Bug 5665 - REGRESSION: Crash in deleteTimer
Summary: REGRESSION: Crash in deleteTimer
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 420+
Hardware: Mac OS X 10.4
: P1 Major
Assignee: Darin Adler
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2005-11-08 15:36 PST by Jon
Modified: 2005-11-08 18:05 PST (History)
0 users

See Also:


Attachments
patch that changes how deletion works with deferral, should fix crash (2.53 KB, patch)
2005-11-08 16:48 PST, Darin Adler
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Jon 2005-11-08 15:36:39 PST
Similar to bug 5661, after general browsing for a period of time (longer than required for 5661 but still 
inevitable), Safari running TOT WebKit will crash with the following: 

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000000

Thread 0 Crashed:
0   com.apple.CoreFoundation 	0x90771be0 CFArraySetValueAtIndex + 56
1   com.apple.WebCore        	0x015d4738 deleteTimer(KWQObjectTimer*) + 72 (KWQObject.mm:201)
2   com.apple.WebCore        	0x015d47a8 QObject::killTimer(int) + 88 (KWQObject.mm:215)
3   com.apple.WebCore        	0x016baf88 DOM::DocumentImpl::dispatchImageLoadEventsNow() + 60 
(dom_docimpl.cpp:2550)
4   com.apple.WebCore        	0x015d4cac sendDeferredTimerEvent(void const*, void*) + 64 
(KWQObject.mm:239)
5   com.apple.CoreFoundation 	0x9076c954 CFArrayApplyFunction + 416
6   com.apple.WebCore        	0x015d48d0 sendDeferredTimerEvents(__CFRunLoopTimer*, void*) + 
112 (KWQObject.mm:254)
7   com.apple.CoreFoundation 	0x90770ae0 __CFRunLoopDoTimer + 184
8   com.apple.CoreFoundation 	0x9075d458 __CFRunLoopRun + 1680
9   com.apple.CoreFoundation 	0x9075ca0c CFRunLoopRunSpecific + 268
10  com.apple.HIToolbox      	0x931831e0 RunCurrentEventLoopInMode + 264
11  com.apple.HIToolbox      	0x93182874 ReceiveNextEventCommon + 380
12  com.apple.HIToolbox      	0x931826e0 BlockUntilNextEventMatchingListInMode + 96
13  com.apple.AppKit         	0x93681904 _DPSNextEvent + 384
14  com.apple.AppKit         	0x936815c8 -[NSApplication 
nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
15  com.apple.Safari         	0x00006ef0 0x1000 + 24304
16  com.apple.AppKit         	0x9367db0c -[NSApplication run] + 472
17  com.apple.AppKit         	0x9376e618 NSApplicationMain + 452
18  com.apple.Safari         	0x0000265c 0x1000 + 5724
19  com.apple.Safari         	0x00056d1c 0x1000 + 351516
Comment 1 Darin Adler 2005-11-08 16:48:51 PST
Created attachment 4633 [details]
patch that changes how deletion works with deferral, should fix crash

Needs a little testing.
Comment 2 Tim Omernick 2005-11-08 18:05:00 PST
I am rolling back Darin's original patch, the one that caused this crash.  We are going to get this code in 
better shape before we commit.