12061 2007-01-01 16:25:00 -0800 Crash in WebCore::Shared<WebCore::StringImpl>::deref 2007-01-01 17:59:04 -0800 1 1 1 Unclassified WebKit New Bugs 420+ Mac OS X 10.4 RESOLVED FIXED HasReduction P2 Major --- 1 mrowe webkit-unassigned oldest_to_newest 38379 0 mrowe 2007-01-01 16:25:00 -0800 <html> <head> <title>Test HTML Page</title> <style type="text/css"> dfn { content: "text"; content: initial; } </style> </head> <body> <dfn>dfn</dfn> </body> </html> Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_PROTECTION_FAILURE at address: 0x00000004 0x01485ef7 in WebCore::Shared<WebCore::StringImpl>::deref (this=0x0) at Shared.h:47 47 ASSERT(!m_inDestructor); (gdb) bt #0 0x01485ef7 in WebCore::Shared<WebCore::StringImpl>::deref (this=0x0) at Shared.h:47 #1 0x01192e27 in WebCore::ContentData::clearContent (this=0x1700f410) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderStyle.cpp:1183 #2 0x01192e75 in WebCore::ContentData::~ContentData (this=0x1700f410) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderStyle.cpp:1169 #3 0x011953b5 in WebCore::RenderStyle::arenaDelete (this=0x170aeffc, arena=0x170ada50) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderStyle.cpp:589 #4 0x014ad21f in WebCore::RenderStyle::deref (this=0x170aeffc, arena=0x170ada50) at RenderStyle.h:980 #5 0x012422c2 in WebCore::Element::recalcStyle (this=0x170cbc30, change=WebCore::Node::Force) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Element.cpp:609 #6 0x01242367 in WebCore::Element::recalcStyle (this=0x170a2850, change=WebCore::Node::Force) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Element.cpp:621 #7 0x01242367 in WebCore::Element::recalcStyle (this=0x170b1490, change=WebCore::Node::Force) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Element.cpp:621 #8 0x010f35f4 in WebCore::Document::recalcStyle (this=0x20e1800, change=WebCore::Node::Force) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Document.cpp:978 #9 0x010f9226 in WebCore::Document::updateStyleSelector (this=0x20e1800) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Document.cpp:1854 #10 0x010f9712 in WebCore::Document::setUserStyleSheet (this=0x20e1800, sheet=@0x1703ce10) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Document.cpp:1495 #11 0x010de3e6 in WebCore::Frame::setUserStyleSheet (this=0x29651f0, styleSheet=@0x1703ce10) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Frame.cpp:303 #12 0x014dc59f in WebCore::UserStyleSheetLoader::setCSSStyleSheet (this=0x1700f410, sheet=@0x1703ce10) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Frame.cpp:140 #13 0x011092a2 in WebCore::CachedCSSStyleSheet::checkNotify (this=0x1703cd20) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/CachedCSSStyleSheet.cpp:90 #14 0x01109403 in WebCore::CachedCSSStyleSheet::data (this=0x1703cd20, data=@0x1703eb90, allDataReceived=true) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/CachedCSSStyleSheet.cpp:80 #15 0x0110cd58 in WebCore::Loader::receivedAllData (this=0x1640bb8, loader=0x170dcf30, allData=0x170a7a50) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/loader.cpp:108 #16 0x0137c65c in WebCore::SubresourceLoader::didFinishLoading (this=0x170dcf30) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/SubresourceLoaderMac.mm:195 #17 0x0137859c in WebCore::ResourceLoader::didFinishLoading (this=0x170dcf30) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/ResourceLoaderMac.mm:446 #18 0x013878e3 in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] (self=0x170b4720, _cmd=0x90a9d160, con=0x2926a50) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/platform/network/mac/ResourceHandleMac.mm:295 #19 0x9265be00 in -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] () #20 0x92659ea5 in -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] () #21 0x92659b41 in _sendCallbacks () #22 0x90829379 in CFRunLoopRunSpecific () #23 0x90828eb5 in CFRunLoopRunInMode () #24 0x92dcdb90 in RunCurrentEventLoopInMode () #25 0x92dcd297 in ReceiveNextEventCommon () #26 0x92dcd0ee in BlockUntilNextEventMatchingListInMode () #27 0x9326f465 in _DPSNextEvent () #28 0x9326f056 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] () #29 0x00006f96 in ?? () #30 0x93268ddb in -[NSApplication run] () #31 0x9325cd2f in NSApplicationMain () #32 0x0005f7de in ?? () #33 0x0005f6f9 in ?? () (gdb) 38200 1 12151 mrowe 2007-01-01 17:38:51 -0800 Created attachment 12151 Patch 38201 2 12151 eric 2007-01-01 17:41:57 -0800 Comment on attachment 12151 Patch personally I prefer test cases to start with PASS: for easy reading. But the change and test look great. r=me 38202 3 mrowe 2007-01-01 17:59:04 -0800 Landed in r18510. 12151 2007-01-01 17:38:51 -0800 2007-01-01 17:41:57 -0800 Patch webkit-bug-12061-v1.patch text/plain 2843 mrowe SW5kZXg6IExheW91dFRlc3RzL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9D aGFuZ2VMb2cJKHJldmlzaW9uIDE4NTA5KQorKysgTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCSh3b3Jr aW5nIGNvcHkpCkBAIC0xLDMgKzEsMTMgQEAKKzIwMDctMDEtMDEgIE1hcmsgUm93ZSAgPGJkYXNo QHdlYmtpdC5vcmc+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAg ICAgICAgTGF5b3V0IHRlc3QgZm9yIGh0dHA6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dp P2lkPTEyMDYxCisgICAgICAgIEJ1ZyAxMjA2MTogQ3Jhc2ggaW4gV2ViQ29yZTo6U2hhcmVkPFdl YkNvcmU6OlN0cmluZ0ltcGw+OjpkZXJlZgorCisgICAgICAgICogZmFzdC9jc3MtZ2VuZXJhdGVk LWNvbnRlbnQvcmVzZXQtY29udGVudC10by1pbml0aWFsLWV4cGVjdGVkLnR4dDogQWRkZWQuCisg ICAgICAgICogZmFzdC9jc3MtZ2VuZXJhdGVkLWNvbnRlbnQvcmVzZXQtY29udGVudC10by1pbml0 aWFsLmh0bWw6IEFkZGVkLgorCiAyMDA2LTEyLTMxICBFcmljIFNlaWRlbCAgPGVyaWNAZXNlaWRl bC5jb20+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgbWl0ei4KSW5kZXg6IExheW91dFRlc3RzL2Zh c3QvY3NzLWdlbmVyYXRlZC1jb250ZW50L3Jlc2V0LWNvbnRlbnQtdG8taW5pdGlhbC1leHBlY3Rl ZC50eHQKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvZmFzdC9jc3MtZ2VuZXJhdGVkLWNvbnRl bnQvcmVzZXQtY29udGVudC10by1pbml0aWFsLWV4cGVjdGVkLnR4dAkocmV2aXNpb24gMCkKKysr IExheW91dFRlc3RzL2Zhc3QvY3NzLWdlbmVyYXRlZC1jb250ZW50L3Jlc2V0LWNvbnRlbnQtdG8t aW5pdGlhbC1leHBlY3RlZC50eHQJKHJldmlzaW9uIDApCkBAIC0wLDAgKzEsMyBAQAorVGVzdCBm b3IgYnVnIDEyMDYxLiBJZiB0aGlzIGRvZXNuJ3QgY3Jhc2gsIHRoZSB0ZXN0IGhhcyBzdWNjZWVk ZWQuCisKKwpJbmRleDogTGF5b3V0VGVzdHMvZmFzdC9jc3MtZ2VuZXJhdGVkLWNvbnRlbnQvcmVz ZXQtY29udGVudC10by1pbml0aWFsLmh0bWwKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gTGF5b3V0VGVzdHMvZmFz dC9jc3MtZ2VuZXJhdGVkLWNvbnRlbnQvcmVzZXQtY29udGVudC10by1pbml0aWFsLmh0bWwJKHJl dmlzaW9uIDApCisrKyBMYXlvdXRUZXN0cy9mYXN0L2Nzcy1nZW5lcmF0ZWQtY29udGVudC9yZXNl dC1jb250ZW50LXRvLWluaXRpYWwuaHRtbAkocmV2aXNpb24gMCkKQEAgLTAsMCArMSwxNiBAQAor PGh0bWw+Cis8aGVhZD4KKyAgICA8dGl0bGU+VGVzdCBIVE1MIFBhZ2U8L3RpdGxlPgorICAgIDxz dHlsZSB0eXBlPSJ0ZXh0L2NzcyI+CisgICAgICAgIGRmbiB7IGNvbnRlbnQ6ICJ0ZXh0IjsgY29u dGVudDogaW5pdGlhbDsgfQorICAgIDwvc3R5bGU+CisgICAgPHNjcmlwdCB0eXBlPSJ0ZXh0L2ph dmFzY3JpcHQiPgorICAgICAgICBpZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVyKQorICAg ICAgICAgICAgbGF5b3V0VGVzdENvbnRyb2xsZXIuZHVtcEFzVGV4dCgpOworICAgIDwvc2NyaXB0 PgorPC9oZWFkPgorPGJvZHk+CisgICAgPHA+VGVzdCBmb3IgPGEgaHJlZj0iaHR0cDovL2J1Z3Mu d2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTIwNjEiPmJ1ZyAxMjA2MTwvYT4uICBJZiB0aGlz IGRvZXNuJ3QgY3Jhc2gsIHRoZSB0ZXN0IGhhcyBzdWNjZWVkZWQuPC9wPgorICAgIDxkZm4+ZGZu PC9kZm4+Cis8L2JvZHk+Cis8L2h0bWw+CkluZGV4OiBXZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09Ci0tLSBXZWJDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMTg1MDkpCisrKyBXZWJDb3JlL0No YW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDExIEBACisyMDA3LTAxLTAxICBNYXJr IFJvd2UgIDxiZGFzaEB3ZWJraXQub3JnPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAo T09QUyEpLgorCisgICAgICAgICogcmVuZGVyaW5nL1JlbmRlclN0eWxlLmNwcDoKKyAgICAgICAg KFdlYkNvcmU6OkNvbnRlbnREYXRhOjpjbGVhckNvbnRlbnQpOiBSZXNldCBfY29udGVudFR5cGUg dG8gQ09OVEVOVF9OT05FIHRvIGVuc3VyZSByZXBlYXRlZCBjYWxscyB0byBjbGVhckNvbnRlbnQK KyAgICAgICAgZG8gbm90IHJlc3VsdCBpbiBkZXJlZmluZyBkZWFsbG9jYXRlZCBtZW1iZXJzLgor CiAyMDA3LTAxLTAxICBFcmljIFNlaWRlbCAgPGVyaWNAd2Via2l0Lm9yZz4KIAogICAgICAgICBS ZXZpZXdlZCBieSBhbmRlcnNjYS4KSW5kZXg6IFdlYkNvcmUvcmVuZGVyaW5nL1JlbmRlclN0eWxl LmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09Ci0tLSBXZWJDb3JlL3JlbmRlcmluZy9SZW5kZXJTdHlsZS5jcHAJKHJl dmlzaW9uIDE4NTA5KQorKysgV2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyU3R5bGUuY3BwCSh3b3Jr aW5nIGNvcHkpCkBAIC0xMTkwLDYgKzExOTAsNyBAQCB2b2lkIENvbnRlbnREYXRhOjpjbGVhckNv bnRlbnQoKQogICAgICAgICBkZWZhdWx0OgogICAgICAgICAgICAgOwogICAgIH0KKyAgICBfY29u dGVudFR5cGUgPSBDT05URU5UX05PTkU7CiB9CiAKICNpZmRlZiBYQkxfU1VQUE9SVAo=