9962 – REGRESSION: Reproducible crash at Blender site

Bug 9962 - REGRESSION: Reproducible crash at Blender site

Summary: REGRESSION: Reproducible crash at Blender site

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Frames (show other bugs)
Version:	420+
Hardware:	Mac OS X 10.4

Importance:	P1 Critical
Assignee:	Nobody

URL:	http://www.blendernation.com/about/
Keywords:	InRadar, NeedsReduction, Regression

Depends on:
Blocks:

Reported:	2006-07-16 15:33 PDT by Mark
Modified:	2006-11-06 18:40 PST (History)
CC List:	4 users (show)

See Also:

Attachments
Activity window for r14663 (6 items) (39.80 KB, image/png) 2006-07-16 17:48 PDT, David Kilzer (:ddkilzer)	no flags	Details
Activity window for r14671 (23 items) (120.48 KB, image/png) 2006-07-16 17:49 PDT, David Kilzer (:ddkilzer)	no flags	Details
Patch v1 (no layout tests) (7.74 KB, patch) 2006-07-16 21:31 PDT, David Kilzer (:ddkilzer)	ddkilzer: review-	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mark 2006-07-16 15:33:09 PDT

Can load the home/news site:  http://www.blendernation.com/

but if click the link for "about"  http://www.blendernation.com/about/  it crashes ...even after emptying cache.

(Safari stable and Firefox 2b1 load page well.)



Crash Report:

Date/Time:      2006-07-16 17:17:49.115 -0400
OS Version:     10.4.7 (Build 8J135)
Report Version: 4

Command: Safari
Path:    /Applications/Safari.app/Contents/MacOS/Safari
Parent:  WindowServer [56]

Version: ??? (15467)

PID:    415
Thread: 0

Exception:  EXC_BAD_INSTRUCTION (0x0002)
Code[0]:    0x00000002
Code[1]:    0x016fac78


Thread 0 Crashed:
0   <<00000000>> 	0x016fac78 0 + 24095864
1   com.apple.WebCore        	0x0124c2dc WebCore::EventTargetNode::dispatchWindowEvent(WebCore::AtomicString const&, bool, bool) + 172
2   com.apple.WebCore        	0x010d0c08 WebCore::Frame::stopLoading(bool) + 200
3   com.apple.WebCore        	0x010d0e58 WebCore::Frame::closeURL() + 56
4   com.apple.WebKit         	0x00324e94 -[WebFrameBridge closeURL] + 84
5   com.apple.WebKit         	0x0032f340 -[WebFrame(WebPrivate) _transitionToCommitted:] + 336
6   com.apple.WebKit         	0x0032f9a4 -[WebFrame(WebPrivate) _commitProvisionalLoad:] + 260
7   com.apple.WebKit         	0x00329d18 -[WebDataSource(WebPrivate) _commitLoadWithData:] + 56
8   com.apple.WebKit         	0x0034b004 -[WebMainResourceLoader addData:] + 84
9   com.apple.WebKit         	0x00327250 -[WebLoader didReceiveData:lengthReceived:] + 64
10  com.apple.WebKit         	0x0034b978 -[WebMainResourceLoader didReceiveData:lengthReceived:] + 120
11  com.apple.WebKit         	0x00327698 -[WebLoader connection:didReceiveData:lengthReceived:] + 56
12  com.apple.Foundation     	0x929725d4 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564
13  com.apple.Foundation     	0x92970a74 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 488
14  com.apple.Foundation     	0x92970810 _sendCallbacks + 156
15  com.apple.CoreFoundation 	0x907dc4cc __CFRunLoopDoSources0 + 384
16  com.apple.CoreFoundation 	0x907db9fc __CFRunLoopRun + 452
17  com.apple.CoreFoundation 	0x907db47c CFRunLoopRunSpecific + 268
18  com.apple.HIToolbox      	0x931e6740 RunCurrentEventLoopInMode + 264
19  com.apple.HIToolbox      	0x931e5dd4 ReceiveNextEventCommon + 380
20  com.apple.HIToolbox      	0x931e5c40 BlockUntilNextEventMatchingListInMode + 96
21  com.apple.AppKit         	0x936c8ae4 _DPSNextEvent + 384
22  com.apple.AppKit         	0x936c87a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
23  com.apple.Safari         	0x00006740 0x1000 + 22336
24  com.apple.AppKit         	0x936c4cec -[NSApplication run] + 472
25  com.apple.AppKit         	0x937b587c NSApplicationMain + 452
26  com.apple.Safari         	0x0005c77c 0x1000 + 374652
27  com.apple.Safari         	0x0005c624 0x1000 + 374308

Thread 1:
0   libSystem.B.dylib        	0x9000b268 mach_msg_trap + 8
1   libSystem.B.dylib        	0x9000b1bc mach_msg + 60
2   com.apple.CoreFoundation 	0x907dbb78 __CFRunLoopRun + 832
3   com.apple.CoreFoundation 	0x907db47c CFRunLoopRunSpecific + 268
4   com.apple.Foundation     	0x9294f164 -[NSRunLoop runMode:beforeDate:] + 172
5   com.apple.Foundation     	0x9294f09c -[NSRunLoop run] + 76
6   com.apple.WebKit         	0x00365c14 +[WebFileDatabase _syncLoop:] + 180
7   com.apple.Foundation     	0x92940194 forkThreadForFunction + 108
8   libSystem.B.dylib        	0x9002bc28 _pthread_body + 96

Thread 2:
0   libSystem.B.dylib        	0x9000b268 mach_msg_trap + 8
1   libSystem.B.dylib        	0x9000b1bc mach_msg + 60
2   com.apple.CoreFoundation 	0x907dbb78 __CFRunLoopRun + 832
3   com.apple.CoreFoundation 	0x907db47c CFRunLoopRunSpecific + 268
4   com.apple.Foundation     	0x9296769c +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 264
5   com.apple.Foundation     	0x92940194 forkThreadForFunction + 108
6   libSystem.B.dylib        	0x9002bc28 _pthread_body + 96

Thread 3:
0   libSystem.B.dylib        	0x9000b268 mach_msg_trap + 8
1   libSystem.B.dylib        	0x9000b1bc mach_msg + 60
2   com.apple.CoreFoundation 	0x907dbb78 __CFRunLoopRun + 832
3   com.apple.CoreFoundation 	0x907db47c CFRunLoopRunSpecific + 268
4   com.apple.Foundation     	0x929687dc +[NSURLCache _diskCacheSyncLoop:] + 152
5   com.apple.Foundation     	0x92940194 forkThreadForFunction + 108
6   libSystem.B.dylib        	0x9002bc28 _pthread_body + 96

Thread 4:
0   libSystem.B.dylib        	0x9002c2e8 semaphore_wait_signal_trap + 8
1   libSystem.B.dylib        	0x90030dcc pthread_cond_wait + 480
2   com.apple.Foundation     	0x92947300 -[NSConditionLock lockWhenCondition:] + 68
3   com.apple.Syndication    	0x9a42c42c -[AsyncDB _run:] + 192
4   com.apple.Foundation     	0x92940194 forkThreadForFunction + 108
5   libSystem.B.dylib        	0x9002bc28 _pthread_body + 96

Thread 5:
0   libSystem.B.dylib        	0x9002c2e8 semaphore_wait_signal_trap + 8
1   libSystem.B.dylib        	0x90030dcc pthread_cond_wait + 480
2   com.apple.Foundation     	0x92947300 -[NSConditionLock lockWhenCondition:] + 68
3   com.apple.AppKit         	0x93765708 -[NSUIHeartBeat _heartBeatThread:] + 324
4   com.apple.Foundation     	0x92940194 forkThreadForFunction + 108
5   libSystem.B.dylib        	0x9002bc28 _pthread_body + 96

Thread 6:
0   libSystem.B.dylib        	0x9001f7ac select + 12
1   com.apple.CoreFoundation 	0x907ee40c __CFSocketManager + 472
2   libSystem.B.dylib        	0x9002bc28 _pthread_body + 96

Thread 7:
0   libSystem.B.dylib        	0x9000b268 mach_msg_trap + 8
1   libSystem.B.dylib        	0x9000b1bc mach_msg + 60
2   com.apple.CoreFoundation 	0x907dbb78 __CFRunLoopRun + 832
3   com.apple.CoreFoundation 	0x907db47c CFRunLoopRunSpecific + 268
4   com.apple.Foundation     	0x9294f164 -[NSRunLoop runMode:beforeDate:] + 172
5   com.apple.Foundation     	0x9294f09c -[NSRunLoop run] + 76
6   com.apple.Safari         	0x0003d5f0 0x1000 + 247280
7   com.apple.Foundation     	0x92940194 forkThreadForFunction + 108
8   libSystem.B.dylib        	0x9002bc28 _pthread_body + 96

Thread 0 crashed with PPC Thread State 64:
  srr0: 0x00000000016fac78 srr1: 0x000000000208f030                        vrsave: 0x0000000000000000
    cr: 0x44044224          xer: 0x0000000000000007   lr: 0x00000000010f2524  ctr: 0x00000000016fac78
    r0: 0x00000000016fac78   r1: 0x00000000bfffe2c0   r2: 0x00000000016fac48   r3: 0x00000000016fac78
    r4: 0x000000000160b7a8   r5: 0x0000000000000001   r6: 0x00000000ffffffff   r7: 0x0000000001635dd4
    r8: 0x000000000000003f   r9: 0x0000000000000000  r10: 0x0000000000177f98  r11: 0x00000000a00061ec
   r12: 0x00000000016fac78  r13: 0x0000000000000000  r14: 0x0000000000000001  r15: 0x0000000000000001
   r16: 0x0000000000000000  r17: 0x0000000000000000  r18: 0x000000000000726f  r19: 0x0000000000000000
   r20: 0x000000001d034e42  r21: 0x0000000003fc1190  r22: 0x0000000000000000  r23: 0x0000000000000000
   r24: 0x000000000462dca0  r25: 0x00000000003af1f0  r26: 0x0000000000000000  r27: 0x000000000163c7c0
   r28: 0x0000000000000000  r29: 0x00000000bfffe308  r30: 0x000000000160b7a8  r31: 0x000000000124c244

Binary Images Description:
    0x1000 -    0xdcfff com.apple.Safari 2.0.4 (419.3)	/Applications/Safari.app/Contents/MacOS/Safari
  0x109000 -   0x10afff WebKitNightlyEnabler.dylib 	/Applications/WebKit.app/Contents/Resources/WebKitNightlyEnabler.dylib
  0x10e000 -   0x19cfff com.apple.JavaScriptCore 420+	/Applications/WebKit.app/Contents/Resources/JavaScriptCore.framework/Versions/A/JavaScriptCore
  0x305000 -   0x3a6fff com.apple.WebKit 420+	/Applications/WebKit.app/Contents/Resources/WebKit.framework/Versions/A/WebKit
 0x1008000 -  0x1407fff com.apple.WebCore 420+	/Applications/WebKit.app/Contents/Resources/WebCore.framework/Versions/A/WebCore
 0x6198000 -  0x61b5fff com.stclairsoft.DefaultFolderX Version 2.0.4 (2.0.4)	/Library/PreferencePanes/Default Folder X.prefPane/Contents/Resources/Default Folder X.bundle/Contents/Resources/Mach-O Patcher.bundle/Contents/MacOS/Mach-O Patcher
 0x61cd000 -  0x61e3fff com.stclairsoft.DefaultFolderX Version 2.0.4 (2.0.4)	/Library/PreferencePanes/Default Folder X.prefPane/Contents/Resources/Default Folder X.bundle/Contents/Resources/Cocoa Patcher.bundle/Contents/MacOS/Cocoa Patcher
0x8fe00000 - 0x8fe52fff dyld 45.1	/usr/lib/dyld
0x90000000 - 0x901bbfff libSystem.B.dylib 	/usr/lib/libSystem.B.dylib
0x90213000 - 0x90218fff libmathCommon.A.dylib 	/usr/lib/system/libmathCommon.A.dylib
0x9021a000 - 0x90267fff com.apple.CoreText 1.0.2 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText
0x90292000 - 0x90343fff ATS 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS
0x90372000 - 0x9072cfff com.apple.CoreGraphics 1.258.33 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
0x907b9000 - 0x90892fff com.apple.CoreFoundation 6.4.6 (368.27)	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x908db000 - 0x908dbfff com.apple.CoreServices 10.4 (???)	/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
0x908dd000 - 0x909dffff libicucore.A.dylib 	/usr/lib/libicucore.A.dylib
0x90a39000 - 0x90abdfff libobjc.A.dylib 	/usr/lib/libobjc.A.dylib
0x90ae7000 - 0x90b57fff com.apple.framework.IOKit 1.4 (???)	/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x90b6d000 - 0x90b7ffff libauto.dylib 	/usr/lib/libauto.dylib
0x90b86000 - 0x90e5dfff com.apple.CoreServices.CarbonCore 681.4	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore
0x90ec3000 - 0x90f43fff com.apple.CoreServices.OSServices 4.1	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices
0x90f8d000 - 0x90fcefff com.apple.CFNetwork 129.16	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
0x90fe3000 - 0x90ffbfff com.apple.WebServices 1.1.2 (1.1.0)	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/WebServicesCore
0x9100b000 - 0x9108cfff com.apple.SearchKit 1.0.5	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit
0x910d2000 - 0x910fbfff com.apple.Metadata 10.4.4 (121.36)	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata
0x9110c000 - 0x9111afff libz.1.dylib 	/usr/lib/libz.1.dylib
0x9111d000 - 0x912d7fff com.apple.security 4.4 (27566)	/System/Library/Frameworks/Security.framework/Versions/A/Security
0x913d5000 - 0x913defff com.apple.DiskArbitration 2.1	/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
0x913e5000 - 0x9140dfff com.apple.SystemConfiguration 1.8.3	/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
0x91420000 - 0x9142bfff libgcc_s.1.dylib 	/usr/lib/libgcc_s.1.dylib
0x91430000 - 0x91438fff libbsm.dylib 	/usr/lib/libbsm.dylib
0x9143c000 - 0x914b7fff com.apple.audio.CoreAudio 3.0.4	/System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
0x914f4000 - 0x914f4fff com.apple.ApplicationServices 10.4 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
0x914f6000 - 0x9152efff com.apple.AE 1.5 (297)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE
0x91549000 - 0x91616fff com.apple.ColorSync 4.4.4	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync
0x9166b000 - 0x916fcfff com.apple.print.framework.PrintCore 4.6 (177.13)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore
0x91743000 - 0x917fafff com.apple.QD 3.10.20 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD
0x91837000 - 0x91895fff com.apple.HIServices 1.5.3 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices
0x918c4000 - 0x918e5fff com.apple.LangAnalysis 1.6.1	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis
0x918f9000 - 0x9191efff com.apple.FindByContent 1.5	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/FindByContent
0x91931000 - 0x91973fff com.apple.LaunchServices 180	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices
0x9198f000 - 0x919a3fff com.apple.speech.synthesis.framework 3.3	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis
0x919b1000 - 0x919f1fff com.apple.ImageIO.framework 1.4.7	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO
0x91a07000 - 0x91acffff libcrypto.0.9.7.dylib 	/usr/lib/libcrypto.0.9.7.dylib
0x91b1d000 - 0x91b32fff libcups.2.dylib 	/usr/lib/libcups.2.dylib
0x91b37000 - 0x91b54fff libJPEG.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib
0x91b59000 - 0x91bc8fff libJP2.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib
0x91bdf000 - 0x91be3fff libGIF.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib
0x91be5000 - 0x91c2dfff libRaw.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib
0x91c32000 - 0x91c6ffff libTIFF.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib
0x91c76000 - 0x91c8ffff libPng.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
0x91c94000 - 0x91c97fff libRadiance.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib
0x91c99000 - 0x91c99fff com.apple.Accelerate 1.2.2 (Accelerate 1.2.2)	/System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
0x91c9b000 - 0x91d80fff com.apple.vImage 2.4	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage
0x91d88000 - 0x91da7fff com.apple.Accelerate.vecLib 3.2.2 (vecLib 3.2.2)	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib
0x91e13000 - 0x91e81fff libvMisc.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib
0x91e8c000 - 0x91f21fff libvDSP.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib
0x91f3b000 - 0x924c3fff libBLAS.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
0x924f6000 - 0x92821fff libLAPACK.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib
0x92851000 - 0x928d9fff com.apple.DesktopServices 1.3.4	/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv
0x9291a000 - 0x92b45fff com.apple.Foundation 6.4.6 (567.27)	/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x92c63000 - 0x92d41fff libxml2.2.dylib 	/usr/lib/libxml2.2.dylib
0x92d61000 - 0x92e4ffff libiconv.2.dylib 	/usr/lib/libiconv.2.dylib
0x92e61000 - 0x92e7ffff libGL.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
0x92e8a000 - 0x92ee4fff libGLU.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
0x92f02000 - 0x92f02fff com.apple.Carbon 10.4 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
0x92f04000 - 0x92f18fff com.apple.ImageCapture 3.0	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture
0x92f30000 - 0x92f40fff com.apple.speech.recognition.framework 3.4	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition
0x92f4c000 - 0x92f61fff com.apple.securityhi 2.0 (203)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI
0x92f73000 - 0x92ffafff com.apple.ink.framework 101.2 (69)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink
0x9300e000 - 0x93019fff com.apple.help 1.0.3 (32)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help
0x93023000 - 0x93050fff com.apple.openscripting 1.2.5 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting
0x9306a000 - 0x93079fff com.apple.print.framework.Print 5.2 (192.4)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print
0x93085000 - 0x930ebfff com.apple.htmlrendering 1.1.2	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering
0x9311c000 - 0x9316bfff com.apple.NavigationServices 3.4.4 (3.4.3)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices
0x93199000 - 0x931b6fff com.apple.audio.SoundManager 3.9	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound
0x931c8000 - 0x931d5fff com.apple.CommonPanels 1.2.2 (73)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels
0x931de000 - 0x934ebfff com.apple.HIToolbox 1.4.8 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox
0x9363a000 - 0x93646fff com.apple.opengl 1.4.7	/System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
0x9364b000 - 0x9366bfff com.apple.DirectoryService.Framework 3.1	/System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService
0x936be000 - 0x936befff com.apple.Cocoa 6.4 (???)	/System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa
0x936c0000 - 0x93cf3fff com.apple.AppKit 6.4.7 (824.41)	/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
0x94080000 - 0x940f0fff com.apple.CoreData 80	/System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
0x94129000 - 0x941ecfff com.apple.audio.toolbox.AudioToolbox 1.4.3	/System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
0x9423e000 - 0x9423efff com.apple.audio.units.AudioUnit 1.4	/System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
0x94240000 - 0x943f3fff com.apple.QuartzCore 1.4.8	/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
0x94446000 - 0x94483fff libsqlite3.0.dylib 	/usr/lib/libsqlite3.0.dylib
0x9448b000 - 0x944dbfff libGLImage.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib
0x9456b000 - 0x945a3fff com.apple.vmutils 4.0.0 (85)	/System/Library/PrivateFrameworks/vmutils.framework/Versions/A/vmutils
0x945e6000 - 0x94602fff com.apple.securityfoundation 2.2 (27710)	/System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation
0x94616000 - 0x9465afff com.apple.securityinterface 2.2 (27692)	/System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface
0x9467e000 - 0x9468dfff libCGATS.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib
0x94695000 - 0x946a2fff libCSync.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib
0x946e8000 - 0x94701fff libRIP.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib
0x94a80000 - 0x94af1fff libstdc++.6.dylib 	/usr/lib/libstdc++.6.dylib
0x94c8c000 - 0x94dbcfff com.apple.AddressBook.framework 4.0.4 (485.1)	/System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook
0x94e4e000 - 0x94e5dfff com.apple.DSObjCWrappers.Framework 1.1	/System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers
0x94e65000 - 0x94e92fff com.apple.LDAPFramework 1.4.1 (69.0.1)	/System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
0x94e99000 - 0x94ea9fff libsasl2.2.dylib 	/usr/lib/libsasl2.2.dylib
0x94ead000 - 0x94edcfff libssl.0.9.7.dylib 	/usr/lib/libssl.0.9.7.dylib
0x94eec000 - 0x94f09fff libresolv.9.dylib 	/usr/lib/libresolv.9.dylib
0x95c7b000 - 0x95ca4fff libxslt.1.dylib 	/usr/lib/libxslt.1.dylib
0x976c0000 - 0x976cdfff com.apple.agl 2.5.6 (AGL-2.5.6)	/System/Library/Frameworks/AGL.framework/Versions/A/AGL
0x9a429000 - 0x9a45ffff com.apple.Syndication 1.0.6 (54)	/System/Library/PrivateFrameworks/Syndication.framework/Versions/A/Syndication
0x9a47c000 - 0x9a48efff com.apple.SyndicationUI 1.0.6 (54)	/System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI

Comment 1 David Kilzer (:ddkilzer) 2006-07-16 16:28:09 PDT

Connfirmed on WebKit nightly download r15467.  Had to reload the about page a couple of times.

Can't get it to reproduce on a locally-built WebKit r15466 debug build yet.

Comment 2 David Kilzer (:ddkilzer) 2006-07-16 17:47:32 PDT

A binary search of WebKit nightlies points to the following:

       Crashes: r14671
Does not crash: r14663

Looking at the svn logs, r14668 is the only one that has changes to EventTargetNode.cpp.

More reproduction notes:

- The crash is always reproducible when hitting the reload button the first time, e.g., the second time the page is loaded.

- When the crash does NOT occur (r14663), there are 6 items loaded on the page in the Activity window.

- When the crash DOES occur (r14671), there are 23 items loaded on the page in the Activity window.

Comment 3 David Kilzer (:ddkilzer) 2006-07-16 17:48:33 PDT

Created attachment 9509 [details]
Activity window for r14663 (6 items)

Comment 4 David Kilzer (:ddkilzer) 2006-07-16 17:49:31 PDT

Created attachment 9510 [details]
Activity window for r14671 (23 items)

Comment 5 David Kilzer (:ddkilzer) 2006-07-16 19:09:05 PDT

(In reply to comment #2)
> Looking at the svn logs, r14668 is the only one that has changes
> to EventTargetNode.cpp.

Revision 14668 was committed for Bug 9212.  The same fix for that bug may apply here.

Comment 6 David Kilzer (:ddkilzer) 2006-07-16 21:31:59 PDT

Created attachment 9517 [details]
Patch v1 (no layout tests)

I took a page from the fix for Bug 9212 and implemented the same solution for m_windowEventListeners in WebCore::Document.  I have confirmed that this patch fixes the bug in a locally-built release build of r15467, but I may need help writing a layout test that reproduces the issue.

I expect this patch to get r- for no layout test, but I wanted to make sure the approach was correct.

Comment 7 Darin Adler 2006-07-16 21:36:08 PDT

Comment on attachment 9517 [details]
Patch v1 (no layout tests)

This might cause a reference cycle that causes a storage leak. The problem is that if the document holds a reference to the listener that the listener also may be holding a reference to the document, which will create a cycle. A listener can have arbitrary JavaScript, which in turn can have a scope with references to any JavaScript object, including the document.

Comment 8 Darin Adler 2006-07-16 21:37:12 PDT

(In reply to comment #6)
> I took a page from the fix for Bug 9212 and implemented the same solution for
> m_windowEventListeners in WebCore::Document.

That fix might have the same reference cycle problem!

Comment 9 David Kilzer (:ddkilzer) 2006-07-16 21:47:06 PDT

(In reply to comment #7)
> This might cause a reference cycle that causes a storage leak. The problem is
> that if the document holds a reference to the listener that the listener also
> may be holding a reference to the document, which will create a cycle. A
> listener can have arbitrary JavaScript, which in turn can have a scope with
> references to any JavaScript object, including the document.

Honestly, I don't have a complete understanding of the patch--I just saw a similar pattern fixed in Bug 9212, so I tried the same fix here.  It would probably be best if someone more knowledgeable finished the work.  :)

Comment 10 David Kilzer (:ddkilzer) 2006-07-17 12:04:12 PDT

(In reply to comment #9)
> Honestly, I don't have a complete understanding of the patch--I just saw a
> similar pattern fixed in Bug 9212, so I tried the same fix here.  It would
> probably be best if someone more knowledgeable finished the work.  :)

For the purposes of learning, though, how do you fix the reference cycle issue?  Do you break the cycle on removal?  In the listener's destructor?

Comment 11 Darin Adler 2006-07-17 12:09:27 PDT

(In reply to comment #10)
> For the purposes of learning, though, how do you fix the reference cycle issue?
>  Do you break the cycle on removal?  In the listener's destructor?

Rather than "breaking the cycle" we try to not have the cycle in the first place.

Typically what we do is create some kind of weak reference. There's no built-in weak reference mechanism, but there are lots of examples where we keep a pointer that the pointed-to object is aware of, then when it's torn down (or destroyed) it tells the object that's pointing to it that it's gone.

Comment 12 David Kilzer (:ddkilzer) 2006-07-18 11:08:27 PDT

Comment on attachment 9517 [details]
Patch v1 (no layout tests)

This won't go in due to leak concerns.

I'm tempted to look into it, but if it needs to be done faster, someone else should take this bug.  :)

Comment 13 Stephanie Lewis 2006-11-06 18:40:51 PST

radar 4611303.  Closed on 7/28/06