19137 – Crash when using "Inspect Element" on a picture 2x

Bug 19137 - Crash when using "Inspect Element" on a picture 2x

Summary: Crash when using "Inspect Element" on a picture 2x

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Web Inspector (Deprecated) (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Mac OS X 10.5

Importance:	P1 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-05-20 00:47 PDT by Douglas Yung
Modified:	2008-05-25 13:44 PDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Douglas Yung 2008-05-20 00:47:39 PDT

My build of Webkit is crashing after trying to use "Inspect Element" twice on two different large pictures.

Repro steps:
1. Open up Webkit
2. Browse to the URL (http://users.design.ucla.edu/~akoblin/work/faa/ss/6.jpg)
3. When the image finishes loading, right click on the image and select "Inspect Element"
4. Close the window that opens up
5. Close the window with the image file
6. Open a new window and go again to the URL (http://users.design.ucla.edu/~akoblin/work/faa/ss/6.jpg)
7. When the image finishes loading, right click on the image and select "Inspect Element"
8. Webkit crashes

Crash information:
Stack Trace:
Process:         Safari [1522]
Path:            /Applications/WebKit.app/Contents/MacOS/WebKit
Identifier:      org.webkit.nightly.WebKit
Version:         r33561 (33561)
Code Type:       X86 (Native)
Parent Process:  launchd [93]

Date/Time:       2008-05-19 01:28:17.884 -0700
OS Version:      Mac OS X 10.5.2 (9C7010)
Report Version:  6

Exception Type:  EXC_BAD_ACCESS (SIGBUS)
Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000008
Crashed Thread:  0

Thread 0 Crashed:
0   com.apple.WebCore             	0x00d363cf WebCore::Frame::keepAlive() + 15
1   com.apple.WebCore             	0x01165e08 WebCore::JSDOMWindowBase::globalExec() + 24
2   com.apple.WebCore             	0x011ae550 WebCore::JSQuarantinedObjectWrapper::getOwnPropertySlot(KJS::ExecState*, KJS::Identifier const&, KJS::PropertySlot&) + 96
3   com.apple.JavaScriptCore      	0x0033b54c KJS::DotAccessorNode::evaluate(KJS::ExecState*) + 92
4   com.apple.JavaScriptCore      	0x003437e8 KJS::LessNode::evaluateToBoolean(KJS::ExecState*) + 56
5   com.apple.JavaScriptCore      	0x0033a6ba KJS::ForNode::execute(KJS::ExecState*) + 58
6   com.apple.JavaScriptCore      	0x00301a30 KJS::BlockNode::execute(KJS::ExecState*) + 64
7   com.apple.JavaScriptCore      	0x0033a6da KJS::ForNode::execute(KJS::ExecState*) + 90
8   com.apple.JavaScriptCore      	0x0037bb41 KJS::FunctionBodyNode::execute(KJS::ExecState*) + 481
9   com.apple.JavaScriptCore      	0x00378395 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 405
10  com.apple.JavaScriptCore      	0x0032cc42 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 162
11  com.apple.JavaScriptCore      	0x003533ca KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 426
12  com.apple.JavaScriptCore      	0x0033ab79 KJS::ExprStatementNode::execute(KJS::ExecState*) + 25
13  com.apple.JavaScriptCore      	0x0037bb41 KJS::FunctionBodyNode::execute(KJS::ExecState*) + 481
14  com.apple.JavaScriptCore      	0x00378395 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 405
15  com.apple.JavaScriptCore      	0x0032cc42 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 162
16  com.apple.JavaScriptCore      	0x003533ca KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 426
17  com.apple.JavaScriptCore      	0x0033ab79 KJS::ExprStatementNode::execute(KJS::ExecState*) + 25
18  com.apple.JavaScriptCore      	0x0037bb41 KJS::FunctionBodyNode::execute(KJS::ExecState*) + 481
19  com.apple.JavaScriptCore      	0x00378395 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 405
20  com.apple.JavaScriptCore      	0x0032cc42 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 162
21  com.apple.JavaScriptCore      	0x003533ca KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 426
22  com.apple.JavaScriptCore      	0x0033ab79 KJS::ExprStatementNode::execute(KJS::ExecState*) + 25
23  com.apple.JavaScriptCore      	0x0037bb41 KJS::FunctionBodyNode::execute(KJS::ExecState*) + 481
24  com.apple.JavaScriptCore      	0x00378395 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 405
25  com.apple.JavaScriptCore      	0x0032cc42 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 162
26  com.apple.JavaScriptCore      	0x0032ce92 KJS::JSObject::put(KJS::ExecState*, KJS::Identifier const&, KJS::JSValue*) + 498
27  com.apple.JavaScriptCore      	0x00344b23 KJS::AssignDotNode::evaluate(KJS::ExecState*) + 99
28  com.apple.JavaScriptCore      	0x0033ab79 KJS::ExprStatementNode::execute(KJS::ExecState*) + 25
29  com.apple.JavaScriptCore      	0x00301a30 KJS::BlockNode::execute(KJS::ExecState*) + 64
30  com.apple.JavaScriptCore      	0x0033aace KJS::IfNode::execute(KJS::ExecState*) + 46
31  com.apple.JavaScriptCore      	0x0037bb41 KJS::FunctionBodyNode::execute(KJS::ExecState*) + 481
32  com.apple.JavaScriptCore      	0x00378395 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 405
33  com.apple.JavaScriptCore      	0x0032cc42 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 162
34  com.apple.JavaScriptCore      	0x003533ca KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 426
35  com.apple.JavaScriptCore      	0x0033ab79 KJS::ExprStatementNode::execute(KJS::ExecState*) + 25
36  com.apple.JavaScriptCore      	0x0037bb41 KJS::FunctionBodyNode::execute(KJS::ExecState*) + 481
37  com.apple.JavaScriptCore      	0x00378395 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 405
38  com.apple.JavaScriptCore      	0x0032cc42 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 162
39  com.apple.JavaScriptCore      	0x003761d2 KJS::FunctionImp::construct(KJS::ExecState*, KJS::List const&) + 242
40  com.apple.JavaScriptCore      	0x003575d7 KJS::NewExprNode::evaluate(KJS::ExecState*) + 391
41  com.apple.JavaScriptCore      	0x0033de51 KJS::PropertyListNode::evaluate(KJS::ExecState*) + 209
42  com.apple.JavaScriptCore      	0x00344aff KJS::AssignDotNode::evaluate(KJS::ExecState*) + 63
43  com.apple.JavaScriptCore      	0x0033ab79 KJS::ExprStatementNode::execute(KJS::ExecState*) + 25
44  com.apple.JavaScriptCore      	0x0037bb41 KJS::FunctionBodyNode::execute(KJS::ExecState*) + 481
45  com.apple.JavaScriptCore      	0x00378395 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 405
46  com.apple.JavaScriptCore      	0x0032cc42 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 162
47  com.apple.JavaScriptCore      	0x003306fb KJS::functionProtoFuncApply(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 1131
48  com.apple.JavaScriptCore      	0x0032cc42 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 162
49  com.apple.JavaScriptCore      	0x003533ca KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 426
50  com.apple.JavaScriptCore      	0x00339d5f KJS::ReturnNode::execute(KJS::ExecState*) + 79
51  com.apple.JavaScriptCore      	0x0037bb41 KJS::FunctionBodyNode::execute(KJS::ExecState*) + 481
52  com.apple.JavaScriptCore      	0x00378395 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 405
53  com.apple.JavaScriptCore      	0x0032cc42 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 162
54  com.apple.WebCore             	0x01120b1c WebCore::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 1420
55  com.apple.WebCore             	0x00d15cd6 WebCore::EventTarget::handleLocalEvents(WebCore::EventTargetNode*, WebCore::Event*, bool) + 182
56  com.apple.WebCore             	0x00d1673f WebCore::EventTargetNode::handleLocalEvents(WebCore::Event*, bool) + 79
57  com.apple.WebCore             	0x00d160eb WebCore::EventTarget::dispatchGenericEvent(WebCore::EventTargetNode*, WTF::PassRefPtr<WebCore::Event>, int&, bool) + 1035
58  com.apple.WebCore             	0x00d1737f WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 255
59  com.apple.WebCore             	0x00d16e3f WebCore::EventTargetNode::dispatchHTMLEvent(WebCore::AtomicString const&, bool, bool) + 127
60  com.apple.WebCore             	0x00dad9ab WebCore::HTMLScriptElement::notifyFinished(WebCore::CachedResource*) + 187
61  com.apple.WebCore             	0x00dadf26 WebCore::HTMLScriptElement::insertedIntoDocument() + 182
62  com.apple.WebCore             	0x00c546db WebCore::dispatchChildInsertionEvents(WebCore::Node*, int&) + 635
63  com.apple.WebCore             	0x00c549f1 WebCore::ContainerNode::appendChild(WTF::PassRefPtr<WebCore::Node>, int&) + 273
64  com.apple.WebCore             	0x00e8b4d2 WebCore::JSNode::appendChild(KJS::ExecState*, KJS::List const&) + 82
65  com.apple.JavaScriptCore      	0x0032cc42 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 162
66  com.apple.JavaScriptCore      	0x003533ca KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 426
67  com.apple.JavaScriptCore      	0x0033ab79 KJS::ExprStatementNode::execute(KJS::ExecState*) + 25
68  com.apple.JavaScriptCore      	0x00301a30 KJS::BlockNode::execute(KJS::ExecState*) + 64
69  com.apple.JavaScriptCore      	0x0033aa8a KJS::IfElseNode::execute(KJS::ExecState*) + 58
70  com.apple.JavaScriptCore      	0x0037bb41 KJS::FunctionBodyNode::execute(KJS::ExecState*) + 481
71  com.apple.JavaScriptCore      	0x00378395 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 405
72  com.apple.JavaScriptCore      	0x0032cc42 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 162
73  com.apple.WebCore             	0x01120b1c WebCore::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 1420
74  com.apple.WebCore             	0x00cd11e6 WebCore::Document::handleWindowEvent(WebCore::Event*, bool) + 166
75  com.apple.WebCore             	0x00d16b7a WebCore::EventTargetNode::dispatchWindowEvent(WTF::PassRefPtr<WebCore::Event>) + 122
76  com.apple.WebCore             	0x00d16f85 WebCore::EventTargetNode::dispatchWindowEvent(WebCore::AtomicString const&, bool, bool) + 117
77  com.apple.WebCore             	0x00cd9728 WebCore::Document::implicitClose() + 296
78  com.apple.WebCore             	0x00d4f2ca WebCore::FrameLoader::checkCompleted() + 170
79  com.apple.WebCore             	0x00d505a0 WebCore::FrameLoader::finishedParsing() + 48
80  com.apple.WebCore             	0x00ccf487 WebCore::Document::finishedParsing() + 183
81  com.apple.WebCore             	0x00dbf73b WebCore::HTMLTokenizer::end() + 123
82  com.apple.WebCore             	0x00dbfd5c WebCore::HTMLTokenizer::finish() + 1452
83  com.apple.WebCore             	0x00d51f1f WebCore::FrameLoader::endIfNotLoadingMainResource() + 95
84  com.apple.WebCore             	0x00d4a6e3 WebCore::FrameLoader::finishedLoading() + 51
85  com.apple.WebCore             	0x00f0abcc WebCore::MainResourceLoader::didFinishLoading() + 44
86  com.apple.Foundation          	0x90f508b7 -[NSURLConnection(NSURLConnectionReallyInternal) sendDidFinishLoading] + 87
87  com.apple.Foundation          	0x90f50844 _NSURLConnectionDidFinishLoading + 68
88  com.apple.CFNetwork           	0x952297f3 sendDidFinishLoadingCallback + 148
89  com.apple.CFNetwork           	0x95226920 _CFURLConnectionSendCallbacks + 1994
90  com.apple.CFNetwork           	0x952260d9 muxerSourcePerform + 283
91  com.apple.CoreFoundation      	0x90075678 CFRunLoopRunSpecific + 3240
92  com.apple.CoreFoundation      	0x90075d18 CFRunLoopRunInMode + 88
93  com.apple.HIToolbox           	0x95ae86a0 RunCurrentEventLoopInMode + 283
94  com.apple.HIToolbox           	0x95ae84b9 ReceiveNextEventCommon + 374
95  com.apple.HIToolbox           	0x95ae832d BlockUntilNextEventMatchingListInMode + 106
96  com.apple.AppKit              	0x935997d9 _DPSNextEvent + 657
97  com.apple.AppKit              	0x9359908e -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
98  com.apple.Safari              	0x00007f2e 0x1000 + 28462
99  com.apple.AppKit              	0x935920c5 -[NSApplication run] + 795
100 com.apple.AppKit              	0x9355f30a NSApplicationMain + 574
101 com.apple.Safari              	0x000b9906 0x1000 + 755974

Comment 1 mitz 2008-05-20 08:53:04 PDT

Crashed for me the first time I tried to inspect the image. See also bug 14256.

Comment 2 Timothy Hatcher 2008-05-25 13:44:10 PDT

THis crash was fixed in r34109.