apple.HIToolbox 1.5.0 (???) <1b872a7151ee3f80c9c736a3e46d00d9> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x9035a000 - 0x9035efff libGIF.dylib ??? (???) <d4234e6f5e5f530bdafb969157f1f17b> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x9035f000 - 0x9035fffd com.apple.Accelerate 1.4 (Accelerate 1.4) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x90392000 - 0x903d1fef libTIFF.dylib ??? (???) <6d0f80e9d4d81f3f64c876aca005bd53> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x90660000 - 0x90676fff com.apple.DictionaryServices 1.0.0 (1.0.0) <ad0aa0252e3323d182e17f50defe56fc> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices 0x90677000 - 0x906b1ff7 com.apple.coreui 0.1 (60) /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI 0x906b2000 - 0x906b3ffc libffi.dylib ??? (???) <a3b573eb950ca583290f7b2b4c486d09> /usr/lib/libffi.dylib 0x906b4000 - 0x906b4ffd com.apple.Accelerate.vecLib 3.4 (vecLib 3.4) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x906b5000 - 0x9070fff7 com.apple.CoreText 2.0.0 (???) <7fa39cd5bc847615ec02e7c7a37c0508> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x90727000 - 0x90729fff com.apple.securityhi 3.0 (30817) <2b2854123fed609d1820d2779e2e0963> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x9072a000 - 0x90734feb com.apple.audio.SoundManager 3.9.2 (3.9.2) <0f2ba6e891d3761212cf5a5e6134d683> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x90735000 - 0x90737fff com.apple.CrashReporterSupport 10.5.0 (156) <3088b785b10d03504ed02f3fee5d3aab> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Versions/A/CrashReporterSupport 0x90898000 - 0x90ca8fef libBLAS.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x90ca9000 - 0x90d50fff com.apple.QD 3.11.50 (???) <e2f71720ae1dad06a8883ac80775b21a> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x90d51000 - 0x90d87fef libtidy.A.dylib ??? (???) <e4d3e7399fb83d7f145f9b4ec8196242> /usr/lib/libtidy.A.dylib 0x90d88000 - 0x90dacfeb libssl.0.9.7.dylib ??? (???) <acee7fc534674498dcac211318aa23e8> /usr/lib/libssl.0.9.7.dylib 0x90dfa000 - 0x90e4aff7 com.apple.HIServices 1.6.0 (???) <d74aa73e4cfd30a08fb169198a8d2539> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x90e4b000 - 0x90e69ff3 com.apple.DirectoryService.Framework 3.5 (3.5) <899d8c9ee31b004a6ff73dab88982b1a> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x90f43000 - 0x90fb7fef libvMisc.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x90fb8000 - 0x910dcfe3 com.apple.audio.toolbox.AudioToolbox 1.5 (1.5) /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x910dd000 - 0x910e4fff com.apple.agl 3.0.9 (AGL-3.0.9) <7dac4a7cb0de2f6d08ae71c1249379e3> /System/Library/Frameworks/AGL.framework/Versions/A/AGL 0x910e5000 - 0x910e5ffd com.apple.vecLib 3.4 (vecLib 3.4) /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x9112d000 - 0x92076fea com.apple.QuickTimeComponents.component 7.4 (92) /System/Library/QuickTime/QuickTimeComponents.component/Contents/MacOS/QuickTimeComponents 0x92077000 - 0x9207efe9 libgcc_s.1.dylib ??? (???) <f53c808e87d1184c0f9df63aef53ce0b> /usr/lib/libgcc_s.1.dylib 0x9207f000 - 0x920a6fff libcups.2.dylib ??? (???) <5521498e8902ddd0b15cfaa7db384e29> /usr/lib/libcups.2.dylib 0x920a7000 - 0x920ecfef com.apple.Metadata 10.5.0 (398) <4fd74fba0062c2e08ec4b1c10b40ff63> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x920ed000 - 0x9217fff3 com.apple.ApplicationServices.ATS 3.0 (???) <fb5f572243dbc370a0ea5efc8e81ae11> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x92180000 - 0x9218bfe7 libCSync.A.dylib ??? (???) <df82fc093e498a9eb5490761cb292218> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x922a2000 - 0x923fcfe3 libSystem.B.dylib ??? (???) <8ecc83dc0399be3946f7a46e88cf4bbb> /usr/lib/libSystem.B.dylib 0x923fd000 - 0x92484ff7 libsqlite3.0.dylib ??? (???) <273efcb717e89c21207c851d7d33fda4> /usr/lib/libsqlite3.0.dylib 0x92485000 - 0x92537ffb libcrypto.0.9.7.dylib ??? (???) <330b0e48e67faffc8c22dfc069ca7a47> /usr/lib/libcrypto.0.9.7.dylib 0x92538000 - 0x9253fffe libbsm.dylib ??? (???) <d25c63378a5029648ffd4b4669be31bf> /usr/lib/libbsm.dylib 0x92540000 - 0x92547ff7 libCGATS.A.dylib ??? (???) <9b29a5500efe01cc3adea67bbc42568e> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x92548000 - 0x92906fea libLAPACK.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x92907000 - 0x92944ff7 libGLImage.dylib ??? (???) <202d73e6a4688fc06ff11b71910c2ce7> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x92bae000 - 0x92e87fe7 com.apple.CoreServices.CarbonCore 783 (783) <8370e664eeb25edc98d5c1f5405b06ae> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x92e88000 - 0x92eacfff libxslt.1.dylib ??? (???) <4933ddc7f6618743197aadc85b33b5ab> /usr/lib/libxslt.1.dylib 0x92ead000 - 0x92eb6fff com.apple.speech.recognition.framework 3.7.24 (3.7.24) <d3180f9edbd9a5e6f283d6156aa3c602> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x92eb7000 - 0x9354efef com.apple.CoreGraphics 1.351.0 (???) <7a6f399039eed6dbe845c169f7d21a70> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x9354f000 - 0x93681fe7 com.apple.CoreFoundation 6.5 (476) <8bfebc0dbad6fc33bea0fa00a1b9ec37> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x93682000 - 0x93692fff com.apple.speech.synthesis.framework 3.6.59 (3.6.59) <4ffef145fad3d4d787e0c33eab26b336> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x93693000 - 0x9369bfff com.apple.DiskArbitration 2.2 (2.2) <1551b2af557fdf6f368f93e093933852> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x9369c000 - 0x9372ffff com.apple.ink.framework 101.3 (86) <bf3fa8927b4b8baae92381a976fd2079> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x93730000 - 0x937f7ff2 com.apple.vImage 3.0 (3.0) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x9383d000 - 0x938b4fe3 com.apple.CFNetwork 220 (221) <972a41911805859205b057a6f5b91e8d> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x9395f000 - 0x93973ff3 com.apple.ImageCapture 4.0 (5.0.0) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x93974000 - 0x93977fff com.apple.help 1.1 (36) <b507b08e484cb89033e9cf23062d77de> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x93978000 - 0x93978ff8 com.apple.Cocoa 6.5 (???) <e064f94d969ce25cb7de3cfb980c3249> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x93979000 - 0x9397bff5 libRadiance.dylib ??? (???) <20eadb285da83df96c795c2c5fa20590> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x9397c000 - 0x93a60ffb com.apple.CoreData 100 (185) <a4e63784275e25e62f57e75e0af0b94d> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x93a61000 - 0x93ae0ff5 com.apple.SearchKit 1.2.0 (1.2.0) <277b460da86bc222785159fe77e2e2ed> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x93ae1000 - 0x93b5bff8 com.apple.print.framework.PrintCore 5.5 (245) <9441d178f4b430cf92b67bf346646693> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x93b5c000 - 0x93bd8feb com.apple.audio.CoreAudio 3.1.0 (3.1) <70bb7c657061631491029a61babe0b26> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x93bd9000 - 0x93bd9ff8 com.apple.ApplicationServices 34 (34) <8f910fa65f01d401ad8d04cc933cf887> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x93bda000 - 0x93c04fef libauto.dylib ??? (???) <d468bc4a8a69343f1748c293db1b57fb> /usr/lib/libauto.dylib 0x93c05000 - 0x93dcefef com.apple.security 5.0.1 (32736) <8c9eda0fcc1d8a571543025ac900715f> /System/Library/Frameworks/Security.framework/Versions/A/Security 0x93dcf000 - 0x93dcfffb com.apple.installserver.framework 1.0 (8) /System/Library/PrivateFrameworks/InstallServer.framework/Versions/A/InstallServer 0x93dd0000 - 0x93e29fff libGLU.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x93e55000 - 0x93e63ffd libz.1.dylib ??? (???) <5ddd8539ae2ebfd8e7cc1c57525385c7> /usr/lib/libz.1.dylib 0x93f2c000 - 0x93fb8ff7 com.apple.LaunchServices 286 (286) <72b15e7a01e42d510f0339e90113d5d6> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x93fb9000 - 0x94098fff libobjc.A.dylib ??? (???) <5eda47fec2d0e7853b3506aa1fd2dafa> /usr/lib/libobjc.A.dylib 0x945b0000 - 0x945f1fe7 libRIP.A.dylib ??? (???) <bdc6d70bf4ed3dace321b4ff76a353b3> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x945f2000 - 0x94770fff com.apple.AddressBook.framework 4.1 (687) <3f005092d08e963eabe8f7f66c09cc1e> /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x94771000 - 0x94777fff com.apple.print.framework.Print 218 (220) <c35172175abbe554ddadd9b6401351fa> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x94778000 - 0x94778ffc com.apple.audio.units.AudioUnit 1.5 (1.5) /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x94779000 - 0x947d5ff7 com.apple.htmlrendering 68 (1.1.3) <fe87a9dede38db00e6c8949942c6bd4f> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x94846000 - 0x94bdcff7 com.apple.QuartzCore 1.5.1 (1.5.1) <deb61cbeb3f734a1b2f4669f6268b9de> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x94c4a000 - 0x94c68fff libresolv.9.dylib ??? (???) <54e6a08c2f108bdf5916fb483d51961b> /usr/lib/libresolv.9.dylib 0x94c69000 - 0x94d19fff edu.mit.Kerberos 6.0.11 (6.0.11) <33c25789baedcd70a7e24881775dd9ad> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos 0x94d1a000 - 0x94d49fe3 com.apple.AE 402 (402) <994ba8e884aefe7bf1fc5987df099e7b> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x94d4a000 - 0x94d5affc com.apple.LangAnalysis 1.6.4 (1.6.4) <cbeb17ab39f28351fe2ab5b82bf465bc> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x94d8c000 - 0x94db9feb libvDSP.dylib ??? (???) <a26683d121ee0f96df9a9d0bfca36049> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x94dba000 - 0x95033fe7 com.apple.Foundation 6.5.1 (677.1) <85ac18c7cd454378db6122bea0c00965> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x95034000 - 0x95135fff com.apple.PubSub 1.0.1 (59) /System/Library/Frameworks/PubSub.framework/Versions/A/PubSub 0x95148000 - 0x9528dff7 com.apple.ImageIO.framework 2.0.0 (2.0.0) <154d4d8cda2bd99518cbabc9f2d69833> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x9528e000 - 0x95a88fef com.apple.AppKit 6.5 (949) <f8d0f6d0bb5ac092f48f42ca684bdb54> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x95a89000 - 0x95a94ff9 com.apple.helpdata 1.0 (14) /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/HelpData 0x95a95000 - 0x95aa4ffe com.apple.DSObjCWrappers.Framework 1.2 (1.2) <f5b58d1d3a855a63d493ccbec417a1e9> /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x95b9a000 - 0x95b9ffff com.apple.backup.framework 1.0 (1.0) /System/Library/PrivateFrameworks/Backup.framework/Versions/A/Backup 0x95c10000 - 0x95cc6fe3 com.apple.CoreServices.OSServices 210.2 (210.2) <4ed69f07fc0f211ab32d1ee96e281fc2> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x95cc7000 - 0x95d24ffb libstdc++.6.dylib ??? (???) <04b812dcec670daa8b7d2852ab14be60> /usr/lib/libstdc++.6.dylib 0x95d25000 - 0x95d3bfe7 com.apple.CoreVideo 1.5.0 (1.5.0) <7e010557527a0e6d49147c297d16850a> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x95d3c000 - 0x95ddafef com.apple.QuickTimeImporters.component 7.4 (92) /System/Library/QuickTime/QuickTimeImporters.component/Contents/MacOS/QuickTimeImporters 0x95ddb000 - 0x95de8fe7 com.apple.opengl 1.5.5 (1.5.5) <aa08b52d2a84b44dc6ee5d544a53fe8a> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x95dea000 - 0x95e2cfef com.apple.NavigationServices 3.5.1 (161) <cc6bd78eabf1e2e7166914e9f12f5850> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x95fe9000 - 0x96098fff com.apple.DesktopServices 1.4.3 (1.4.3) <66d5ed56111c43d234e235d365d02469> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x960db000 - 0x960e0fff com.apple.CommonPanels 1.2.4 (85) <ea0665f57cd267609466ed8b2b20e893> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x960f9000 - 0x96121ff7 com.apple.shortcut 1 (1.0) <057783867138902b52bc0941fedb74d1> /System/Library/PrivateFrameworks/Shortcut.framework/Versions/A/Shortcut 0x96127000 - 0x9613ffff com.apple.openscripting 1.2.6 (???) <b8e553df643f2aec68fa968b3b459b2b> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x96140000 - 0x9615bffb libPng.dylib ??? (???) <b6abcac36ec7654ff3e1cfa786b0117b> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x96170000 - 0x961bafe1 com.apple.securityinterface 3.0 (32532) <f521dae416ce7a3bdd594b0d4e2fb517> /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x961bb000 - 0x961bbfff com.apple.Carbon 136 (136) <98a5e3bc0c4fa44bbb09713bb88707fe> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x961bc000 - 0x961bcffa com.apple.CoreServices 32 (32) <2fcc8f3bd5bbfc000b476cad8e6a3dd2> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x96279000 - 0x96303fff com.apple.framework.IOKit 1.5.1 (???) <5176a7383151a19c962334009fef2c6d> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x96304000 - 0x96336fff com.apple.LDAPFramework 1.4.3 (106) <3a5c9df6032143cd6bc2658a9d328d8e> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x96337000 - 0x96343ff5 libGL.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x96344000 - 0x9647cff7 libicucore.A.dylib ??? (???) <afcea652ff2ec36885b2c81c57d06d4c> /usr/lib/libicucore.A.dylib 0x9647d000 - 0x96548fff com.apple.ColorSync 4.5.0 (4.5.0) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x96549000 - 0x9685dfe2 com.apple.QuickTime 7.4.0 (92) <0d674546d12c65dc5c33dca4c81c315b> /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime 0x9685f000 - 0x96898ffe com.apple.securityfoundation 3.0 (32768) <1e9885d63ced51f81bc1f39af624637d> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x96899000 - 0x968b8ffa libJPEG.dylib ??? (???) <0cfb80109d624beb9ceb3c43b6c5ec10> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x968b9000 - 0x968effff com.apple.SystemConfiguration 1.9.0 (1.9.0) <7919d9588c3b0d556646e555b7193f1f> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x968f0000 - 0x96dbcffe libGLProgrammability.dylib ??? (???) <e8bc0af671427cf2b6279a035805a086> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib 0x96dbd000 - 0x96dccfff libsasl2.2.dylib ??? (???) <b9e1ca0b6612e280b6cbea6df0eec5f6> /usr/lib/libsasl2.2.dylib 0x96dcd000 - 0x96eaeff7 libxml2.2.dylib ??? (???) <450ec38b57fb46013847cce851001a2f> /usr/lib/libxml2.2.dylib 0x96eaf000 - 0x96f14ffb com.apple.ISSupport 1.6 (34) /System/Library/PrivateFrameworks/ISSupport.framework/Versions/A/ISSupport 0xba900000 - 0xba916fff libJapaneseConverter.dylib ??? (???) <7b0248c392848338f5d6ed093313eeef> /System/Library/CoreServices/Encodings/libJapaneseConverter.dylib 0xfffe8000 - 0xfffebfff libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib 0xffff0000 - 0xffff1780 libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib

Attachments
reduced test case (2.10 KB, image/svg+xml) 2008-01-29 11:55 PST, Eric Seidel (no email)	no flags	Details
slightly more reduced test (524 bytes, image/svg+xml) 2008-01-29 12:03 PST, Eric Seidel (no email)	no flags	Details
Remove SVGTextPathElement::buildPendingResource to fix crash (3.60 KB, patch) 2008-01-29 14:11 PST, Eric Seidel (no email)	zimmermann: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Eric Seidel (no email)

Comment 1 2008-01-29 00:41:18 PST

This only crashes when I load Acid3 from Hixie's website. Suggesting that this crash is dependent on some sub-resource.

Eric Seidel (no email)

Comment 2 2008-01-29 11:55:39 PST

Created attachment 18766 [details] reduced test case Ha! I totally stumbled upon this reduction by accident.

Eric Seidel (no email)

Comment 3 2008-01-29 12:03:16 PST

Created attachment 18767 [details] slightly more reduced test

Eric Seidel (no email)

Comment 4 2008-01-29 12:29:58 PST

I think this is the culprit: void SVGTextPathElement::buildPendingResource() { // FIXME: Real logic here! if (attached()) detach(); ASSERT(!attached()); attach(); } I'm not quite sure how we get a document inserted event, followed by another appendChild, since the document insertion and final append child should be the same line of code.

Eric Seidel (no email)

Comment 5 2008-01-29 12:41:33 PST

The double attach callstacks: $19 = (class WebCore::Text * const) 0x1aa15f50 #0 WebCore::Text::attach (this=0x1aa15f50) at /Stuff/Projects/WebKit/WebCore/dom/Text.cpp:164 #1 0x01ab9713 in WebCore::ContainerNode::attach (this=0x1aa16910) at /Stuff/Projects/WebKit/WebCore/dom/ContainerNode.cpp:630 #2 0x01b731a2 in WebCore::Element::attach (this=0x1aa16910) at /Stuff/Projects/WebKit/WebCore/dom/Element.cpp:681 #3 0x01f3c0f8 in WebCore::SVGTextPathElement::buildPendingResource (this=0x1aa16910) at /Stuff/Projects/WebKit/WebCore/svg/SVGTextPathElement.cpp:113 #4 0x01f3d60d in WebCore::SVGTextPathElement::insertedIntoDocument (this=0x1aa16910) at /Stuff/Projects/WebKit/WebCore/svg/SVGTextPathElement.cpp:103 #5 0x01ab8836 in WebCore::ContainerNode::insertedIntoDocument (this=0x1aa13f00) at /Stuff/Projects/WebKit/WebCore/dom/ContainerNode.cpp:649 #6 0x01b70836 in WebCore::Element::insertedIntoDocument (this=0x1aa13f00) at /Stuff/Projects/WebKit/WebCore/dom/Element.cpp:652 #7 0x01ead7cb in WebCore::SVGElement::insertedIntoDocument (this=0x1aa13f00) at /Stuff/Projects/WebKit/WebCore/svg/SVGElement.cpp:193 #8 0x01aba3ac in dispatchChildInsertionEvents (child=0x1aa13f00, ec=@0xbfffda64) at /Stuff/Projects/WebKit/WebCore/dom/ContainerNode.cpp:914 #9 0x01abaaa3 in WebCore::ContainerNode::appendChild (this=0x18a3e730, newChild=@0xbfffda68, ec=@0xbfffda64) at /Stuff/Projects/WebKit/WebCore/dom/ContainerNode.cpp:541 #10 0x01d03c9a in WebCore::JSNode::appendChild (this=0x1a9a0ec0, exec=0xbfffdcf4, args=@0xbfffdb50) at /Stuff/Projects/WebKit/WebCore/bindings/js/JSNodeCustom.cpp:102 #11 0x01d01fd8 in WebCore::jsNodePrototypeFunctionAppendChild (exec=0xbfffdcf4, thisObj=0x1a9a0ec0, args=@0xbfffdb50) at /Stuff/Projects/build/Debug/DerivedSources/WebCore/JSNode.cpp:455 #12 0x0041f018 in KJS::PrototypeFunction::callAsFunction (this=0x1a9a0de0, exec=0xbfffdcf4, thisObj=0x1a9a0ec0, args=@0xbfffdb50) at function.cpp:882 #13 0x0043bbcc in KJS::JSObject::call (this=0x1a9a0de0, exec=0xbfffdcf4, thisObj=0x1a9a0ec0, args=@0xbfffdb50) at object.cpp:96 #14 0x004964b4 in KJS::FunctionCallDotNode::inlineEvaluate (this=0x1aa12090, exec=0xbfffdcf4) at nodes.cpp:1225 #15 0x00457a8c in KJS::FunctionCallDotNode::evaluate (this=0x1aa12090, exec=0xbfffdcf4) at nodes.cpp:1230 #16 0x00449e07 in KJS::ExprStatementNode::execute (this=0x1aa120b0, exec=0xbfffdcf4) at nodes.cpp:3719 #17 0x0042accd in statementListExecute (statements=@0x1aa15de0, exec=0xbfffdcf4) at nodes.cpp:3672 #18 0x0042ad5a in KJS::BlockNode::execute (this=0x1aa15dd0, exec=0xbfffdcf4) at nodes.cpp:3697 #19 0x004475f6 in KJS::ProgramNode::execute (this=0x1aa15dd0, exec=0xbfffdcf4) at nodes.cpp:4604 #20 0x00464d58 in KJS::Interpreter::evaluate (exec=0x3a06320, sourceURL=@0xbfffde2c, startingLineNumber=2, code=0x3a0b800, codeLength=415, thisV=0x1a9a0000) at interpreter.cpp:123 #21 0x01fef603 in WebCore::KJSProxy::evaluate (this=0x1a1dca40, filename=@0xbfffdeec, baseLine=2, str=@0xbfffdedc) at /Stuff/Projects/WebKit/WebCore/bindings/js/kjs_proxy.cpp:87 #22 0x01bc4222 in WebCore::FrameLoader::executeScript (this=0x38b1000, url=@0xbfffdeec, baseLine=2, script=@0xbfffdedc) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:790 #23 0x01fb6e7b in WebCore::XMLTokenizer::endElementNs (this=0x18a3c050) at /Stuff/Projects/WebKit/WebCore/dom/XMLTokenizer.cpp:847 #24 0x01fb6f10 in endElementNsHandler (closure=0x18a4c900, localname=0x38c386c "script", prefix=0x0, uri=0x38c3847 "http://www.w3.org/2000/svg") at /Stuff/Projects/WebKit/WebCore/dom/XMLTokenizer.cpp:1032 #25 0x96dfb226 in xmlParseAttributeType () #26 0x96dd87ed in xmlParseChunk () #27 0x01fb3bef in WebCore::XMLTokenizer::write (this=0x18a3c050, s=@0xbfffe144) at /Stuff/Projects/WebKit/WebCore/dom/XMLTokenizer.cpp:623 #28 0x01bb873e in WebCore::FrameLoader::write (this=0x38b1000, str=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., len=524, flush=false) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:1028 #29 0x01bb8872 in WebCore::FrameLoader::addData (this=0x38b1000, bytes=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:1776 #30 0x01f9db88 in -[WebCoreFrameBridge addData:] (self=0x14c0a8e0, _cmd=0x227f923, data=0x14cad150) at /Stuff/Projects/WebKit/WebCore/page/mac/WebCoreFrameBridge.mm:295 #31 0x01fa2b4e in -[WebCoreFrameBridge receivedData:textEncodingName:] (self=0x14c0a8e0, _cmd=0x25568c, data=0x14cad150, textEncodingName=0x0) at /Stuff/Projects/WebKit/WebCore/page/mac/WebCoreFrameBridge.mm:1239 #32 0x001be2b6 in -[WebHTMLRepresentation receivedData:withDataSource:] (self=0x18a31b60, _cmd=0x25579a, data=0x14cad150, dataSource=0x18ade190) at /Stuff/Projects/WebKit/WebKit/mac/WebView/WebHTMLRepresentation.mm:173 #33 0x0019b342 in -[WebDataSource(WebInternal) _receivedData:] (self=0x18ade190, _cmd=0x23ae9d, data=0x14cad150) at /Stuff/Projects/WebKit/WebKit/mac/WebView/WebDataSource.mm:214 #34 0x001b1806 in WebFrameLoaderClient::committedLoad (this=0x14c19360, loader=0x39d9600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebKit/mac/WebCoreSupport/WebFrameLoaderClient.mm:700 #35 0x01bb399f in WebCore::FrameLoader::committedLoad (this=0x38b1000, loader=0x39d9600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:3260 #36 0x01b57ce3 in WebCore::DocumentLoader::commitLoad (this=0x39d9600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/DocumentLoader.cpp:353 #37 0x01b57f02 in WebCore::DocumentLoader::receivedData (this=0x39d9600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/DocumentLoader.cpp:365 #38 0x01bb30a7 in WebCore::FrameLoader::receivedData (this=0x38b1000, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:2223 #39 0x01d8700a in WebCore::MainResourceLoader::addData (this=0x3969600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524, allAtOnce=false) at /Stuff/Projects/WebKit/WebCore/loader/MainResourceLoader.cpp:138 #40 0x01e7e9a1 in WebCore::ResourceLoader::didReceiveData (this=0x3969600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524, lengthReceived=524, allAtOnce=false) at /Stuff/Projects/WebKit/WebCore/loader/ResourceLoader.cpp:236 #41 0x01d87342 in WebCore::MainResourceLoader::didReceiveData (this=0x3969600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524, lengthReceived=524, allAtOnce=false) at /Stuff/Projects/WebKit/WebCore/loader/MainResourceLoader.cpp:299 #42 0x01e7e578 in WebCore::ResourceLoader::didReceiveData (this=0x3969600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524, lengthReceived=524) at /Stuff/Projects/WebKit/WebCore/loader/ResourceLoader.cpp:367 #43 0x01e7bdbd in -[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] (self=0x18af43d0, _cmd=0x9407832c, con=0x18af4630, data=0x3996c00, lengthReceived=524) at /Stuff/Projects/WebKit/WebCore/platform/network/mac/ResourceHandleMac.mm:434 #44 0x94e28e57 in -[NSURLConnection(NSURLConnectionReallyInternal) sendDidReceiveData:originalLength:] () #45 0x94e28dbe in _NSURLConnectionDidReceiveData () #46 0x93850153 in sendDidReceiveDataCallback () #47 0x9384d807 in _CFURLConnectionSendCallbacks () #48 0x9384d1db in muxerSourcePerform () #49 0x935c164e in CFRunLoopRunSpecific () #50 0x935c1d38 in CFRunLoopRunInMode () #51 0x900348a4 in RunCurrentEventLoopInMode () #52 0x900345f6 in ReceiveNextEventCommon () #53 0x90034531 in BlockUntilNextEventMatchingListInMode () #54 0x952ced5b in _DPSNextEvent () #55 0x952ce6a0 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] () #56 0x00009d4e in ?? () #57 0x952c76d1 in -[NSApplication run] () #58 0x952949ba in NSApplicationMain () #59 0x00002876 in ?? () (gdb) continue $20 = (class WebCore::Text * const) 0x1aa15f50 #0 WebCore::Text::attach (this=0x1aa15f50) at /Stuff/Projects/WebKit/WebCore/dom/Text.cpp:164 #1 0x01ab9713 in WebCore::ContainerNode::attach (this=0x1aa16910) at /Stuff/Projects/WebKit/WebCore/dom/ContainerNode.cpp:630 #2 0x01b731a2 in WebCore::Element::attach (this=0x1aa16910) at /Stuff/Projects/WebKit/WebCore/dom/Element.cpp:681 #3 0x01ab9713 in WebCore::ContainerNode::attach (this=0x1aa13f00) at /Stuff/Projects/WebKit/WebCore/dom/ContainerNode.cpp:630 #4 0x01b731a2 in WebCore::Element::attach (this=0x1aa13f00) at /Stuff/Projects/WebKit/WebCore/dom/Element.cpp:681 #5 0x01abab1b in WebCore::ContainerNode::appendChild (this=0x18a3e730, newChild=@0xbfffda68, ec=@0xbfffda64) at /Stuff/Projects/WebKit/WebCore/dom/ContainerNode.cpp:545 #6 0x01d03c9a in WebCore::JSNode::appendChild (this=0x1a9a0ec0, exec=0xbfffdcf4, args=@0xbfffdb50) at /Stuff/Projects/WebKit/WebCore/bindings/js/JSNodeCustom.cpp:102 #7 0x01d01fd8 in WebCore::jsNodePrototypeFunctionAppendChild (exec=0xbfffdcf4, thisObj=0x1a9a0ec0, args=@0xbfffdb50) at /Stuff/Projects/build/Debug/DerivedSources/WebCore/JSNode.cpp:455 #8 0x0041f018 in KJS::PrototypeFunction::callAsFunction (this=0x1a9a0de0, exec=0xbfffdcf4, thisObj=0x1a9a0ec0, args=@0xbfffdb50) at function.cpp:882 #9 0x0043bbcc in KJS::JSObject::call (this=0x1a9a0de0, exec=0xbfffdcf4, thisObj=0x1a9a0ec0, args=@0xbfffdb50) at object.cpp:96 #10 0x004964b4 in KJS::FunctionCallDotNode::inlineEvaluate (this=0x1aa12090, exec=0xbfffdcf4) at nodes.cpp:1225 #11 0x00457a8c in KJS::FunctionCallDotNode::evaluate (this=0x1aa12090, exec=0xbfffdcf4) at nodes.cpp:1230 #12 0x00449e07 in KJS::ExprStatementNode::execute (this=0x1aa120b0, exec=0xbfffdcf4) at nodes.cpp:3719 #13 0x0042accd in statementListExecute (statements=@0x1aa15de0, exec=0xbfffdcf4) at nodes.cpp:3672 #14 0x0042ad5a in KJS::BlockNode::execute (this=0x1aa15dd0, exec=0xbfffdcf4) at nodes.cpp:3697 #15 0x004475f6 in KJS::ProgramNode::execute (this=0x1aa15dd0, exec=0xbfffdcf4) at nodes.cpp:4604 #16 0x00464d58 in KJS::Interpreter::evaluate (exec=0x3a06320, sourceURL=@0xbfffde2c, startingLineNumber=2, code=0x3a0b800, codeLength=415, thisV=0x1a9a0000) at interpreter.cpp:123 #17 0x01fef603 in WebCore::KJSProxy::evaluate (this=0x1a1dca40, filename=@0xbfffdeec, baseLine=2, str=@0xbfffdedc) at /Stuff/Projects/WebKit/WebCore/bindings/js/kjs_proxy.cpp:87 #18 0x01bc4222 in WebCore::FrameLoader::executeScript (this=0x38b1000, url=@0xbfffdeec, baseLine=2, script=@0xbfffdedc) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:790 #19 0x01fb6e7b in WebCore::XMLTokenizer::endElementNs (this=0x18a3c050) at /Stuff/Projects/WebKit/WebCore/dom/XMLTokenizer.cpp:847 #20 0x01fb6f10 in endElementNsHandler (closure=0x18a4c900, localname=0x38c386c "script", prefix=0x0, uri=0x38c3847 "http://www.w3.org/2000/svg") at /Stuff/Projects/WebKit/WebCore/dom/XMLTokenizer.cpp:1032 #21 0x96dfb226 in xmlParseAttributeType () #22 0x96dd87ed in xmlParseChunk () #23 0x01fb3bef in WebCore::XMLTokenizer::write (this=0x18a3c050, s=@0xbfffe144) at /Stuff/Projects/WebKit/WebCore/dom/XMLTokenizer.cpp:623 #24 0x01bb873e in WebCore::FrameLoader::write (this=0x38b1000, str=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., len=524, flush=false) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:1028 #25 0x01bb8872 in WebCore::FrameLoader::addData (this=0x38b1000, bytes=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:1776 #26 0x01f9db88 in -[WebCoreFrameBridge addData:] (self=0x14c0a8e0, _cmd=0x227f923, data=0x14cad150) at /Stuff/Projects/WebKit/WebCore/page/mac/WebCoreFrameBridge.mm:295 #27 0x01fa2b4e in -[WebCoreFrameBridge receivedData:textEncodingName:] (self=0x14c0a8e0, _cmd=0x25568c, data=0x14cad150, textEncodingName=0x0) at /Stuff/Projects/WebKit/WebCore/page/mac/WebCoreFrameBridge.mm:1239 #28 0x001be2b6 in -[WebHTMLRepresentation receivedData:withDataSource:] (self=0x18a31b60, _cmd=0x25579a, data=0x14cad150, dataSource=0x18ade190) at /Stuff/Projects/WebKit/WebKit/mac/WebView/WebHTMLRepresentation.mm:173 #29 0x0019b342 in -[WebDataSource(WebInternal) _receivedData:] (self=0x18ade190, _cmd=0x23ae9d, data=0x14cad150) at /Stuff/Projects/WebKit/WebKit/mac/WebView/WebDataSource.mm:214 #30 0x001b1806 in WebFrameLoaderClient::committedLoad (this=0x14c19360, loader=0x39d9600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebKit/mac/WebCoreSupport/WebFrameLoaderClient.mm:700 #31 0x01bb399f in WebCore::FrameLoader::committedLoad (this=0x38b1000, loader=0x39d9600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:3260 #32 0x01b57ce3 in WebCore::DocumentLoader::commitLoad (this=0x39d9600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/DocumentLoader.cpp:353 #33 0x01b57f02 in WebCore::DocumentLoader::receivedData (this=0x39d9600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/DocumentLoader.cpp:365 #34 0x01bb30a7 in WebCore::FrameLoader::receivedData (this=0x38b1000, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524) at /Stuff/Projects/WebKit/WebCore/loader/FrameLoader.cpp:2223 #35 0x01d8700a in WebCore::MainResourceLoader::addData (this=0x3969600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524, allAtOnce=false) at /Stuff/Projects/WebKit/WebCore/loader/MainResourceLoader.cpp:138 #36 0x01e7e9a1 in WebCore::ResourceLoader::didReceiveData (this=0x3969600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524, lengthReceived=524, allAtOnce=false) at /Stuff/Projects/WebKit/WebCore/loader/ResourceLoader.cpp:236 #37 0x01d87342 in WebCore::MainResourceLoader::didReceiveData (this=0x3969600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524, lengthReceived=524, allAtOnce=false) at /Stuff/Projects/WebKit/WebCore/loader/MainResourceLoader.cpp:299 #38 0x01e7e578 in WebCore::ResourceLoader::didReceiveData (this=0x3969600, data=0x3996c20 "<svg xmlns=\"http://www.w3.org/2000/svg\">\n <path id=\"path\" d=\"M0 0\"/>\n <script>\n <![CDATA[\n var svgns = \"http://www.w3.org/2000/svg\";\n var text = document.createElementNS(svgns, \"text\");"..., length=524, lengthReceived=524) at /Stuff/Projects/WebKit/WebCore/loader/ResourceLoader.cpp:367 #39 0x01e7bdbd in -[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] (self=0x18af43d0, _cmd=0x9407832c, con=0x18af4630, data=0x3996c00, lengthReceived=524) at /Stuff/Projects/WebKit/WebCore/platform/network/mac/ResourceHandleMac.mm:434 #40 0x94e28e57 in -[NSURLConnection(NSURLConnectionReallyInternal) sendDidReceiveData:originalLength:] () #41 0x94e28dbe in _NSURLConnectionDidReceiveData () #42 0x93850153 in sendDidReceiveDataCallback () #43 0x9384d807 in _CFURLConnectionSendCallbacks () #44 0x9384d1db in muxerSourcePerform () #45 0x935c164e in CFRunLoopRunSpecific () #46 0x935c1d38 in CFRunLoopRunInMode () #47 0x900348a4 in RunCurrentEventLoopInMode () #48 0x900345f6 in ReceiveNextEventCommon () #49 0x90034531 in BlockUntilNextEventMatchingListInMode () #50 0x952ced5b in _DPSNextEvent () #51 0x952ce6a0 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] () #52 0x00009d4e in ?? () #53 0x952c76d1 in -[NSApplication run] () #54 0x952949ba in NSApplicationMain () #55 0x00002876 in ?? () "

Eric Seidel (no email)

Comment 6 2008-01-29 14:11:10 PST

Created attachment 18774 [details] Remove SVGTextPathElement::buildPendingResource to fix crash LayoutTests/ChangeLog | 10 ++++++++++ .../svg/custom/textPath-assert-expected.txt | 1 + LayoutTests/svg/custom/textPath-assert.svg | 17 +++++++++++++++++ WebCore/ChangeLog | 16 ++++++++++++++++ WebCore/svg/SVGTextPathElement.cpp | 12 ------------ WebCore/svg/SVGTextPathElement.h | 1 - 6 files changed, 44 insertions(+), 13 deletions(-)

Eric Seidel (no email)

Comment 7 2008-01-29 14:25:13 PST

Landed r29850.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P1

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Mac

OS OS X 10.5

Product WebKit

Component New Bugs

Assignee

Nobody

Reported

2008-01-28 23:51 PST

Modified

2008-01-29 14:25 PST History

CC List

2 users Show

URL

http://www.hixie.ch/tests/evil/acid/003/

Keywords

Depends on

Blocks

Acid3

Dependencies

tree graph