To reproduce, go to http://bdash.net.nz/ then click the "Remove Duplicate Emails from Mail 2.0" link. Crash info: Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000004 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x0011b410 KJS::Interpreter::globalExec() + 0 1 com.apple.JavaScriptCore 0x0014dc54 _NPN_Invoke + 108 2 ...romedia.Flash Player.plugin 0x063ac4ec unuse_netscape_plugin_Plugin + 1320 3 ...romedia.Flash Player.plugin 0x063b9140 Flash_EnforceLocalSecurity + 47880 4 ...romedia.Flash Player.plugin 0x063d2dcc Flash_EnforceLocalSecurity + 153492 5 ...romedia.Flash Player.plugin 0x064872b0 Flash_EnforceLocalSecurity + 892024 6 ...romedia.Flash Player.plugin 0x06486c38 Flash_EnforceLocalSecurity + 890368 7 ...romedia.Flash Player.plugin 0x0646de7c Flash_EnforceLocalSecurity + 788548 8 ...romedia.Flash Player.plugin 0x065143fc native_ShockwaveFlash_TCallFrame + 62608 9 ...romedia.Flash Player.plugin 0x0651c434 native_ShockwaveFlash_TCallFrame + 95432 10 ...romedia.Flash Player.plugin 0x06468ac0 Flash_EnforceLocalSecurity + 767112 11 ...romedia.Flash Player.plugin 0x06464918 Flash_EnforceLocalSecurity + 750304 12 ...romedia.Flash Player.plugin 0x06491340 Flash_EnforceLocalSecurity + 933128 13 ...romedia.Flash Player.plugin 0x064912e8 Flash_EnforceLocalSecurity + 933040 14 ...romedia.Flash Player.plugin 0x064ab944 Flash_EnforceLocalSecurity + 1041164 15 ...romedia.Flash Player.plugin 0x063af0ac Flash_EnforceLocalSecurity + 6772 16 com.apple.WebKit 0x003115a0 -[WebBaseNetscapePluginStream _deliverData] + 272 17 com.apple.WebKit 0x003145c4 -[WebBaseNetscapePluginView(WebNPPCallbacks) evaluateJavaScriptPluginRequest:] + 544 18 com.apple.Foundation 0x928f1138 __NSFireDelayedPerform + 304 19 com.apple.CoreFoundation 0x90770aec __CFRunLoopDoTimer + 184 20 com.apple.CoreFoundation 0x9075d464 __CFRunLoopRun + 1680 21 com.apple.CoreFoundation 0x9075ca18 CFRunLoopRunSpecific + 268 22 com.apple.HIToolbox 0x9318e1e0 RunCurrentEventLoopInMode + 264 23 com.apple.HIToolbox 0x9318d874 ReceiveNextEventCommon + 380 24 com.apple.HIToolbox 0x9318d6e0 BlockUntilNextEventMatchingListInMode + 96 25 com.apple.AppKit 0x9368c104 _DPSNextEvent + 384 26 com.apple.AppKit 0x9368bdc8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 27 com.apple.Safari 0x000072f4 0x1000 + 25332 28 com.apple.AppKit 0x9368830c -[NSApplication run] + 472 29 com.apple.AppKit 0x93778e60 NSApplicationMain + 452 30 com.apple.Safari 0x0005d028 0x1000 + 376872 31 com.apple.Safari 0x0005cecc 0x1000 + 376524 Flash player version 8,0,22,0.
This happened sometime between WebKit-CVS-2005-12-29 08-23-13 GMT.dmg and WebKit-CVS-2005-12-29 11-59-10 GMT.dmg
Rolling out the fix for bug 5518 (<rdar://problem/4325722>) fixes this regression.
Doh! I'll have a look.
The bug here is that a PlugIn root object is referenced by an Netscape PlugIn after having been destroyed. I made the change for #5518 under the assumption that all PlugIns are views, so all PlugIn root objects should be destroyed when the view changes. However, I think that's only true of WebKit PlugIns. Netscape PlugIns seem to survive for the life of the part. If that's the case, I see a few options, none of which I like too much: (1) Destroy Netscape PlugIns when the view changes, so they match the behavior of WebKit PlugIns; (2) Preserve WebKit PlugIns somehow even when the view changes; (3) Find a way to delineate WebKit PlugIn root objects and Netscape PlugIn root objects, and destroy only the former when the view changes. If anyone has any suggestions here, I would appreciate them greatly. Regardless of which solution we pick, I think we should put checks in for Netscape PlugIns to make sure that they can't make calls back to JavaScript after their root objects have been destroyed. (We already do this for WebKit PlugIns.) That might be overkill, though, since the Java PlugIn is the only known violator of that contract.
(In reply to comment #4) > I made the change for #5518 under the assumption that all PlugIns are views, so all PlugIn root objects > should be destroyed when the view changes. However, I think that's only true of WebKit PlugIns. > Netscape PlugIns seem to survive for the life of the part. I think Netscape PlugIns are also views (WebBaseNetscapePluginView). I just noticed something strange about the change for bug 5518: it changed the order of calling cleanupPluginRootObjects() and deref'ing the view. Was that an essential part of the fix? Because it's not in attachment 5348 [details] but it is in the version that landed.
You're right about WebBaseNetscapePluginView -- it *is* a view. However, I don't think its semantics are the same as a WebKit PlugIn view. In particular, it doesn't seem to get stopped/dealloc'd like WebKit PlugIn views do when setView is called on the part. That seems to be the key. Changing the order of cleanupPluginRootObjects and deref was intentional, but not essential. I did it when landing the patch. (Because it was minor, I didn't think it needed an extra review.) My thinking was that, technically, it's possible to interact with the PlugIn view up until the point it's dealloc'd. So, even though it's bad style, if something in deref or dealloc wants to make a PlugIn-JavaScript or JavaScript-PlugIn call, we should allow it. Only after we've actually dealloc'd the PlugIn do we need to prohibit calls. Anyway, as per my comment above, I'm pretty sure that's not the cause of this bug. The crash occurs because the PlugIn calls into JavaScript after cleanupPluginRootObjects() has been called. It doesn't seem possible that my moving the cleanupPluginRootObjects() to later in the code would have caused that.
*** Bug 6329 has been marked as a duplicate of this bug. ***
Try going to www.43places.com and searching for South Shields as a place. You get an immediate crash. I tried rolling back to builds from 12-28 based on this comment: This happened sometime between WebKit-CVS-2005-12-29 08-23-13 GMT.dmg and WebKit-CVS-2005-12-29 11-59-10 GMT.dmg But it seems to make no difference. S.
(In reply to comment #8) > I tried rolling back to builds from 12-28 based on this comment: That's really surprising. This crash is almost certainly caused by a patch landed on 12-29.
I know, I tested with 12-27 and it breaks. Here is the lastest crashdump: Date/Time: 2006-01-02 00:08:03.352 -0800 OS Version: 10.4.3 (Build 8F46) Report Version: 3 Command: Safari Path: /Applications/Safari.app/Contents/MacOS/Safari Parent: WindowServer [89] Version: 2.0.2 (416.13) Build Version: 1 Project Name: WebBrowser Source Version: 4161300 PID: 18153 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x0005d4cf Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x00177288 KXMLCore::TCMalloc_ThreadCache_FreeList::Push(void*) + 12 1 com.apple.JavaScriptCore 0x0015e6e0 KXMLCore::fastMalloc(unsigned long) + 740 2 com.apple.WebCore 0x01277ce0 QValueList<DOM::CSSProperty>::append (DOM::CSSProperty const&) + 36 3 com.apple.WebCore 0x010751fc DOM::CSSMutableStyleDeclarationImpl::CSSMutableStyleDeclarationImpl[in-charge](DOM::CSSRuleImpl*, DOM::CSSProperty const* const*, int) + 104 4 com.apple.WebCore 0x01077b14 DOM::CSSParser::createStyleDeclaration (DOM::CSSStyleRuleImpl*) + 52 5 com.apple.WebCore 0x0100b050 cssyyparse(void*) + 2688 6 com.apple.WebCore 0x0107869c DOM::CSSParser::parseSheet(DOM::CSSStyleSheetImpl*, DOM::DOMString const&) + 96 7 com.apple.WebCore 0x0106e3d8 DOM::CSSStyleSheetImpl::parseString(DOM::DOMString const&, bool) + 64 8 com.apple.WebCore 0x010dcb10 DOM::HTMLLinkElementImpl::setStyleSheet (DOM::DOMString const&, DOM::DOMString const&) + 224 9 com.apple.WebCore 0x010dc674 DOM::HTMLLinkElementImpl::process() + 688 10 com.apple.WebCore 0x01148660 DOM::ContainerNodeImpl::addChild(DOM::NodeImpl*) + 216 11 com.apple.WebCore 0x010f02f0 HTMLParser::insertNode(DOM::NodeImpl*, bool) + 164 12 com.apple.WebCore 0x010f1bb0 HTMLParser::parseToken(khtml::Token*) + 628 13 com.apple.WebCore 0x010f2860 khtml::HTMLTokenizer::processToken() + 324 14 com.apple.WebCore 0x010f5704 khtml::HTMLTokenizer::parseTag(khtml::TokenizerString&, khtml::HTMLTokenizer::State) + 3700 15 com.apple.WebCore 0x010f5d90 khtml::HTMLTokenizer::write(khtml::TokenizerString const&, bool) + 868 16 com.apple.WebCore 0x01061aec KHTMLPart::write(char const*, int) + 516 17 com.apple.WebKit 0x0032ee94 -[WebDataSource(WebPrivate) _commitLoadWithData:] + 92 18 com.apple.WebKit 0x0034d6ec -[WebMainResourceLoader addData:] + 84 19 com.apple.WebKit 0x0032b2e4 -[WebLoader didReceiveData:lengthReceived:] + 64 20 com.apple.WebKit 0x0034e0e0 -[WebMainResourceLoader didReceiveData:lengthReceived:] + 136 21 com.apple.WebKit 0x0032b7e4 -[WebLoader connection:didReceiveData:lengthReceived:] + 56 22 com.apple.Foundation 0x92910a64 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564 23 com.apple.Foundation 0x9290ef04 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 488 24 com.apple.Foundation 0x9290eca0 _sendCallbacks + 156 25 com.apple.CoreFoundation 0x9075da68 __CFRunLoopDoSources0 + 384 26 com.apple.CoreFoundation 0x9075cf98 __CFRunLoopRun + 452 27 com.apple.CoreFoundation 0x9075ca18 CFRunLoopRunSpecific + 268 28 com.apple.HIToolbox 0x931861e0 RunCurrentEventLoopInMode + 264 29 com.apple.HIToolbox 0x93185874 ReceiveNextEventCommon + 380 30 com.apple.HIToolbox 0x931856e0 BlockUntilNextEventMatchingListInMode + 96 31 com.apple.AppKit 0x93684904 _DPSNextEvent + 384 32 com.apple.AppKit 0x936845c8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 33 com.apple.Safari 0x00007910 0x1000 + 26896 34 com.apple.AppKit 0x93680b0c -[NSApplication run] + 472 35 com.apple.AppKit 0x93771618 NSApplicationMain + 452 36 com.apple.Safari 0x0000307c 0x1000 + 8316 37 com.apple.Safari 0x00057758 0x1000 + 354136 Thread 1: 0 libSystem.B.dylib 0x9000b208 mach_msg_trap + 8 1 libSystem.B.dylib 0x9000b15c mach_msg + 60 2 com.apple.CoreFoundation 0x9075d114 __CFRunLoopRun + 832 3 com.apple.CoreFoundation 0x9075ca18 CFRunLoopRunSpecific + 268 4 com.apple.Foundation 0x928ed664 -[NSRunLoop runMode:beforeDate:] + 172 5 com.apple.Foundation 0x928ed59c -[NSRunLoop run] + 76 6 com.apple.WebKit 0x0036529c +[WebFileDatabase _syncLoop:] + 172 7 com.apple.Foundation 0x928de6d4 forkThreadForFunction + 108 8 libSystem.B.dylib 0x9002b200 _pthread_body + 96 Thread 2: 0 libSystem.B.dylib 0x9000b208 mach_msg_trap + 8 1 libSystem.B.dylib 0x9000b15c mach_msg + 60 2 com.apple.CoreFoundation 0x9075d114 __CFRunLoopRun + 832 3 com.apple.CoreFoundation 0x9075ca18 CFRunLoopRunSpecific + 268 4 com.apple.Foundation 0x92905b9c +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 264 5 com.apple.Foundation 0x928de6d4 forkThreadForFunction + 108 6 libSystem.B.dylib 0x9002b200 _pthread_body + 96 Thread 3: 0 libSystem.B.dylib 0x9000b208 mach_msg_trap + 8 1 libSystem.B.dylib 0x9000b15c mach_msg + 60 2 com.apple.CoreFoundation 0x9075d114 __CFRunLoopRun + 832 3 com.apple.CoreFoundation 0x9075ca18 CFRunLoopRunSpecific + 268 4 com.apple.Foundation 0x92906cdc +[NSURLCache _diskCacheSyncLoop:] + 152 5 com.apple.Foundation 0x928de6d4 forkThreadForFunction + 108 6 libSystem.B.dylib 0x9002b200 _pthread_body + 96 Thread 4: 0 libSystem.B.dylib 0x9001f20c select + 12 1 com.apple.CoreFoundation 0x9076f9a8 __CFSocketManager + 472 2 libSystem.B.dylib 0x9002b200 _pthread_body + 96 Thread 5: 0 libSystem.B.dylib 0x9002b8a8 semaphore_wait_signal_trap + 8 1 libSystem.B.dylib 0x9003001c pthread_cond_wait + 488 2 com.apple.Foundation 0x928e5840 -[NSConditionLock lockWhenCondition:] + 68 3 com.apple.Syndication 0x9b00d9ec -[AsyncDB _run:] + 192 4 com.apple.Foundation 0x928de6d4 forkThreadForFunction + 108 5 libSystem.B.dylib 0x9002b200 _pthread_body + 96 Thread 6: 0 libSystem.B.dylib 0x9000b208 mach_msg_trap + 8 1 libSystem.B.dylib 0x9000b15c mach_msg + 60 2 com.apple.CoreFoundation 0x9075d114 __CFRunLoopRun + 832 3 com.apple.CoreFoundation 0x9075ca18 CFRunLoopRunSpecific + 268 4 com.apple.Foundation 0x928ed664 -[NSRunLoop runMode:beforeDate:] + 172 5 com.apple.Foundation 0x928ed59c -[NSRunLoop run] + 76 6 com.apple.Safari 0x000362f4 0x1000 + 217844 7 com.apple.Foundation 0x928de6d4 forkThreadForFunction + 108 8 libSystem.B.dylib 0x9002b200 _pthread_body + 96 Thread 0 crashed with PPC Thread State 64: srr0: 0x0000000000177288 srr1: 0x000000000200f030 vrsave: 0x0000000000000000 cr: 0x24024248 xer: 0x0000000000000007 lr: 0x000000000015e6e0 ctr: 0x000000000015e3fc r0: 0x0000000005d4cf2f r1: 0x00000000bfffcbc0 r2: 0x0000000000000011 r3: 0x0000000000426024 r4: 0x000000000005d4cf r5: 0x0000000005ed3070 r6: 0x0000000000000002 r7: 0x00000000bfffceb0 r8: 0x0000000000000037 r9: 0x000000000019e408 r10: 0x0000000001277340 r11: 0x00000000012b514c r12: 0x000000000015e3fc r13: 0x00000000bfffd064 r14: 0x00000000bfffd034 r15: 0x00000000bfffcf44 r16: 0x000000000019e408 r17: 0x00000000001a034c r18: 0x000000000019bd14 r19: 0x00000000bfffcbfc r20: 0x0000000000000000 r21: 0x0000000000000010 r22: 0x0000000000000190 r23: 0x000000000019d9ac r24: 0x0000000000000018 r25: 0x00000000bfffd078 r26: 0x0000000000426024 r27: 0x000000000019d98c r28: 0x0000000000426000 r29: 0x000000000005d4cf r30: 0x000000000041e930 r31: 0x000000000015e408 Binary Images Description: 0x1000 - 0xdafff com.apple.Safari 2.0.2 (416.13) /Applications/Safari.app/Contents/MacOS/ Safari 0x106000 - 0x17afff com.apple.JavaScriptCore 420+ /Applications/WebKit.app/Contents/ Resources/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x305000 - 0x39efff com.apple.WebKit 420+ /Applications/WebKit.app/Contents/Resources/ WebKit.framework/Versions/A/WebKit 0x7e7000 - 0x7e7fff org.xlife.InquisitorLoader 2.1.1 (1.0) /Users/shawnsmith/Library/ InputManagers/Inquisitor/Inquisitor.bundle/Contents/MacOS/Inquisitor 0x1008000 - 0x12b3fff com.apple.WebCore 420+ /Applications/WebKit.app/Contents/Resources/ WebCore.framework/Versions/A/WebCore 0x14cc000 - 0x14e4fff org.xlife.InquisitorCore 2.1.1 (1.0) /Users/shawnsmith/Library/ InputManagers/Inquisitor/Inquisitor.bundle/Contents/Resources/InquisitorCore.bundle/Contents/ MacOS/InquisitorCore 0x61f7000 - 0x63e7fff com.macromedia.Flash Player.plugin 8.0.22 (1.0.1f22) /Library/Internet Plug-Ins/Flash Player.plugin/Contents/MacOS/Flash Player 0x8fe00000 - 0x8fe54fff dyld 44.2 /usr/lib/dyld 0x90000000 - 0x901b3fff libSystem.B.dylib /usr/lib/libSystem.B.dylib 0x9020b000 - 0x9020ffff libmathCommon.A.dylib /usr/lib/system/libmathCommon.A.dylib 0x90211000 - 0x90264fff com.apple.CoreText 1.0.1 (???) /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x90291000 - 0x90342fff ATS /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x90371000 - 0x906aefff com.apple.CoreGraphics 1.256.27 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ CoreGraphics.framework/Versions/A/CoreGraphics 0x9073a000 - 0x90813fff com.apple.CoreFoundation 6.4.4 (368.25) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x9085c000 - 0x9085cfff com.apple.CoreServices 10.4 (???) /System/Library/Frameworks/ CoreServices.framework/Versions/A/CoreServices 0x9085e000 - 0x90960fff libicucore.A.dylib /usr/lib/libicucore.A.dylib 0x909ba000 - 0x90a3efff libobjc.A.dylib /usr/lib/libobjc.A.dylib 0x90a68000 - 0x90ad6fff com.apple.framework.IOKit 1.4 (???) /System/Library/Frameworks/ IOKit.framework/Versions/A/IOKit 0x90aed000 - 0x90afffff libauto.dylib /usr/lib/libauto.dylib 0x90b06000 - 0x90dddfff com.apple.CoreServices.CarbonCore 671.2 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/ CarbonCore.framework/Versions/A/CarbonCore 0x90e43000 - 0x90ec3fff com.apple.CoreServices.OSServices 4.1 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/ OSServices.framework/Versions/A/OSServices 0x90f0d000 - 0x90f4efff com.apple.CFNetwork 10.4.3 (129.2) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/ CFNetwork.framework/Versions/A/CFNetwork 0x90f63000 - 0x90f7bfff com.apple.WebServices 1.1.2 (1.1.0) /System/Library/Frameworks/ CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/ WebServicesCore 0x90f8b000 - 0x9100cfff com.apple.SearchKit 1.0.4 /System/Library/Frameworks/ CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x91052000 - 0x9107bfff com.apple.Metadata 10.4.3 (121.20.2) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/ Metadata.framework/Versions/A/Metadata 0x9108c000 - 0x9109afff libz.1.dylib /usr/lib/libz.1.dylib 0x9109d000 - 0x9125ffff com.apple.security 4.2 (24844) /System/Library/Frameworks/ Security.framework/Versions/A/Security 0x91362000 - 0x9136bfff com.apple.DiskArbitration 2.1 /System/Library/Frameworks/ DiskArbitration.framework/Versions/A/DiskArbitration 0x91372000 - 0x91399fff com.apple.SystemConfiguration 1.8.1 /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x913ac000 - 0x913b4fff libgcc_s.1.dylib /usr/lib/libgcc_s.1.dylib 0x913b9000 - 0x913d9fff libmx.A.dylib /usr/lib/libmx.A.dylib 0x913df000 - 0x913e7fff libbsm.dylib /usr/lib/libbsm.dylib 0x913eb000 - 0x91469fff com.apple.audio.CoreAudio 3.0.1 /System/Library/Frameworks/ CoreAudio.framework/Versions/A/CoreAudio 0x914a7000 - 0x914a7fff com.apple.ApplicationServices 10.4 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x914a9000 - 0x914e1fff com.apple.AE 1.5 (297) /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x914fc000 - 0x915c9fff com.apple.ColorSync 4.4.3 /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x9161e000 - 0x916b1fff com.apple.print.framework.PrintCore 4.3 (172.3) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ PrintCore.framework/Versions/A/PrintCore 0x916f8000 - 0x917b5fff com.apple.QD 3.8.18 (???) /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x917f3000 - 0x91851fff com.apple.HIServices 1.5.1 (???) /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x9187f000 - 0x918a3fff com.apple.LangAnalysis 1.6.1 /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/ LangAnalysis 0x918b7000 - 0x918dcfff com.apple.FindByContent 1.5 /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/ FindByContent 0x918ef000 - 0x91931fff com.apple.LaunchServices 10.4.5 (168) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ LaunchServices.framework/Versions/A/LaunchServices 0x9194d000 - 0x91961fff com.apple.speech.synthesis.framework 3.3 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x9196f000 - 0x919a8fff com.apple.ImageIO.framework 1.4.3 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/ImageIO 0x919bd000 - 0x91a85fff libcrypto.0.9.7.dylib /usr/lib/libcrypto.0.9.7.dylib 0x91ad3000 - 0x91ae8fff libcups.2.dylib /usr/lib/libcups.2.dylib 0x91aed000 - 0x91b09fff libJPEG.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x91b0e000 - 0x91b7dfff libJP2.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib 0x91b94000 - 0x91b98fff libGIF.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x91b9a000 - 0x91bcbfff libRaw.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib 0x91bcf000 - 0x91c12fff libTIFF.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x91c19000 - 0x91c32fff libPng.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x91c37000 - 0x91c3afff libRadiance.dylib /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/ libRadiance.dylib 0x91c3c000 - 0x91c3cfff com.apple.Accelerate 1.1.1 (Accelerate 1.1.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x91c3e000 - 0x91d28fff com.apple.vImage 2.0 /System/Library/Frameworks/ Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x91d30000 - 0x91d4ffff com.apple.Accelerate.vecLib 3.1.1 (vecLib 3.1.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/ Versions/A/vecLib 0x91dbb000 - 0x91e20fff libvMisc.dylib /System/Library/Frameworks/Accelerate.framework/ Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x91e2a000 - 0x91ebcfff libvDSP.dylib /System/Library/Frameworks/Accelerate.framework/ Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x91ed6000 - 0x92466fff libBLAS.dylib /System/Library/Frameworks/Accelerate.framework/ Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x924ae000 - 0x927befff libLAPACK.dylib /System/Library/Frameworks/Accelerate.framework/ Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x927eb000 - 0x92877fff com.apple.DesktopServices 1.3.1 /System/Library/PrivateFrameworks/ DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x928b9000 - 0x92ae3fff com.apple.Foundation 6.4.2 (567.21) /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x92c01000 - 0x92cdffff libxml2.2.dylib /usr/lib/libxml2.2.dylib 0x92cff000 - 0x92dedfff libiconv.2.dylib /usr/lib/libiconv.2.dylib 0x92dff000 - 0x92e1dfff libGL.dylib /System/Library/Frameworks/OpenGL.framework/Versions/ A/Libraries/libGL.dylib 0x92e28000 - 0x92e82fff libGLU.dylib /System/Library/Frameworks/OpenGL.framework/Versions/ A/Libraries/libGLU.dylib 0x92ea0000 - 0x92ea0fff com.apple.Carbon 10.4 (???) /System/Library/Frameworks/ Carbon.framework/Versions/A/Carbon 0x92ea2000 - 0x92eb6fff com.apple.ImageCapture 3.0 /System/Library/Frameworks/ Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x92ece000 - 0x92edefff com.apple.speech.recognition.framework 3.4 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ SpeechRecognition.framework/Versions/A/SpeechRecognition 0x92eea000 - 0x92efffff com.apple.securityhi 2.0 (203) /System/Library/Frameworks/ Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x92f11000 - 0x92f98fff com.apple.ink.framework 101.2 (69) /System/Library/Frameworks/ Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x92fac000 - 0x92fb7fff com.apple.help 1.0.3 (32) /System/Library/Frameworks/Carbon.framework/ Versions/A/Frameworks/Help.framework/Versions/A/Help 0x92fc1000 - 0x92feefff com.apple.openscripting 1.2.3 (???) /System/Library/Frameworks/ Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x93008000 - 0x93018fff com.apple.print.framework.Print 5.0 (190.1) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/ Versions/A/Print 0x93024000 - 0x9308afff com.apple.htmlrendering 1.1.2 /System/Library/Frameworks/ Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x930bb000 - 0x9310dfff com.apple.NavigationServices 3.4.2 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ NavigationServices.framework/Versions/A/NavigationServices 0x93139000 - 0x93156fff com.apple.audio.SoundManager 3.9 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ CarbonSound.framework/Versions/A/CarbonSound 0x93168000 - 0x93175fff com.apple.CommonPanels 1.2.2 (73) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ CommonPanels.framework/Versions/A/CommonPanels 0x9317e000 - 0x93490fff com.apple.HIToolbox 1.4.4 (???) /System/Library/Frameworks/ Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x935dc000 - 0x935e8fff com.apple.opengl 1.4.6 /System/Library/Frameworks/OpenGL.framework/ Versions/A/OpenGL 0x935ed000 - 0x9360efff com.apple.DirectoryService.Framework 3.0 /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x9367a000 - 0x9367afff com.apple.Cocoa 6.4 (???) /System/Library/Frameworks/ Cocoa.framework/Versions/A/Cocoa 0x9367c000 - 0x93caffff com.apple.AppKit 6.4.3 (824.23) /System/Library/Frameworks/ AppKit.framework/Versions/C/AppKit 0x9403b000 - 0x940aafff com.apple.CoreData 50 (77) /System/Library/Frameworks/ CoreData.framework/Versions/A/CoreData 0x940e3000 - 0x941adfff com.apple.audio.toolbox.AudioToolbox 1.4.1 /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x94201000 - 0x94201fff com.apple.audio.units.AudioUnit 1.4 /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x94203000 - 0x9437bfff com.apple.QuartzCore 1.4.3 /System/Library/Frameworks/ QuartzCore.framework/Versions/A/QuartzCore 0x943c5000 - 0x94402fff libsqlite3.0.dylib /usr/lib/libsqlite3.0.dylib 0x9440a000 - 0x9445afff libGLImage.dylib /System/Library/Frameworks/OpenGL.framework/ Versions/A/Libraries/libGLImage.dylib 0x944e9000 - 0x94521fff com.apple.vmutils 4.0.0 (85) /System/Library/PrivateFrameworks/ vmutils.framework/Versions/A/vmutils 0x94564000 - 0x94580fff com.apple.securityfoundation 2.1 (24988) /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x94594000 - 0x945d8fff com.apple.securityinterface 2.1 (24981) /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x945fc000 - 0x9460bfff libCGATS.A.dylib /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/ Resources/libCGATS.A.dylib 0x94613000 - 0x9461ffff libCSync.A.dylib /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/ Resources/libCSync.A.dylib 0x94664000 - 0x9467cfff libRIP.A.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x94683000 - 0x948edfff com.apple.QuickTime 7.0.3 /System/Library/Frameworks/ QuickTime.framework/Versions/A/QuickTime 0x94ac4000 - 0x94bf2fff com.apple.AddressBook.framework 4.0.3 (483) /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x94c84000 - 0x94c93fff com.apple.DSObjCWrappers.Framework 1.1 /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x94c9b000 - 0x94cc8fff com.apple.LDAPFramework 1.4.1 (69.0.1) /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x94ccf000 - 0x94cdffff libsasl2.2.dylib /usr/lib/libsasl2.2.dylib 0x94ce3000 - 0x94d12fff libssl.0.9.7.dylib /usr/lib/libssl.0.9.7.dylib 0x94d22000 - 0x94d3ffff libresolv.9.dylib /usr/lib/libresolv.9.dylib 0x954ac000 - 0x9552ffff libstdc++.6.dylib /usr/lib/libstdc++.6.dylib 0x96083000 - 0x960acfff libxslt.1.dylib /usr/lib/libxslt.1.dylib 0x97bee000 - 0x97bfbfff com.apple.agl 2.5.6 (AGL-2.5.6) /System/Library/Frameworks/ AGL.framework/Versions/A/AGL 0x9b00b000 - 0x9b03efff com.apple.Syndication 1.0.2 (42) /System/Library/PrivateFrameworks/ Syndication.framework/Versions/A/Syndication 0x9b05a000 - 0x9b06afff com.apple.SyndicationUI 1.0.2 (42) /System/Library/PrivateFrameworks/ SyndicationUI.framework/Versions/A/SyndicationUI Model: PowerBook6,5, BootROM 4.8.5f0, 1 processors, PowerPC G4 (1.1), 1.2 GHz, 1.25 GB Graphics: ATI Mobility Radeon 9200, ATY,RV280M9+, AGP, 32 MB Memory Module: DIMM0/BUILT-IN, 256 MB, built-in, built-in Memory Module: DIMM1/J31, 1 GB, DDR SDRAM, PC2100U-25330 AirPort: AirPort Extreme, 404.2 (3.90.34.0.p16) Modem: Jump, , V.92, Version 1.0, Bluetooth: Version 1.6.6f22, 2 service, 1 devices, 1 incoming serial ports Network Service: AirPort, AirPort, en1 Parallel ATA Device: MATSHITADVD-R UJ-825, Parallel ATA Device: FUJITSU MHT2060AT, 55.89 GB USB Device: Hub, , Up to 480 Mb/sec, 500 mA USB Device: Bluetooth HCI, , Up to 12 Mb/sec, 500 mA USB Device: Microsoft Wireless Optical Mouse® 1.0A, Microsoft, Up to 1.5 Mb/sec, 500 mA USB Device: MP760, Canon, Up to 480 Mb/sec, 500 mA USB Device: OneTouch II, Maxtor, Up to 480 Mb/sec, 500 mA
(In reply to comment #10) > I know, I tested with 12-27 and it breaks. > > Here is the lastest crashdump: That crash trace is very different, probably worthy of a different bug report. Are the steps to reproduce the same?
Agreed, creating new bug with multiple crash dumps and I narrowed it down to the build where the issue began.
Created attachment 5452 [details] Fix This is a really bad regression, so I'd like to patch it up now without a layout test. I have an automated test framework in the works for plugins, but I don't have an ETA for it. Maybe the end of the week.
Comment on attachment 5452 [details] Fix Looks good. r=me.
Landed.
Removing keyword(s) since bug is fixed.
Removing Regression keyword from bugs already fixed.