Bug 4344 - REGRESSION: JavaScript crash when going back from viewing a thread (NULL protoype)
Summary: REGRESSION: JavaScript crash when going back from viewing a thread (NULL prot...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 420+
Hardware: Mac OS X 10.4
: P1 Major
Assignee: Darin Adler
URL: http://episteme.arstechnica.com/eve/u...
Keywords:
: 4402 (view as bug list)
Depends on:
Blocks:
 
Reported: 2005-08-08 18:16 PDT by Jon
Modified: 2005-08-15 09:45 PDT (History)
4 users (show)

See Also:


Attachments
null pointer check (494 bytes, patch)
2005-08-13 03:04 PDT, mitz
darin: review-
Details | Formatted Diff | Diff
my cut at a fix; eliminates case where prototype could be null (3.37 KB, patch)
2005-08-14 00:48 PDT, Darin Adler
darin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jon 2005-08-08 18:16:30 PDT
Go to Ars' Mac Ach (link provided in the URL field) and then view the "OmniGraffle 4 inspectors" thread 
(partway down the page). Now hit the back button and Safari should crash. I've reproduced it twice and I 
though I'd file this bug before I tried to reproduce it some more. I've pasted one of the crash reports at 
the end of this post.

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000004

Thread 0 Crashed:
0   com.apple.JavaScriptCore 	0x00469418 KJS::ValueImp::marked() const + 12 (icplusplus.c:28)
1   com.apple.JavaScriptCore 	0x0043a818 KJS::ObjectImp::mark() + 40 (icplusplus.c:28)
2   com.apple.JavaScriptCore 	0x0041cfc4 KJS::Collector::markStackObjectsConservatively(void*, void*) 
+ 236 (icplusplus.c:28)
3   com.apple.JavaScriptCore 	0x0041d0b0 KJS::Collector::markCurrentThreadConservatively() + 40 
(icplusplus.c:28)
4   com.apple.JavaScriptCore 	0x0041d0dc KJS::Collector::markStackObjectsConservatively() + 28 
(icplusplus.c:28)
5   com.apple.JavaScriptCore 	0x0041d170 KJS::Collector::collect() + 80 (icplusplus.c:28)
6   com.apple.JavaScriptCore 	0x0041d414 KJS::Collector::allocate(unsigned long) + 60 (icplusplus.c:
28)
7   com.apple.JavaScriptCore 	0x00422040 KJS::FunctionPrototypeImp::FunctionPrototypeImp[in-
charge](KJS::ExecState*) + 92 (icplusplus.c:28)
8   com.apple.JavaScriptCore 	0x00428924 KJS::InterpreterImp::initGlobalObject() + 88 (icplusplus.c:
28)
9   com.apple.JavaScriptCore 	0x00429ffc KJS::InterpreterImp::InterpreterImp[in-charge]
(KJS::Interpreter*, KJS::ObjectImp*) + 436 (icplusplus.c:28)
10  com.apple.JavaScriptCore 	0x0042a3d0 KJS::Interpreter::Interpreter[not-in-charge]
(KJS::ObjectImp*) + 104 (icplusplus.c:28)
11  com.apple.WebCore        	0x0107bae0 KJS::ScriptInterpreter::ScriptInterpreter[in-charge]
(KJS::ObjectImp*, KHTMLPart*) + 36 (icplusplus.c:28)
12  com.apple.WebCore        	0x0109dd40 KJSProxyImpl::initScript() + 100 (icplusplus.c:28)
13  com.apple.WebCore        	0x0109df10 KJSProxyImpl::interpreter() + 36 (icplusplus.c:28)
14  com.apple.WebCore        	0x0109fc48 KJS::Window::retrieve(KHTMLPart*) + 48 (icplusplus.c:28)
15  com.apple.WebCore        	0x010a145c KJS::Window::retrieveWindow(KHTMLPart*) + 16 
(icplusplus.c:28)
16  com.apple.WebCore        	0x0101a974 KWQKHTMLPart::windowScriptObject() + 44 (icplusplus.c:
28)
17  com.apple.WebKit         	0x0031f894 -[WebBridge windowObjectCleared] + 88 (icplusplus.c:28)
18  com.apple.WebCore        	0x0105b570 KHTMLPart::begin(KURL const&, int, int) + 104 
(icplusplus.c:28)
19  com.apple.WebCore        	0x01058984 KHTMLPart::receivedFirstData() + 124 (icplusplus.c:28)
20  com.apple.WebCore        	0x0101bc78 KWQKHTMLPart::setEncoding(QString const&, bool) + 56 
(icplusplus.c:28)
21  com.apple.WebCore        	0x0104f8ac -[WebCoreBridge setEncoding:userChosen:] + 60 
(icplusplus.c:28)
22  com.apple.WebKit         	0x0031c694 -[WebBridge receivedData:textEncodingName:] + 100 
(icplusplus.c:28)
23  com.apple.WebKit         	0x0032eec4 -[WebDataSource(WebPrivate) _receivedData:] + 108 
(icplusplus.c:28)
24  com.apple.WebKit         	0x0034e080 -[WebMainResourceLoader addData:] + 88 (icplusplus.c:
28)
25  com.apple.WebKit         	0x0032bb74 -[WebLoader didReceiveData:lengthReceived:] + 68 
(icplusplus.c:28)
26  com.apple.WebKit         	0x0034ea14 -[WebMainResourceLoader 
didReceiveData:lengthReceived:] + 140 (icplusplus.c:28)
27  com.apple.WebKit         	0x0032c064 -[WebLoader connection:didReceiveData:lengthReceived:] 
+ 64 (icplusplus.c:28)
28  com.apple.Foundation     	0x928ed538 -[NSURLConnection(NSURLConnectionInternal) 
_sendDidReceiveDataCallback] + 564
29  com.apple.Foundation     	0x928eb9ac -[NSURLConnection(NSURLConnectionInternal) 
_sendCallbacks] + 440
30  com.apple.Foundation     	0x928eb778 _sendCallbacks + 156
31  com.apple.CoreFoundation 	0x90758d2c __CFRunLoopDoSources0 + 384
32  com.apple.CoreFoundation 	0x9075825c __CFRunLoopRun + 452
33  com.apple.CoreFoundation 	0x90757cdc CFRunLoopRunSpecific + 268
34  com.apple.HIToolbox      	0x93161be0 RunCurrentEventLoopInMode + 264
35  com.apple.HIToolbox      	0x93161274 ReceiveNextEventCommon + 380
36  com.apple.HIToolbox      	0x931610e0 BlockUntilNextEventMatchingListInMode + 96
37  com.apple.AppKit         	0x9365c704 _DPSNextEvent + 384
38  com.apple.AppKit         	0x9365c3c8 -[NSApplication 
nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
39  com.apple.SafariDev      	0x00006bbc 0x1000 + 23484
40  com.apple.AppKit         	0x9365890c -[NSApplication run] + 472
41  com.apple.AppKit         	0x93749284 NSApplicationMain + 452
42  com.apple.SafariDev      	0x000021e8 0x1000 + 4584
43  com.apple.SafariDev      	0x00056e28 0x1000 + 351784
Comment 1 Jon 2005-08-08 18:27:20 PDT
I can't seem to reproduce this bug again. Perhaps it has something to do with the dynamic adds on the 
page. But initially, after pushing the back button it would seem to load the page and the progress bar was 
all the way to the end, but it didn't scroll down the page before it crashed again. Also see bug 4191 for 
more crash reports of a similar issue (not all of the reports on that page are for the same thing, but the 
ones with icplusplus.c:28 at the top seem to be the same problem).

This may just be something I run into by browsing the Ars Mac Ach a lot, since I'm fairly certain that that's 
the only place I've seen this one. I'll try to be more specific if I run into it again.
Comment 2 Jon 2005-08-08 19:52:48 PDT
Another crash, same issue, again at Ars. I believe that to reproduce this crash you should just browse 
Ars' forums for a while and you'd probably see the issue.

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000004

Thread 0 Crashed:
0   com.apple.JavaScriptCore 	0x00469418 KJS::ValueImp::marked() const + 12 (icplusplus.c:28)
1   com.apple.JavaScriptCore 	0x0043a818 KJS::ObjectImp::mark() + 40 (icplusplus.c:28)
2   com.apple.JavaScriptCore 	0x0041cfc4 KJS::Collector::markStackObjectsConservatively(void*, void*) 
+ 236 (icplusplus.c:28)
3   com.apple.JavaScriptCore 	0x0041d0b0 KJS::Collector::markCurrentThreadConservatively() + 40 
(icplusplus.c:28)
4   com.apple.JavaScriptCore 	0x0041d0dc KJS::Collector::markStackObjectsConservatively() + 28 
(icplusplus.c:28)
5   com.apple.JavaScriptCore 	0x0041d170 KJS::Collector::collect() + 80 (icplusplus.c:28)
6   com.apple.JavaScriptCore 	0x0041d414 KJS::Collector::allocate(unsigned long) + 60 (icplusplus.c:
28)
7   com.apple.JavaScriptCore 	0x004397e4 KJS::ObjectPrototypeImp::ObjectPrototypeImp[in-charge]
(KJS::ExecState*, KJS::FunctionPrototypeImp*) + 120 (icplusplus.c:28)
8   com.apple.JavaScriptCore 	0x00428954 KJS::InterpreterImp::initGlobalObject() + 136 (icplusplus.c:
28)
9   com.apple.JavaScriptCore 	0x00429ffc KJS::InterpreterImp::InterpreterImp[in-charge]
(KJS::Interpreter*, KJS::ObjectImp*) + 436 (icplusplus.c:28)
10  com.apple.JavaScriptCore 	0x0042a3d0 KJS::Interpreter::Interpreter[not-in-charge]
(KJS::ObjectImp*) + 104 (icplusplus.c:28)
11  com.apple.WebCore        	0x0107bae0 KJS::ScriptInterpreter::ScriptInterpreter[in-charge]
(KJS::ObjectImp*, KHTMLPart*) + 36 (icplusplus.c:28)
12  com.apple.WebCore        	0x0109dd40 KJSProxyImpl::initScript() + 100 (icplusplus.c:28)
13  com.apple.WebCore        	0x0109df10 KJSProxyImpl::interpreter() + 36 (icplusplus.c:28)
14  com.apple.WebCore        	0x0109fc48 KJS::Window::retrieve(KHTMLPart*) + 48 (icplusplus.c:28)
15  com.apple.WebCore        	0x010a145c KJS::Window::retrieveWindow(KHTMLPart*) + 16 
(icplusplus.c:28)
16  com.apple.WebCore        	0x0101a974 KWQKHTMLPart::windowScriptObject() + 44 (icplusplus.c:
28)
17  com.apple.WebKit         	0x0031f894 -[WebBridge windowObjectCleared] + 88 (icplusplus.c:28)
18  com.apple.WebCore        	0x0105b570 KHTMLPart::begin(KURL const&, int, int) + 104 
(icplusplus.c:28)
19  com.apple.WebCore        	0x01058984 KHTMLPart::receivedFirstData() + 124 (icplusplus.c:28)
20  com.apple.WebCore        	0x0101bc78 KWQKHTMLPart::setEncoding(QString const&, bool) + 56 
(icplusplus.c:28)
21  com.apple.WebCore        	0x0104f8ac -[WebCoreBridge setEncoding:userChosen:] + 60 
(icplusplus.c:28)
22  com.apple.WebKit         	0x0031c694 -[WebBridge receivedData:textEncodingName:] + 100 
(icplusplus.c:28)
23  com.apple.WebKit         	0x0032eec4 -[WebDataSource(WebPrivate) _receivedData:] + 108 
(icplusplus.c:28)
24  com.apple.WebKit         	0x0034e080 -[WebMainResourceLoader addData:] + 88 (icplusplus.c:
28)
25  com.apple.WebKit         	0x0032bb74 -[WebLoader didReceiveData:lengthReceived:] + 68 
(icplusplus.c:28)
26  com.apple.WebKit         	0x0034ea14 -[WebMainResourceLoader 
didReceiveData:lengthReceived:] + 140 (icplusplus.c:28)
27  com.apple.WebKit         	0x0032c064 -[WebLoader connection:didReceiveData:lengthReceived:] 
+ 64 (icplusplus.c:28)
28  com.apple.Foundation     	0x928ed538 -[NSURLConnection(NSURLConnectionInternal) 
_sendDidReceiveDataCallback] + 564
29  com.apple.Foundation     	0x928eb9ac -[NSURLConnection(NSURLConnectionInternal) 
_sendCallbacks] + 440
30  com.apple.Foundation     	0x928eb778 _sendCallbacks + 156
31  com.apple.CoreFoundation 	0x90758d2c __CFRunLoopDoSources0 + 384
32  com.apple.CoreFoundation 	0x9075825c __CFRunLoopRun + 452
33  com.apple.CoreFoundation 	0x90757cdc CFRunLoopRunSpecific + 268
34  com.apple.HIToolbox      	0x93161be0 RunCurrentEventLoopInMode + 264
35  com.apple.HIToolbox      	0x93161274 ReceiveNextEventCommon + 380
36  com.apple.HIToolbox      	0x931610e0 BlockUntilNextEventMatchingListInMode + 96
37  com.apple.AppKit         	0x9365c704 _DPSNextEvent + 384
38  com.apple.AppKit         	0x9365c3c8 -[NSApplication 
nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
39  com.apple.SafariDev      	0x00006bbc 0x1000 + 23484
40  com.apple.AppKit         	0x9365890c -[NSApplication run] + 472
41  com.apple.AppKit         	0x93749284 NSApplicationMain + 452
42  com.apple.SafariDev      	0x000021e8 0x1000 + 4584
43  com.apple.SafariDev      	0x00056e28 0x1000 + 351784
Comment 3 Jon 2005-08-08 20:28:59 PDT
Same crash again, this time while browsing MacNN.

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000004

Thread 0 Crashed:
0   com.apple.JavaScriptCore 	0x00469418 KJS::ValueImp::marked() const + 12 (icplusplus.c:28)
1   com.apple.JavaScriptCore 	0x0043a818 KJS::ObjectImp::mark() + 40 (icplusplus.c:28)
2   com.apple.JavaScriptCore 	0x0041cfc4 KJS::Collector::markStackObjectsConservatively(void*, void*) 
+ 236 (icplusplus.c:28)
3   com.apple.JavaScriptCore 	0x0041d0b0 KJS::Collector::markCurrentThreadConservatively() + 40 
(icplusplus.c:28)
4   com.apple.JavaScriptCore 	0x0041d0dc KJS::Collector::markStackObjectsConservatively() + 28 
(icplusplus.c:28)
5   com.apple.JavaScriptCore 	0x0041d170 KJS::Collector::collect() + 80 (icplusplus.c:28)
6   com.apple.JavaScriptCore 	0x0041d414 KJS::Collector::allocate(unsigned long) + 60 (icplusplus.c:
28)
7   com.apple.JavaScriptCore 	0x00439864 KJS::ObjectPrototypeImp::ObjectPrototypeImp[in-charge]
(KJS::ExecState*, KJS::FunctionPrototypeImp*) + 248 (icplusplus.c:28)
8   com.apple.JavaScriptCore 	0x00428954 KJS::InterpreterImp::initGlobalObject() + 136 (icplusplus.c:
28)
9   com.apple.JavaScriptCore 	0x00429ffc KJS::InterpreterImp::InterpreterImp[in-charge]
(KJS::Interpreter*, KJS::ObjectImp*) + 436 (icplusplus.c:28)
10  com.apple.JavaScriptCore 	0x0042a3d0 KJS::Interpreter::Interpreter[not-in-charge]
(KJS::ObjectImp*) + 104 (icplusplus.c:28)
11  com.apple.WebCore        	0x0107bae0 KJS::ScriptInterpreter::ScriptInterpreter[in-charge]
(KJS::ObjectImp*, KHTMLPart*) + 36 (icplusplus.c:28)
12  com.apple.WebCore        	0x0109dd40 KJSProxyImpl::initScript() + 100 (icplusplus.c:28)
13  com.apple.WebCore        	0x0109df10 KJSProxyImpl::interpreter() + 36 (icplusplus.c:28)
14  com.apple.WebCore        	0x0109fc48 KJS::Window::retrieve(KHTMLPart*) + 48 (icplusplus.c:28)
15  com.apple.WebCore        	0x010a145c KJS::Window::retrieveWindow(KHTMLPart*) + 16 
(icplusplus.c:28)
16  com.apple.WebCore        	0x0101a974 KWQKHTMLPart::windowScriptObject() + 44 (icplusplus.c:
28)
17  com.apple.WebKit         	0x0031f894 -[WebBridge windowObjectCleared] + 88 (icplusplus.c:28)
18  com.apple.WebCore        	0x0105b570 KHTMLPart::begin(KURL const&, int, int) + 104 
(icplusplus.c:28)
19  com.apple.WebCore        	0x01058984 KHTMLPart::receivedFirstData() + 124 (icplusplus.c:28)
20  com.apple.WebCore        	0x0101bc78 KWQKHTMLPart::setEncoding(QString const&, bool) + 56 
(icplusplus.c:28)
21  com.apple.WebCore        	0x0104f8ac -[WebCoreBridge setEncoding:userChosen:] + 60 
(icplusplus.c:28)
22  com.apple.WebKit         	0x0031c694 -[WebBridge receivedData:textEncodingName:] + 100 
(icplusplus.c:28)
23  com.apple.WebKit         	0x0032eec4 -[WebDataSource(WebPrivate) _receivedData:] + 108 
(icplusplus.c:28)
24  com.apple.WebKit         	0x0034e080 -[WebMainResourceLoader addData:] + 88 (icplusplus.c:
28)
25  com.apple.WebKit         	0x0032bb74 -[WebLoader didReceiveData:lengthReceived:] + 68 
(icplusplus.c:28)
26  com.apple.WebKit         	0x0034ea14 -[WebMainResourceLoader 
didReceiveData:lengthReceived:] + 140 (icplusplus.c:28)
27  com.apple.WebKit         	0x0032c064 -[WebLoader connection:didReceiveData:lengthReceived:] 
+ 64 (icplusplus.c:28)
28  com.apple.Foundation     	0x928ed538 -[NSURLConnection(NSURLConnectionInternal) 
_sendDidReceiveDataCallback] + 564
29  com.apple.Foundation     	0x928eb9ac -[NSURLConnection(NSURLConnectionInternal) 
_sendCallbacks] + 440
30  com.apple.Foundation     	0x928eb778 _sendCallbacks + 156
31  com.apple.CoreFoundation 	0x90758d2c __CFRunLoopDoSources0 + 384
32  com.apple.CoreFoundation 	0x9075825c __CFRunLoopRun + 452
33  com.apple.CoreFoundation 	0x90757cdc CFRunLoopRunSpecific + 268
34  com.apple.HIToolbox      	0x93161be0 RunCurrentEventLoopInMode + 264
35  com.apple.HIToolbox      	0x93161274 ReceiveNextEventCommon + 380
36  com.apple.HIToolbox      	0x931610e0 BlockUntilNextEventMatchingListInMode + 96
37  com.apple.AppKit         	0x9365c704 _DPSNextEvent + 384
38  com.apple.AppKit         	0x9365c3c8 -[NSApplication 
nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
39  com.apple.SafariDev      	0x00006bbc 0x1000 + 23484
40  com.apple.AppKit         	0x9365890c -[NSApplication run] + 472
41  com.apple.AppKit         	0x93749284 NSApplicationMain + 452
42  com.apple.SafariDev      	0x000021e8 0x1000 + 4584
43  com.apple.SafariDev      	0x00056e28 0x1000 + 351784
Comment 4 Jon 2005-08-08 20:30:18 PDT
Crash, again at MacNN's forums.

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000004

Thread 0 Crashed:
0   com.apple.JavaScriptCore 	0x00469418 KJS::ValueImp::marked() const + 12 (icplusplus.c:28)
1   com.apple.JavaScriptCore 	0x0043a818 KJS::ObjectImp::mark() + 40 (icplusplus.c:28)
2   com.apple.JavaScriptCore 	0x0041cfc4 KJS::Collector::markStackObjectsConservatively(void*, void*) 
+ 236 (icplusplus.c:28)
3   com.apple.JavaScriptCore 	0x0041d0b0 KJS::Collector::markCurrentThreadConservatively() + 40 
(icplusplus.c:28)
4   com.apple.JavaScriptCore 	0x0041d0dc KJS::Collector::markStackObjectsConservatively() + 28 
(icplusplus.c:28)
5   com.apple.JavaScriptCore 	0x0041d170 KJS::Collector::collect() + 80 (icplusplus.c:28)
6   com.apple.JavaScriptCore 	0x0041d414 KJS::Collector::allocate(unsigned long) + 60 (icplusplus.c:
28)
7   com.apple.JavaScriptCore 	0x00422120 KJS::FunctionPrototypeImp::FunctionPrototypeImp[in-
charge](KJS::ExecState*) + 316 (icplusplus.c:28)
8   com.apple.JavaScriptCore 	0x00428924 KJS::InterpreterImp::initGlobalObject() + 88 (icplusplus.c:
28)
9   com.apple.JavaScriptCore 	0x00429ffc KJS::InterpreterImp::InterpreterImp[in-charge]
(KJS::Interpreter*, KJS::ObjectImp*) + 436 (icplusplus.c:28)
10  com.apple.JavaScriptCore 	0x0042a3d0 KJS::Interpreter::Interpreter[not-in-charge]
(KJS::ObjectImp*) + 104 (icplusplus.c:28)
11  com.apple.WebCore        	0x0107bae0 KJS::ScriptInterpreter::ScriptInterpreter[in-charge]
(KJS::ObjectImp*, KHTMLPart*) + 36 (icplusplus.c:28)
12  com.apple.WebCore        	0x0109dd40 KJSProxyImpl::initScript() + 100 (icplusplus.c:28)
13  com.apple.WebCore        	0x0109df10 KJSProxyImpl::interpreter() + 36 (icplusplus.c:28)
14  com.apple.WebCore        	0x0109fc48 KJS::Window::retrieve(KHTMLPart*) + 48 (icplusplus.c:28)
15  com.apple.WebCore        	0x010a145c KJS::Window::retrieveWindow(KHTMLPart*) + 16 
(icplusplus.c:28)
16  com.apple.WebCore        	0x0101a974 KWQKHTMLPart::windowScriptObject() + 44 (icplusplus.c:
28)
17  com.apple.WebKit         	0x0031f894 -[WebBridge windowObjectCleared] + 88 (icplusplus.c:28)
18  com.apple.WebCore        	0x0105b570 KHTMLPart::begin(KURL const&, int, int) + 104 
(icplusplus.c:28)
19  com.apple.WebCore        	0x01058984 KHTMLPart::receivedFirstData() + 124 (icplusplus.c:28)
20  com.apple.WebCore        	0x0101bc78 KWQKHTMLPart::setEncoding(QString const&, bool) + 56 
(icplusplus.c:28)
21  com.apple.WebCore        	0x0104f8ac -[WebCoreBridge setEncoding:userChosen:] + 60 
(icplusplus.c:28)
22  com.apple.WebKit         	0x0031c694 -[WebBridge receivedData:textEncodingName:] + 100 
(icplusplus.c:28)
23  com.apple.WebKit         	0x0032eec4 -[WebDataSource(WebPrivate) _receivedData:] + 108 
(icplusplus.c:28)
24  com.apple.WebKit         	0x0034e080 -[WebMainResourceLoader addData:] + 88 (icplusplus.c:
28)
25  com.apple.WebKit         	0x0032bb74 -[WebLoader didReceiveData:lengthReceived:] + 68 
(icplusplus.c:28)
26  com.apple.WebKit         	0x0034ea14 -[WebMainResourceLoader 
didReceiveData:lengthReceived:] + 140 (icplusplus.c:28)
27  com.apple.WebKit         	0x0032c064 -[WebLoader connection:didReceiveData:lengthReceived:] 
+ 64 (icplusplus.c:28)
28  com.apple.Foundation     	0x928ed538 -[NSURLConnection(NSURLConnectionInternal) 
_sendDidReceiveDataCallback] + 564
29  com.apple.Foundation     	0x928eb9ac -[NSURLConnection(NSURLConnectionInternal) 
_sendCallbacks] + 440
30  com.apple.Foundation     	0x928eb778 _sendCallbacks + 156
31  com.apple.CoreFoundation 	0x90758d2c __CFRunLoopDoSources0 + 384
32  com.apple.CoreFoundation 	0x9075825c __CFRunLoopRun + 452
33  com.apple.CoreFoundation 	0x90757cdc CFRunLoopRunSpecific + 268
34  com.apple.HIToolbox      	0x93161be0 RunCurrentEventLoopInMode + 264
35  com.apple.HIToolbox      	0x93161274 ReceiveNextEventCommon + 380
36  com.apple.HIToolbox      	0x931610e0 BlockUntilNextEventMatchingListInMode + 96
37  com.apple.AppKit         	0x9365c704 _DPSNextEvent + 384
38  com.apple.AppKit         	0x9365c3c8 -[NSApplication 
nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
39  com.apple.SafariDev      	0x00006bbc 0x1000 + 23484
40  com.apple.AppKit         	0x9365890c -[NSApplication run] + 472
41  com.apple.AppKit         	0x93749284 NSApplicationMain + 452
42  com.apple.SafariDev      	0x000021e8 0x1000 + 4584
43  com.apple.SafariDev      	0x00056e28 0x1000 + 351784
Comment 5 Jon 2005-08-08 20:32:15 PDT
Same problem, this time while reloading a forums at Ars.

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000004

Thread 0 Crashed:
0   com.apple.JavaScriptCore 	0x00469418 KJS::ValueImp::marked() const + 12 (icplusplus.c:28)
1   com.apple.JavaScriptCore 	0x0043a818 KJS::ObjectImp::mark() + 40 (icplusplus.c:28)
2   com.apple.JavaScriptCore 	0x0041cfc4 KJS::Collector::markStackObjectsConservatively(void*, void*) 
+ 236 (icplusplus.c:28)
3   com.apple.JavaScriptCore 	0x0041d0b0 KJS::Collector::markCurrentThreadConservatively() + 40 
(icplusplus.c:28)
4   com.apple.JavaScriptCore 	0x0041d0dc KJS::Collector::markStackObjectsConservatively() + 28 
(icplusplus.c:28)
5   com.apple.JavaScriptCore 	0x0041d170 KJS::Collector::collect() + 80 (icplusplus.c:28)
6   com.apple.JavaScriptCore 	0x0041d414 KJS::Collector::allocate(unsigned long) + 60 (icplusplus.c:
28)
7   com.apple.JavaScriptCore 	0x004397e4 KJS::ObjectPrototypeImp::ObjectPrototypeImp[in-charge]
(KJS::ExecState*, KJS::FunctionPrototypeImp*) + 120 (icplusplus.c:28)
8   com.apple.JavaScriptCore 	0x00428954 KJS::InterpreterImp::initGlobalObject() + 136 (icplusplus.c:
28)
9   com.apple.JavaScriptCore 	0x00429ffc KJS::InterpreterImp::InterpreterImp[in-charge]
(KJS::Interpreter*, KJS::ObjectImp*) + 436 (icplusplus.c:28)
10  com.apple.JavaScriptCore 	0x0042a3d0 KJS::Interpreter::Interpreter[not-in-charge]
(KJS::ObjectImp*) + 104 (icplusplus.c:28)
11  com.apple.WebCore        	0x0107bae0 KJS::ScriptInterpreter::ScriptInterpreter[in-charge]
(KJS::ObjectImp*, KHTMLPart*) + 36 (icplusplus.c:28)
12  com.apple.WebCore        	0x0109dd40 KJSProxyImpl::initScript() + 100 (icplusplus.c:28)
13  com.apple.WebCore        	0x0109df10 KJSProxyImpl::interpreter() + 36 (icplusplus.c:28)
14  com.apple.WebCore        	0x0109fc48 KJS::Window::retrieve(KHTMLPart*) + 48 (icplusplus.c:28)
15  com.apple.WebCore        	0x010a145c KJS::Window::retrieveWindow(KHTMLPart*) + 16 
(icplusplus.c:28)
16  com.apple.WebCore        	0x0101a974 KWQKHTMLPart::windowScriptObject() + 44 (icplusplus.c:
28)
17  com.apple.WebKit         	0x0031f894 -[WebBridge windowObjectCleared] + 88 (icplusplus.c:28)
18  com.apple.WebCore        	0x0105b570 KHTMLPart::begin(KURL const&, int, int) + 104 
(icplusplus.c:28)
19  com.apple.WebCore        	0x01058984 KHTMLPart::receivedFirstData() + 124 (icplusplus.c:28)
20  com.apple.WebCore        	0x0101bc78 KWQKHTMLPart::setEncoding(QString const&, bool) + 56 
(icplusplus.c:28)
21  com.apple.WebCore        	0x0104f8ac -[WebCoreBridge setEncoding:userChosen:] + 60 
(icplusplus.c:28)
22  com.apple.WebKit         	0x0031c694 -[WebBridge receivedData:textEncodingName:] + 100 
(icplusplus.c:28)
23  com.apple.WebKit         	0x0032eec4 -[WebDataSource(WebPrivate) _receivedData:] + 108 
(icplusplus.c:28)
24  com.apple.WebKit         	0x0034e080 -[WebMainResourceLoader addData:] + 88 (icplusplus.c:
28)
25  com.apple.WebKit         	0x0032bb74 -[WebLoader didReceiveData:lengthReceived:] + 68 
(icplusplus.c:28)
26  com.apple.WebKit         	0x0034ea14 -[WebMainResourceLoader 
didReceiveData:lengthReceived:] + 140 (icplusplus.c:28)
27  com.apple.WebKit         	0x0032c064 -[WebLoader connection:didReceiveData:lengthReceived:] 
+ 64 (icplusplus.c:28)
28  com.apple.Foundation     	0x928ed538 -[NSURLConnection(NSURLConnectionInternal) 
_sendDidReceiveDataCallback] + 564
29  com.apple.Foundation     	0x928eb9ac -[NSURLConnection(NSURLConnectionInternal) 
_sendCallbacks] + 440
30  com.apple.Foundation     	0x928eb778 _sendCallbacks + 156
31  com.apple.CoreFoundation 	0x90758d2c __CFRunLoopDoSources0 + 384
32  com.apple.CoreFoundation 	0x9075825c __CFRunLoopRun + 452
33  com.apple.CoreFoundation 	0x90757cdc CFRunLoopRunSpecific + 268
34  com.apple.HIToolbox      	0x93161be0 RunCurrentEventLoopInMode + 264
35  com.apple.HIToolbox      	0x93161274 ReceiveNextEventCommon + 380
36  com.apple.HIToolbox      	0x931610e0 BlockUntilNextEventMatchingListInMode + 96
37  com.apple.AppKit         	0x9365c704 _DPSNextEvent + 384
38  com.apple.AppKit         	0x9365c3c8 -[NSApplication 
nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
39  com.apple.SafariDev      	0x00006bbc 0x1000 + 23484
40  com.apple.AppKit         	0x9365890c -[NSApplication run] + 472
41  com.apple.AppKit         	0x93749284 NSApplicationMain + 452
42  com.apple.SafariDev      	0x000021e8 0x1000 + 4584
43  com.apple.SafariDev      	0x00056e28 0x1000 + 351784
Comment 6 Jon 2005-08-08 23:57:11 PDT
Another crash, this time while loading w3c.org, though Ars was open in another tab.

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000004

Thread 0 Crashed:
0   com.apple.JavaScriptCore 	0x00469418 KJS::ValueImp::marked() const + 12 (icplusplus.c:28)
1   com.apple.JavaScriptCore 	0x0043a818 KJS::ObjectImp::mark() + 40 (icplusplus.c:28)
2   com.apple.JavaScriptCore 	0x0041cfc4 KJS::Collector::markStackObjectsConservatively(void*, void*) 
+ 236 (icplusplus.c:28)
3   com.apple.JavaScriptCore 	0x0041d0b0 KJS::Collector::markCurrentThreadConservatively() + 40 
(icplusplus.c:28)
4   com.apple.JavaScriptCore 	0x0041d0dc KJS::Collector::markStackObjectsConservatively() + 28 
(icplusplus.c:28)
5   com.apple.JavaScriptCore 	0x0041d170 KJS::Collector::collect() + 80 (icplusplus.c:28)
6   com.apple.JavaScriptCore 	0x0041d414 KJS::Collector::allocate(unsigned long) + 60 (icplusplus.c:
28)
7   com.apple.JavaScriptCore 	0x00422120 KJS::FunctionPrototypeImp::FunctionPrototypeImp[in-
charge](KJS::ExecState*) + 316 (icplusplus.c:28)
8   com.apple.JavaScriptCore 	0x00428924 KJS::InterpreterImp::initGlobalObject() + 88 (icplusplus.c:
28)
9   com.apple.JavaScriptCore 	0x00429ffc KJS::InterpreterImp::InterpreterImp[in-charge]
(KJS::Interpreter*, KJS::ObjectImp*) + 436 (icplusplus.c:28)
10  com.apple.JavaScriptCore 	0x0042a3d0 KJS::Interpreter::Interpreter[not-in-charge]
(KJS::ObjectImp*) + 104 (icplusplus.c:28)
11  com.apple.WebCore        	0x0107bae0 KJS::ScriptInterpreter::ScriptInterpreter[in-charge]
(KJS::ObjectImp*, KHTMLPart*) + 36 (icplusplus.c:28)
12  com.apple.WebCore        	0x0109dd40 KJSProxyImpl::initScript() + 100 (icplusplus.c:28)
13  com.apple.WebCore        	0x0109df10 KJSProxyImpl::interpreter() + 36 (icplusplus.c:28)
14  com.apple.WebCore        	0x0109fc48 KJS::Window::retrieve(KHTMLPart*) + 48 (icplusplus.c:28)
15  com.apple.WebCore        	0x010a145c KJS::Window::retrieveWindow(KHTMLPart*) + 16 
(icplusplus.c:28)
16  com.apple.WebCore        	0x0101a974 KWQKHTMLPart::windowScriptObject() + 44 (icplusplus.c:
28)
17  com.apple.WebKit         	0x0031f894 -[WebBridge windowObjectCleared] + 88 (icplusplus.c:28)
18  com.apple.WebCore        	0x0105b570 KHTMLPart::begin(KURL const&, int, int) + 104 
(icplusplus.c:28)
19  com.apple.WebCore        	0x01058984 KHTMLPart::receivedFirstData() + 124 (icplusplus.c:28)
20  com.apple.WebCore        	0x0101bc78 KWQKHTMLPart::setEncoding(QString const&, bool) + 56 
(icplusplus.c:28)
21  com.apple.WebCore        	0x0104f8ac -[WebCoreBridge setEncoding:userChosen:] + 60 
(icplusplus.c:28)
22  com.apple.WebKit         	0x0031c694 -[WebBridge receivedData:textEncodingName:] + 100 
(icplusplus.c:28)
23  com.apple.WebKit         	0x0032eec4 -[WebDataSource(WebPrivate) _receivedData:] + 108 
(icplusplus.c:28)
24  com.apple.WebKit         	0x0034e080 -[WebMainResourceLoader addData:] + 88 (icplusplus.c:
28)
25  com.apple.WebKit         	0x0032bb74 -[WebLoader didReceiveData:lengthReceived:] + 68 
(icplusplus.c:28)
26  com.apple.WebKit         	0x0034ea14 -[WebMainResourceLoader 
didReceiveData:lengthReceived:] + 140 (icplusplus.c:28)
27  com.apple.WebKit         	0x0032c064 -[WebLoader connection:didReceiveData:lengthReceived:] 
+ 64 (icplusplus.c:28)
28  com.apple.Foundation     	0x928ed538 -[NSURLConnection(NSURLConnectionInternal) 
_sendDidReceiveDataCallback] + 564
29  com.apple.Foundation     	0x928eb9ac -[NSURLConnection(NSURLConnectionInternal) 
_sendCallbacks] + 440
30  com.apple.Foundation     	0x928eb778 _sendCallbacks + 156
31  com.apple.CoreFoundation 	0x90758d2c __CFRunLoopDoSources0 + 384
32  com.apple.CoreFoundation 	0x9075825c __CFRunLoopRun + 452
33  com.apple.CoreFoundation 	0x90757cdc CFRunLoopRunSpecific + 268
34  com.apple.HIToolbox      	0x93161be0 RunCurrentEventLoopInMode + 264
35  com.apple.HIToolbox      	0x93161274 ReceiveNextEventCommon + 380
36  com.apple.HIToolbox      	0x931610e0 BlockUntilNextEventMatchingListInMode + 96
37  com.apple.AppKit         	0x9365c704 _DPSNextEvent + 384
38  com.apple.AppKit         	0x9365c3c8 -[NSApplication 
nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
39  com.apple.SafariDev      	0x00006bbc 0x1000 + 23484
40  com.apple.AppKit         	0x9365890c -[NSApplication run] + 472
41  com.apple.AppKit         	0x93749284 NSApplicationMain + 452
42  com.apple.SafariDev      	0x000021e8 0x1000 + 4584
43  com.apple.SafariDev      	0x00056e28 0x1000 + 351784
Comment 7 Jon 2005-08-09 00:03:51 PDT
Another one, this time while loading and scrolling a page at MacNN. I'm going to reset Safari and redo 
my Safari copy that uses the TOT WebKit.

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000004

Thread 0 Crashed:
0   com.apple.JavaScriptCore 	0x00469418 KJS::ValueImp::marked() const + 12 (icplusplus.c:28)
1   com.apple.JavaScriptCore 	0x0043a818 KJS::ObjectImp::mark() + 40 (icplusplus.c:28)
2   com.apple.JavaScriptCore 	0x0041cfc4 KJS::Collector::markStackObjectsConservatively(void*, void*) 
+ 236 (icplusplus.c:28)
3   com.apple.JavaScriptCore 	0x0041d0b0 KJS::Collector::markCurrentThreadConservatively() + 40 
(icplusplus.c:28)
4   com.apple.JavaScriptCore 	0x0041d0dc KJS::Collector::markStackObjectsConservatively() + 28 
(icplusplus.c:28)
5   com.apple.JavaScriptCore 	0x0041d170 KJS::Collector::collect() + 80 (icplusplus.c:28)
6   com.apple.JavaScriptCore 	0x0041d414 KJS::Collector::allocate(unsigned long) + 60 (icplusplus.c:
28)
7   com.apple.JavaScriptCore 	0x00428944 KJS::InterpreterImp::initGlobalObject() + 120 (icplusplus.c:
28)
8   com.apple.JavaScriptCore 	0x00429ffc KJS::InterpreterImp::InterpreterImp[in-charge]
(KJS::Interpreter*, KJS::ObjectImp*) + 436 (icplusplus.c:28)
9   com.apple.JavaScriptCore 	0x0042a3d0 KJS::Interpreter::Interpreter[not-in-charge]
(KJS::ObjectImp*) + 104 (icplusplus.c:28)
10  com.apple.WebCore        	0x0107bae0 KJS::ScriptInterpreter::ScriptInterpreter[in-charge]
(KJS::ObjectImp*, KHTMLPart*) + 36 (icplusplus.c:28)
11  com.apple.WebCore        	0x0109dd40 KJSProxyImpl::initScript() + 100 (icplusplus.c:28)
12  com.apple.WebCore        	0x0109df10 KJSProxyImpl::interpreter() + 36 (icplusplus.c:28)
13  com.apple.WebCore        	0x0109fc48 KJS::Window::retrieve(KHTMLPart*) + 48 (icplusplus.c:28)
14  com.apple.WebCore        	0x010a145c KJS::Window::retrieveWindow(KHTMLPart*) + 16 
(icplusplus.c:28)
15  com.apple.WebCore        	0x0101a974 KWQKHTMLPart::windowScriptObject() + 44 (icplusplus.c:
28)
16  com.apple.WebKit         	0x0031f894 -[WebBridge windowObjectCleared] + 88 (icplusplus.c:28)
17  com.apple.WebCore        	0x0105b570 KHTMLPart::begin(KURL const&, int, int) + 104 
(icplusplus.c:28)
18  com.apple.WebCore        	0x01058984 KHTMLPart::receivedFirstData() + 124 (icplusplus.c:28)
19  com.apple.WebCore        	0x0101bc78 KWQKHTMLPart::setEncoding(QString const&, bool) + 56 
(icplusplus.c:28)
20  com.apple.WebCore        	0x0104f8ac -[WebCoreBridge setEncoding:userChosen:] + 60 
(icplusplus.c:28)
21  com.apple.WebKit         	0x0031c694 -[WebBridge receivedData:textEncodingName:] + 100 
(icplusplus.c:28)
22  com.apple.WebKit         	0x0032eec4 -[WebDataSource(WebPrivate) _receivedData:] + 108 
(icplusplus.c:28)
23  com.apple.WebKit         	0x0034e080 -[WebMainResourceLoader addData:] + 88 (icplusplus.c:
28)
24  com.apple.WebKit         	0x0032bb74 -[WebLoader didReceiveData:lengthReceived:] + 68 
(icplusplus.c:28)
25  com.apple.WebKit         	0x0034ea14 -[WebMainResourceLoader 
didReceiveData:lengthReceived:] + 140 (icplusplus.c:28)
26  com.apple.WebKit         	0x0032c064 -[WebLoader connection:didReceiveData:lengthReceived:] 
+ 64 (icplusplus.c:28)
27  com.apple.Foundation     	0x928ed538 -[NSURLConnection(NSURLConnectionInternal) 
_sendDidReceiveDataCallback] + 564
28  com.apple.Foundation     	0x928eb9ac -[NSURLConnection(NSURLConnectionInternal) 
_sendCallbacks] + 440
29  com.apple.Foundation     	0x928eb778 _sendCallbacks + 156
30  com.apple.CoreFoundation 	0x90758d2c __CFRunLoopDoSources0 + 384
31  com.apple.CoreFoundation 	0x9075825c __CFRunLoopRun + 452
32  com.apple.CoreFoundation 	0x90757cdc CFRunLoopRunSpecific + 268
33  com.apple.HIToolbox      	0x93161be0 RunCurrentEventLoopInMode + 264
34  com.apple.HIToolbox      	0x93161274 ReceiveNextEventCommon + 380
35  com.apple.HIToolbox      	0x931610e0 BlockUntilNextEventMatchingListInMode + 96
36  com.apple.AppKit         	0x9365c704 _DPSNextEvent + 384
37  com.apple.AppKit         	0x9365c3c8 -[NSApplication 
nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
38  com.apple.SafariDev      	0x00006bbc 0x1000 + 23484
39  com.apple.AppKit         	0x9365890c -[NSApplication run] + 472
40  com.apple.AppKit         	0x93749284 NSApplicationMain + 452
41  com.apple.SafariDev      	0x000021e8 0x1000 + 4584
42  com.apple.SafariDev      	0x00056e28 0x1000 + 351784
Comment 8 Jon 2005-08-09 01:57:53 PDT
Another one, this time while loading a page at MacNN. I'm including a more complete crash report this 
time.

Date/Time:      2005-08-09 03:55:41.235 -0500
OS Version:     10.4.3 (Build 8F8)
Report Version: 3

Command: SafariDev
Path:    /Applications/SafariDev.app/Contents/MacOS/SafariDev
Parent:  WindowServer [58]

Version:        2.0.1+ (412.5+)
Build Version:  3
Project Name:   WebBrowser
Source Version: 4120500+

PID:    466
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000004

Thread 0 Crashed:
0   com.apple.JavaScriptCore 	0x00469418 KJS::ValueImp::marked() const + 12 (icplusplus.c:28)
1   com.apple.JavaScriptCore 	0x0043a818 KJS::ObjectImp::mark() + 40 (icplusplus.c:28)
2   com.apple.JavaScriptCore 	0x0041cfc4 KJS::Collector::markStackObjectsConservatively(void*, void*) 
+ 236 (icplusplus.c:28)
3   com.apple.JavaScriptCore 	0x0041d0b0 KJS::Collector::markCurrentThreadConservatively() + 40 
(icplusplus.c:28)
4   com.apple.JavaScriptCore 	0x0041d0dc KJS::Collector::markStackObjectsConservatively() + 28 
(icplusplus.c:28)
5   com.apple.JavaScriptCore 	0x0041d170 KJS::Collector::collect() + 80 (icplusplus.c:28)
6   com.apple.JavaScriptCore 	0x0041d414 KJS::Collector::allocate(unsigned long) + 60 (icplusplus.c:
28)
7   com.apple.JavaScriptCore 	0x00439864 KJS::ObjectPrototypeImp::ObjectPrototypeImp[in-charge]
(KJS::ExecState*, KJS::FunctionPrototypeImp*) + 248 (icplusplus.c:28)
8   com.apple.JavaScriptCore 	0x00428954 KJS::InterpreterImp::initGlobalObject() + 136 (icplusplus.c:
28)
9   com.apple.JavaScriptCore 	0x00429ffc KJS::InterpreterImp::InterpreterImp[in-charge]
(KJS::Interpreter*, KJS::ObjectImp*) + 436 (icplusplus.c:28)
10  com.apple.JavaScriptCore 	0x0042a3d0 KJS::Interpreter::Interpreter[not-in-charge]
(KJS::ObjectImp*) + 104 (icplusplus.c:28)
11  com.apple.WebCore        	0x0107bae0 KJS::ScriptInterpreter::ScriptInterpreter[in-charge]
(KJS::ObjectImp*, KHTMLPart*) + 36 (icplusplus.c:28)
12  com.apple.WebCore        	0x0109dd40 KJSProxyImpl::initScript() + 100 (icplusplus.c:28)
13  com.apple.WebCore        	0x0109df10 KJSProxyImpl::interpreter() + 36 (icplusplus.c:28)
14  com.apple.WebCore        	0x0109fc48 KJS::Window::retrieve(KHTMLPart*) + 48 (icplusplus.c:28)
15  com.apple.WebCore        	0x010a145c KJS::Window::retrieveWindow(KHTMLPart*) + 16 
(icplusplus.c:28)
16  com.apple.WebCore        	0x0101a974 KWQKHTMLPart::windowScriptObject() + 44 (icplusplus.c:
28)
17  com.apple.WebKit         	0x0031f894 -[WebBridge windowObjectCleared] + 88 (icplusplus.c:28)
18  com.apple.WebCore        	0x0105b570 KHTMLPart::begin(KURL const&, int, int) + 104 
(icplusplus.c:28)
19  com.apple.WebCore        	0x01058984 KHTMLPart::receivedFirstData() + 124 (icplusplus.c:28)
20  com.apple.WebCore        	0x0101bc78 KWQKHTMLPart::setEncoding(QString const&, bool) + 56 
(icplusplus.c:28)
21  com.apple.WebCore        	0x0104f8ac -[WebCoreBridge setEncoding:userChosen:] + 60 
(icplusplus.c:28)
22  com.apple.WebKit         	0x0031c694 -[WebBridge receivedData:textEncodingName:] + 100 
(icplusplus.c:28)
23  com.apple.WebKit         	0x0032eec4 -[WebDataSource(WebPrivate) _receivedData:] + 108 
(icplusplus.c:28)
24  com.apple.WebKit         	0x0034e080 -[WebMainResourceLoader addData:] + 88 (icplusplus.c:
28)
25  com.apple.WebKit         	0x0032bb74 -[WebLoader didReceiveData:lengthReceived:] + 68 
(icplusplus.c:28)
26  com.apple.WebKit         	0x0034ea14 -[WebMainResourceLoader 
didReceiveData:lengthReceived:] + 140 (icplusplus.c:28)
27  com.apple.WebKit         	0x0032c064 -[WebLoader connection:didReceiveData:lengthReceived:] 
+ 64 (icplusplus.c:28)
28  com.apple.Foundation     	0x928ed538 -[NSURLConnection(NSURLConnectionInternal) 
_sendDidReceiveDataCallback] + 564
29  com.apple.Foundation     	0x928eb9ac -[NSURLConnection(NSURLConnectionInternal) 
_sendCallbacks] + 440
30  com.apple.Foundation     	0x928eb778 _sendCallbacks + 156
31  com.apple.CoreFoundation 	0x90758d2c __CFRunLoopDoSources0 + 384
32  com.apple.CoreFoundation 	0x9075825c __CFRunLoopRun + 452
33  com.apple.CoreFoundation 	0x90757cdc CFRunLoopRunSpecific + 268
34  com.apple.HIToolbox      	0x93161be0 RunCurrentEventLoopInMode + 264
35  com.apple.HIToolbox      	0x93161274 ReceiveNextEventCommon + 380
36  com.apple.HIToolbox      	0x931610e0 BlockUntilNextEventMatchingListInMode + 96
37  com.apple.AppKit         	0x9365c704 _DPSNextEvent + 384
38  com.apple.AppKit         	0x9365c3c8 -[NSApplication 
nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
39  com.apple.Safari         	0x00006ba8 0x1000 + 23464
40  com.apple.AppKit         	0x9365890c -[NSApplication run] + 472
41  com.apple.AppKit         	0x93749284 NSApplicationMain + 452
42  com.apple.Safari         	0x000021e4 0x1000 + 4580
43  com.apple.Safari         	0x00056e14 0x1000 + 351764

Thread 1:
0   libSystem.B.dylib        	0x9000b3e8 mach_msg_trap + 8
1   libSystem.B.dylib        	0x9000b33c mach_msg + 60
2   com.apple.CoreFoundation 	0x907583d8 __CFRunLoopRun + 832
3   com.apple.CoreFoundation 	0x90757cdc CFRunLoopRunSpecific + 268
4   com.apple.Foundation     	0x928c9ec4 -[NSRunLoop runMode:beforeDate:] + 172
5   com.apple.Foundation     	0x928c9dfc -[NSRunLoop run] + 76
6   com.apple.WebKit         	0x00367730 +[WebFileDatabase _syncLoop:] + 176 (icplusplus.c:28)
7   com.apple.Foundation     	0x928baf34 forkThreadForFunction + 108
8   libSystem.B.dylib        	0x9002b3c0 _pthread_body + 96

Thread 2:
0   libSystem.B.dylib        	0x9000b3e8 mach_msg_trap + 8
1   libSystem.B.dylib        	0x9000b33c mach_msg + 60
2   com.apple.CoreFoundation 	0x907583d8 __CFRunLoopRun + 832
3   com.apple.CoreFoundation 	0x90757cdc CFRunLoopRunSpecific + 268
4   com.apple.Foundation     	0x928e23e0 +[NSURLConnection(NSURLConnectionInternal) 
_resourceLoadLoop:] + 264
5   com.apple.Foundation     	0x928baf34 forkThreadForFunction + 108
6   libSystem.B.dylib        	0x9002b3c0 _pthread_body + 96

Thread 3:
0   libSystem.B.dylib        	0x9000b3e8 mach_msg_trap + 8
1   libSystem.B.dylib        	0x9000b33c mach_msg + 60
2   com.apple.CoreFoundation 	0x907583d8 __CFRunLoopRun + 832
3   com.apple.CoreFoundation 	0x90757cdc CFRunLoopRunSpecific + 268
4   com.apple.Foundation     	0x928e3520 +[NSURLCache _diskCacheSyncLoop:] + 152
5   com.apple.Foundation     	0x928baf34 forkThreadForFunction + 108
6   libSystem.B.dylib        	0x9002b3c0 _pthread_body + 96

Thread 4:
0   libSystem.B.dylib        	0x9002ba68 semaphore_wait_signal_trap + 8
1   libSystem.B.dylib        	0x900301dc pthread_cond_wait + 488
2   com.apple.Foundation     	0x928c20a0 -[NSConditionLock lockWhenCondition:] + 68
3   com.apple.Syndication    	0x9b212ab0 -[AsyncDB _run:] + 192
4   com.apple.Foundation     	0x928baf34 forkThreadForFunction + 108
5   libSystem.B.dylib        	0x9002b3c0 _pthread_body + 96

Thread 5:
0   libSystem.B.dylib        	0x9001f3cc select + 12
1   com.apple.CoreFoundation 	0x9076ac6c __CFSocketManager + 472
2   libSystem.B.dylib        	0x9002b3c0 _pthread_body + 96

Thread 6:
0   libSystem.B.dylib        	0x9000b3e8 mach_msg_trap + 8
1   libSystem.B.dylib        	0x9000b33c mach_msg + 60
2   com.apple.CoreFoundation 	0x907583d8 __CFRunLoopRun + 832
3   com.apple.CoreFoundation 	0x90757cdc CFRunLoopRunSpecific + 268
4   com.apple.Foundation     	0x928c9ec4 -[NSRunLoop runMode:beforeDate:] + 172
5   com.apple.Foundation     	0x928c9dfc -[NSRunLoop run] + 76
6   com.apple.Safari         	0x00035928 0x1000 + 215336
7   com.apple.Foundation     	0x928baf34 forkThreadForFunction + 108
8   libSystem.B.dylib        	0x9002b3c0 _pthread_body + 96

Thread 0 crashed with PPC Thread State 64:
  srr0: 0x0000000000469418 srr1: 0x000000000000f030                        vrsave: 
0x0000000000000000
    cr: 0x24002248          xer: 0x0000000000000014   lr: 0x000000000043a818  ctr: 
0x000000000046940c
    r0: 0x0000000000000000   r1: 0x00000000bfffd190   r2: 0x00000000004dab48   r3: 
0x0000000000000000
    r4: 0x00000000c0000000   r5: 0x000000000041d09c   r6: 0x00000000bfffd2f0   r7: 
0x0000000000000000
    r8: 0x00000000bfffd2dc   r9: 0x000000000470d0e4  r10: 0x000000000470d008  r11: 
0x00000000004d95c4
   r12: 0x000000000046940c  r13: 0x0000000000000000  r14: 0x00000000bfffd7f4  r15: 
0x00000000bfffd7f8
   r16: 0x00000000bfffd7fc  r17: 0x00000000bfffd800  r18: 0x0000000000006547  r19: 
0x00000000bfffd804
   r20: 0x00000000077cd1c4  r21: 0x00000000077cd1c0  r22: 0x00000000077cd1bc  r23: 
0x0000000004a66720
   r24: 0x00000000077cd1d0  r25: 0x00000000077cd1c8  r26: 0x0000000004a66720  r27: 
0x000000000000002c
   r28: 0x00000000000007f6  r29: 0x0000000000000000  r30: 0x0000000004a66720  r31: 
0x000000000041cee4

Binary Images Description:
    0x1000 -    0xd8fff com.apple.Safari 2.0.1+ (412.5+)	/Applications/SafariDev.app/Contents/
MacOS/SafariDev
  0x305000 -   0x39ffff com.apple.WebKit 412+	/Users/jshier/Programming/WebKit-Dev/
WebKitBuild/Deployment/WebKit.framework/Versions/A/WebKit
  0x418000 -   0x4d5fff com.apple.JavaScriptCore 412.1	/Users/jshier/Programming/WebKit-Dev/
WebKitBuild/Deployment/JavaScriptCore.framework/Versions/A/JavaScriptCore
 0x1008000 -  0x1221fff com.apple.WebCore 413.1	/Users/jshier/Programming/WebKit-Dev/
WebKitBuild/Deployment/WebCore.framework/Versions/A/WebCore
 0x14d9000 -  0x14d9fff com.apple.SpotLightCM 1.0 (121)	/System/Library/Contextual Menu 
Items/SpotlightCM.plugin/Contents/MacOS/SpotlightCM
 0x452b000 -  0x452dfff com.apple.AutomatorCMM 1.0 (48)	/System/Library/Contextual Menu 
Items/AutomatorCMM.plugin/Contents/MacOS/AutomatorCMM
 0x45d0000 -  0x45e9fff GLDriver 	/System/Library/Frameworks/OpenGL.framework/Versions/A/
Resources/GLDriver.bundle/GLDriver
 0x4d30000 -  0x4d36fff com.apple.DictionaryServiceComponent 1.0.0
	/System/Library/Components/DictionaryService.component/Contents/MacOS/DictionaryService
 0x4d57000 -  0x4d5bfff com.apple.FolderActionsMenu 1.3	/System/Library/Contextual Menu 
Items/FolderActionsMenu.plugin/Contents/MacOS/FolderActionsMenu
 0x4dc3000 -  0x4e9ffff com.divxnetworks.DivXCodec 5.1.1	/Library/QuickTime/DivX 5.component/
Contents/MacOS/DivX 5
 0x553f000 -  0x55a7fff com.apple.ATIRage128GLDriver 1.4.4 (4.0.4)
	/System/Library/Extensions/ATIRage128GLDriver.bundle/Contents/MacOS/ATIRage128GLDriver
 0x5656000 -  0x5677fff GLRendererFloat 	/System/Library/Frameworks/OpenGL.framework/
Versions/A/Resources/GLRendererFloat.bundle/GLRendererFloat
 0x5a8c000 -  0x5cadfff com.macromedia.Flash Player.plugin 8.0.0 (1.0.1b434)
	/Library/Internet Plug-Ins/Flash Player.plugin/Contents/MacOS/Flash Player
 0x6de6000 -  0x6ef3fff GLEngine 	/System/Library/Frameworks/OpenGL.framework/Resources/
GLEngine.bundle/GLEngine
0x8fe00000 - 0x8fe54fff dyld 44	/usr/lib/dyld
0x90000000 - 0x901b3fff libSystem.B.dylib 	/usr/lib/libSystem.B.dylib
0x9020b000 - 0x9020ffff libmathCommon.A.dylib 	/usr/lib/system/libmathCommon.A.dylib
0x90211000 - 0x90264fff com.apple.CoreText 1.0.0 (???)	/System/Library/Frameworks/
ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText
0x90291000 - 0x90342fff ATS 	/System/Library/Frameworks/ApplicationServices.framework/
Versions/A/Frameworks/ATS.framework/Versions/A/ATS
0x90371000 - 0x906aafff com.apple.CoreGraphics 1.256.14 (???)
	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/
CoreGraphics.framework/Versions/A/CoreGraphics
0x90735000 - 0x9080efff com.apple.CoreFoundation 6.4.2 (368.11)
	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x90857000 - 0x90857fff com.apple.CoreServices 10.4 (???)	/System/Library/Frameworks/
CoreServices.framework/Versions/A/CoreServices
0x90859000 - 0x9095bfff libicucore.A.dylib 	/usr/lib/libicucore.A.dylib
0x909b5000 - 0x90a39fff libobjc.A.dylib 	/usr/lib/libobjc.A.dylib
0x90a63000 - 0x90ad7fff com.apple.framework.IOKit 1.4.1 (???)
	/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x90af1000 - 0x90b03fff libauto.dylib 	/usr/lib/libauto.dylib
0x90b0a000 - 0x90de1fff com.apple.CoreServices.CarbonCore 10.4.3 (659)
	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/
CarbonCore.framework/Versions/A/CarbonCore
0x90e47000 - 0x90ec7fff com.apple.CoreServices.OSServices 4.1
	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/
OSServices.framework/Versions/A/OSServices
0x90f11000 - 0x90f52fff com.apple.CFNetwork 10.4.3 (129.2)
	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/
CFNetwork.framework/Versions/A/CFNetwork
0x90f67000 - 0x90f7ffff com.apple.WebServices 1.1.2 (1.1.0)	/System/Library/Frameworks/
CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/
WebServicesCore
0x90f8f000 - 0x9100dfff com.apple.SearchKit 1.0.3	/System/Library/Frameworks/
CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit
0x91052000 - 0x91079fff com.apple.Metadata 1.1 (121.6)	/System/Library/Frameworks/
CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata
0x91089000 - 0x91096fff libz.1.dylib 	/usr/lib/libz.1.dylib
0x91099000 - 0x9125bfff com.apple.security 4.0.1 (223)	/System/Library/Frameworks/
Security.framework/Versions/A/Security
0x9135d000 - 0x91366fff com.apple.DiskArbitration 2.1	/System/Library/Frameworks/
DiskArbitration.framework/Versions/A/DiskArbitration
0x9136d000 - 0x91394fff com.apple.SystemConfiguration 1.8.0
	/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
0x913a7000 - 0x913affff libbsm.dylib 	/usr/lib/libbsm.dylib
0x913b3000 - 0x91431fff com.apple.audio.CoreAudio 3.0.1	/System/Library/Frameworks/
CoreAudio.framework/Versions/A/CoreAudio
0x9146f000 - 0x9146ffff com.apple.ApplicationServices 10.4 (???)
	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
0x91471000 - 0x914a9fff com.apple.AE 1.5 (297)	/System/Library/Frameworks/
ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE
0x914c4000 - 0x9158ffff com.apple.ColorSync 4.4	/System/Library/Frameworks/
ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync
0x915e4000 - 0x91677fff com.apple.print.framework.PrintCore 4.0 (172.1)
	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/
PrintCore.framework/Versions/A/PrintCore
0x916bd000 - 0x9177afff com.apple.QD 3.8.6 (???)	/System/Library/Frameworks/
ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD
0x917b8000 - 0x91816fff com.apple.HIServices 1.5.0 (???)	/System/Library/Frameworks/
ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices
0x91844000 - 0x91868fff com.apple.LangAnalysis 1.6.1	/System/Library/Frameworks/
ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/
LangAnalysis
0x9187c000 - 0x918a1fff com.apple.FindByContent 1.5	/System/Library/Frameworks/
ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/
FindByContent
0x918b4000 - 0x918f5fff com.apple.LaunchServices 10.4.5 (160)
	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/
LaunchServices.framework/Versions/A/LaunchServices
0x91910000 - 0x91924fff com.apple.speech.synthesis.framework 3.3
	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/
SpeechSynthesis.framework/Versions/A/SpeechSynthesis
0x91932000 - 0x91964fff com.apple.ImageIO.framework 1.0.3
	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/
ImageIO.framework/Versions/A/ImageIO
0x91978000 - 0x91a3afff libcrypto.0.9.7.dylib 	/usr/lib/libcrypto.0.9.7.dylib
0x91a86000 - 0x91a9bfff libcups.2.dylib 	/usr/lib/libcups.2.dylib
0x91aa0000 - 0x91abcfff libJPEG.dylib 	/System/Library/Frameworks/ApplicationServices.framework/
Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib
0x91ac1000 - 0x91b30fff libJP2.dylib 	/System/Library/Frameworks/ApplicationServices.framework/
Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib
0x91b47000 - 0x91b4bfff libGIF.dylib 	/System/Library/Frameworks/ApplicationServices.framework/
Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib
0x91b4d000 - 0x91b75fff libRaw.dylib 	/System/Library/Frameworks/ApplicationServices.framework/
Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib
0x91b79000 - 0x91bbcfff libTIFF.dylib 	/System/Library/Frameworks/ApplicationServices.framework/
Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib
0x91bc3000 - 0x91bdcfff libPng.dylib 	/System/Library/Frameworks/ApplicationServices.framework/
Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
0x91be1000 - 0x91be4fff libRadiance.dylib 	/System/Library/Frameworks/
ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/
libRadiance.dylib
0x91be6000 - 0x91be6fff com.apple.Accelerate 1.1.1 (Accelerate 1.1.1)
	/System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
0x91be8000 - 0x91cd2fff com.apple.vImage 2.0	/System/Library/Frameworks/
Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage
0x91cda000 - 0x91cf9fff com.apple.Accelerate.vecLib 3.1.1 (vecLib 3.1.1)
	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/
Versions/A/vecLib
0x91d65000 - 0x91d6dfff libgcc_s.1.dylib 	/usr/lib/libgcc_s.1.dylib
0x91d72000 - 0x91d92fff libmx.A.dylib 	/usr/lib/libmx.A.dylib
0x91d98000 - 0x91dfdfff libvMisc.dylib 	/System/Library/Frameworks/Accelerate.framework/
Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib
0x91e07000 - 0x91e99fff libvDSP.dylib 	/System/Library/Frameworks/Accelerate.framework/
Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib
0x91eb3000 - 0x92443fff libBLAS.dylib 	/System/Library/Frameworks/Accelerate.framework/
Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
0x9248b000 - 0x9279bfff libLAPACK.dylib 	/System/Library/Frameworks/Accelerate.framework/
Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib
0x927c8000 - 0x92853fff com.apple.DesktopServices 1.3.1	/System/Library/PrivateFrameworks/
DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv
0x92895000 - 0x92abefff com.apple.Foundation 6.4.1 (567.12)
	/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x92bdc000 - 0x92cbafff libxml2.2.dylib 	/usr/lib/libxml2.2.dylib
0x92cda000 - 0x92dc8fff libiconv.2.dylib 	/usr/lib/libiconv.2.dylib
0x92dda000 - 0x92df8fff libGL.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/
A/Libraries/libGL.dylib
0x92e03000 - 0x92e5dfff libGLU.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/
A/Libraries/libGLU.dylib
0x92e7b000 - 0x92e7bfff com.apple.Carbon 10.4 (???)	/System/Library/Frameworks/
Carbon.framework/Versions/A/Carbon
0x92e7d000 - 0x92e91fff com.apple.ImageCapture 3.0	/System/Library/Frameworks/
Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture
0x92ea9000 - 0x92eb9fff com.apple.speech.recognition.framework 3.4
	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/
SpeechRecognition.framework/Versions/A/SpeechRecognition
0x92ec5000 - 0x92edafff com.apple.securityhi 2.0 (203)	/System/Library/Frameworks/
Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI
0x92eec000 - 0x92f73fff com.apple.ink.framework 101.2 (69)	/System/Library/Frameworks/
Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink
0x92f87000 - 0x92f92fff com.apple.help 1.0.3 (32)	/System/Library/Frameworks/Carbon.framework/
Versions/A/Frameworks/Help.framework/Versions/A/Help
0x92f9c000 - 0x92fc9fff com.apple.openscripting 1.2.2 (???)	/System/Library/Frameworks/
Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting
0x92fe3000 - 0x92ff3fff com.apple.print.framework.Print 4.0 (187)
	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/
Versions/A/Print
0x92fff000 - 0x93065fff com.apple.htmlrendering 1.1.2	/System/Library/Frameworks/
Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering
0x93096000 - 0x930e8fff com.apple.NavigationServices 3.4.1 (3.4)
	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/
NavigationServices.framework/Versions/A/NavigationServices
0x93114000 - 0x93131fff com.apple.audio.SoundManager 3.9
	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/
CarbonSound.framework/Versions/A/CarbonSound
0x93143000 - 0x93150fff com.apple.CommonPanels 1.2.2 (73)
	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/
CommonPanels.framework/Versions/A/CommonPanels
0x93159000 - 0x93469fff com.apple.HIToolbox 1.4.2 (???)	/System/Library/Frameworks/
Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox
0x935b4000 - 0x935c0fff com.apple.opengl 1.4.3	/System/Library/Frameworks/OpenGL.framework/
Versions/A/OpenGL
0x935c5000 - 0x935e6fff com.apple.DirectoryService.Framework 2.0.1
	/System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService
0x93652000 - 0x93652fff com.apple.Cocoa 6.4 (???)	/System/Library/Frameworks/
Cocoa.framework/Versions/A/Cocoa
0x93654000 - 0x93c86fff com.apple.AppKit 6.4.3 (824.12)	/System/Library/Frameworks/
AppKit.framework/Versions/C/AppKit
0x94012000 - 0x94080fff com.apple.CoreData 50 (52)	/System/Library/Frameworks/
CoreData.framework/Versions/A/CoreData
0x940b9000 - 0x94183fff com.apple.audio.toolbox.AudioToolbox 1.4.1
	/System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
0x941d7000 - 0x941d7fff com.apple.audio.units.AudioUnit 1.4
	/System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
0x941d9000 - 0x9434cfff com.apple.QuartzCore 1.4.1	/System/Library/Frameworks/
QuartzCore.framework/Versions/A/QuartzCore
0x94395000 - 0x943d2fff libsqlite3.0.dylib 	/usr/lib/libsqlite3.0.dylib
0x943da000 - 0x94429fff libGLImage.dylib 	/System/Library/Frameworks/OpenGL.framework/
Versions/A/Libraries/libGLImage.dylib
0x944b8000 - 0x944f0fff com.apple.vmutils 4.0.0 (85)	/System/Library/PrivateFrameworks/
vmutils.framework/Versions/A/vmutils
0x94533000 - 0x9454ffff com.apple.securityfoundation 2.0 (262)
	/System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation
0x94563000 - 0x945a6fff com.apple.securityinterface 2.0 (256)
	/System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface
0x945ca000 - 0x945d9fff libCGATS.A.dylib 	/System/Library/Frameworks/
ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/
Resources/libCGATS.A.dylib
0x945e1000 - 0x945edfff libCSync.A.dylib 	/System/Library/Frameworks/
ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/
Resources/libCSync.A.dylib
0x94632000 - 0x94646fff libRIP.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/
Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib
0x9464c000 - 0x948aefff com.apple.QuickTime 7.0.1	/System/Library/Frameworks/
QuickTime.framework/Versions/A/QuickTime
0x94981000 - 0x949a0fff com.apple.vecLib 3.1.1 (vecLib 3.1.1)
	/System/Library/Frameworks/vecLib.framework/Versions/A/vecLib
0x94b0e000 - 0x94c3bfff com.apple.AddressBook.framework 4.0.2 (475)
	/System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook
0x94ccc000 - 0x94cdbfff com.apple.DSObjCWrappers.Framework 1.1
	/System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers
0x94ce3000 - 0x94d10fff com.apple.LDAPFramework 1.4.1 (68.0.1)
	/System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
0x94d17000 - 0x94d27fff libsasl2.2.dylib 	/usr/lib/libsasl2.2.dylib
0x94d2b000 - 0x94d59fff libssl.0.9.7.dylib 	/usr/lib/libssl.0.9.7.dylib
0x94d69000 - 0x94d86fff libresolv.9.dylib 	/usr/lib/libresolv.9.dylib
0x95493000 - 0x95516fff libstdc++.6.dylib 	/usr/lib/libstdc++.6.dylib
0x9609e000 - 0x960c7fff libxslt.1.dylib 	/usr/lib/libxslt.1.dylib
0x96939000 - 0x9694ffff libJapaneseConverter.dylib 	/System/Library/CoreServices/Encodings/
libJapaneseConverter.dylib
0x97a87000 - 0x97b9efff libGLProgrammability.dylib 	/System/Library/Frameworks/
OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib
0x97c17000 - 0x97c18fff libGLSystem.dylib 	/System/Library/Frameworks/OpenGL.framework/
Versions/A/Libraries/libGLSystem.dylib
0x97c1a000 - 0x97c27fff com.apple.agl 2.5.6 (AGL-2.5.6)	/System/Library/Frameworks/
AGL.framework/Versions/A/AGL
0x99724000 - 0x99eb6fff com.apple.QuickTimeComponents.component 7.0.1
	/System/Library/QuickTime/QuickTimeComponents.component/Contents/MacOS/
QuickTimeComponents
0x9b210000 - 0x9b243fff com.apple.Syndication 1.0.1 (38)	/System/Library/PrivateFrameworks/
Syndication.framework/Versions/A/Syndication
0x9b25e000 - 0x9b26efff com.apple.SyndicationUI 1.0.1 (38)	/System/Library/PrivateFrameworks/
SyndicationUI.framework/Versions/A/SyndicationUI

Model: PowerBook4,1, BootROM 4.2.0f4, 1 processors, PowerPC 750  (33.11), 500 MHz, 384 MB
Graphics: ATY,RageM3, ATY,RageM3, AGP, 8 MB
Memory Module: DIMM0/BUILT-IN, 128 MB, built-in, built-in
Memory Module: DIMM1/J12, 256 MB, SDRAM, PC100-222S
AirPort: AirPort, 9.52
Modem: MiniSpring-DCP, UCJ, V.90, 1.0F, APPLE VERSION 0010DCP, 6/10/2001
Network Service: Built-in Ethernet, Ethernet, en0
Parallel ATA Device: TOSHIBA MK1017GAP, 9.37 GB
Parallel ATA Device: TOSHIBA DVD-ROM SD-R2002, 
USB Device: USB-PS/2 Optical Mouse, Logitech, Up to 1.5 Mb/sec, 500 mA
Comment 9 Jon 2005-08-09 06:46:23 PDT
Another crash, this time while loading and scrolling MacNN's main page. 

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000004

Thread 0 Crashed:
0   com.apple.JavaScriptCore 	0x00469418 KJS::ValueImp::marked() const + 12 (icplusplus.c:28)
1   com.apple.JavaScriptCore 	0x0043a818 KJS::ObjectImp::mark() + 40 (icplusplus.c:28)
2   com.apple.JavaScriptCore 	0x0041cfc4 KJS::Collector::markStackObjectsConservatively(void*, void*) 
+ 236 (icplusplus.c:28)
3   com.apple.JavaScriptCore 	0x0041d0b0 KJS::Collector::markCurrentThreadConservatively() + 40 
(icplusplus.c:28)
4   com.apple.JavaScriptCore 	0x0041d0dc KJS::Collector::markStackObjectsConservatively() + 28 
(icplusplus.c:28)
5   com.apple.JavaScriptCore 	0x0041d170 KJS::Collector::collect() + 80 (icplusplus.c:28)
6   com.apple.JavaScriptCore 	0x0041d414 KJS::Collector::allocate(unsigned long) + 60 (icplusplus.c:
28)
7   com.apple.JavaScriptCore 	0x00422040 KJS::FunctionPrototypeImp::FunctionPrototypeImp[in-
charge](KJS::ExecState*) + 92 (icplusplus.c:28)
8   com.apple.JavaScriptCore 	0x00428924 KJS::InterpreterImp::initGlobalObject() + 88 (icplusplus.c:
28)
9   com.apple.JavaScriptCore 	0x00429ffc KJS::InterpreterImp::InterpreterImp[in-charge]
(KJS::Interpreter*, KJS::ObjectImp*) + 436 (icplusplus.c:28)
10  com.apple.JavaScriptCore 	0x0042a3d0 KJS::Interpreter::Interpreter[not-in-charge]
(KJS::ObjectImp*) + 104 (icplusplus.c:28)
11  com.apple.WebCore        	0x0107bae0 KJS::ScriptInterpreter::ScriptInterpreter[in-charge]
(KJS::ObjectImp*, KHTMLPart*) + 36 (icplusplus.c:28)
12  com.apple.WebCore        	0x0109dd40 KJSProxyImpl::initScript() + 100 (icplusplus.c:28)
13  com.apple.WebCore        	0x0109df10 KJSProxyImpl::interpreter() + 36 (icplusplus.c:28)
14  com.apple.WebCore        	0x0109fc48 KJS::Window::retrieve(KHTMLPart*) + 48 (icplusplus.c:28)
15  com.apple.WebCore        	0x010a145c KJS::Window::retrieveWindow(KHTMLPart*) + 16 
(icplusplus.c:28)
16  com.apple.WebCore        	0x0101a974 KWQKHTMLPart::windowScriptObject() + 44 (icplusplus.c:
28)
17  com.apple.WebKit         	0x0031f894 -[WebBridge windowObjectCleared] + 88 (icplusplus.c:28)
18  com.apple.WebCore        	0x0105b570 KHTMLPart::begin(KURL const&, int, int) + 104 
(icplusplus.c:28)
19  com.apple.WebCore        	0x01058984 KHTMLPart::receivedFirstData() + 124 (icplusplus.c:28)
20  com.apple.WebCore        	0x0101bc78 KWQKHTMLPart::setEncoding(QString const&, bool) + 56 
(icplusplus.c:28)
21  com.apple.WebCore        	0x0104f8ac -[WebCoreBridge setEncoding:userChosen:] + 60 
(icplusplus.c:28)
22  com.apple.WebKit         	0x0031c694 -[WebBridge receivedData:textEncodingName:] + 100 
(icplusplus.c:28)
23  com.apple.WebKit         	0x0032eec4 -[WebDataSource(WebPrivate) _receivedData:] + 108 
(icplusplus.c:28)
24  com.apple.WebKit         	0x0034e080 -[WebMainResourceLoader addData:] + 88 (icplusplus.c:
28)
25  com.apple.WebKit         	0x0032bb74 -[WebLoader didReceiveData:lengthReceived:] + 68 
(icplusplus.c:28)
26  com.apple.WebKit         	0x0034ea14 -[WebMainResourceLoader 
didReceiveData:lengthReceived:] + 140 (icplusplus.c:28)
27  com.apple.WebKit         	0x0032c064 -[WebLoader connection:didReceiveData:lengthReceived:] 
+ 64 (icplusplus.c:28)
28  com.apple.Foundation     	0x928ed538 -[NSURLConnection(NSURLConnectionInternal) 
_sendDidReceiveDataCallback] + 564
29  com.apple.Foundation     	0x928eb9ac -[NSURLConnection(NSURLConnectionInternal) 
_sendCallbacks] + 440
30  com.apple.Foundation     	0x928eb778 _sendCallbacks + 156
31  com.apple.CoreFoundation 	0x90758d2c __CFRunLoopDoSources0 + 384
32  com.apple.CoreFoundation 	0x9075825c __CFRunLoopRun + 452
33  com.apple.CoreFoundation 	0x90757cdc CFRunLoopRunSpecific + 268
34  com.apple.HIToolbox      	0x93161be0 RunCurrentEventLoopInMode + 264
35  com.apple.HIToolbox      	0x93161274 ReceiveNextEventCommon + 380
36  com.apple.HIToolbox      	0x931610e0 BlockUntilNextEventMatchingListInMode + 96
37  com.apple.AppKit         	0x9365c704 _DPSNextEvent + 384
38  com.apple.AppKit         	0x9365c3c8 -[NSApplication 
nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
39  com.apple.Safari         	0x00006ba8 0x1000 + 23464
40  com.apple.AppKit         	0x9365890c -[NSApplication run] + 472
41  com.apple.AppKit         	0x93749284 NSApplicationMain + 452
42  com.apple.Safari         	0x000021e4 0x1000 + 4580
43  com.apple.Safari         	0x00056e14 0x1000 + 351764
Comment 10 Darin Adler 2005-08-11 12:07:10 PDT
Mitz says this is happening often enough on TOT that he's finding it unlivable.
Comment 11 mitz 2005-08-13 02:55:55 PDT
The problem seems to be that _proto is null in ObjectImp::mark().

There was another crash due to null _proto, <rdar://problem/4207220>, which ggaren patched by 
adding a check in ObjectImp::hasProperty (which was later removed).

According to ggaren, the long-term plan is to avoid null checks by using JS Null() instead of null pointers. 
I'm not sure if that's been implemented already (if so, obviously there's a bug in the implementation).

Meanwhile, adding a null check in ObjectImp::mark() should fix this crash. I'll submit a patch.
Comment 12 mitz 2005-08-13 03:04:04 PDT
Created attachment 3358 [details]
null pointer check
Comment 13 Eric Seidel (no email) 2005-08-13 03:16:42 PDT
*** Bug 4402 has been marked as a duplicate of this bug. ***
Comment 14 Darin Adler 2005-08-13 23:18:46 PDT
Comment on attachment 3358 [details]
null pointer check

This is not how we want to fix this. Prototypes should never be NULL, and it
helps performance to not have the NULL check. We want to figure out why the
prototype is NULL at this point and fix that instead.
Comment 15 Darin Adler 2005-08-13 23:24:20 PDT
Maciej's check-in on 2005-08-06 was supposed to fix this. Are we still seeing this in cases where we built 
after 08-06? If so, then what object had a NULL for its prototype pointer after that change?
Comment 16 mitz 2005-08-13 23:38:29 PDT
(In reply to comment #15)
> Are we still seeing this in cases where we built 
> after 08-06?

Definitely. Actually, this only started happening on 08-08.

>  If so, then what object had a NULL for its prototype pointer after that change?

I'll catch one and see.
Comment 17 Darin Adler 2005-08-13 23:58:23 PDT
I'm working on a patch.
Comment 18 Darin Adler 2005-08-14 00:48:56 PDT
Created attachment 3374 [details]
my cut at a fix; eliminates case where prototype could be null

Mitz reproduced the bug and the object was a FunctionPrototypeImp. That led me
to this code setting prototype to 0/NULL.

I added asserts that prototypes are never 0/NULL. I changed
FunctionPrototypeImp to use a prototype of jsNull rather than 0/NULL. And I
simplified some other confusing code that set another variable named "proto" to
0, only to set it to another value one line later.
Comment 19 Darin Adler 2005-08-14 08:51:27 PDT
Mitz said he tested this and it worked for him. I'm going to land it even without review.
Comment 20 Darin Adler 2005-08-14 09:02:45 PDT
Comment on attachment 3374 [details]
my cut at a fix; eliminates case where prototype could be null

Since this fix is quite straightforward, and it's blocking a lot of people from
using TOT WebKit, I'm going to land this without review.
Comment 21 Geoffrey Garen 2005-08-15 09:45:35 PDT
rr (retroactive reviewer)=me.