14895 2007-08-07 10:56:24 -0700 [Crash] FrameTree::uniqueChildName generates non-unique names 2007-08-07 11:31:09 -0700 1 1 1 Unclassified WebKit Frames 523.x (Safari 3) All All RESOLVED DUPLICATE 7899 P2 Normal --- 1 brettw brettw oldest_to_newest 2899 0 brettw 2007-08-07 10:56:24 -0700 I am seeing a hard-to-reproduce crash on a number of sites including http://www.jrj.com.cn/ The crash is in EventHandler::passWheelEventToWidget (and presumably other input events) when you use the scroll wheel over certain iframes (seems to depend on timing) because the widget for the RenderWidget is NULL The widget is NULL because the iframe is never initialized properly. The iframe is never initialized properly because the redirect timer was canceled by another iframe that got the same "unique" internal frame name. FrameTree::uniqueChildName uses childCount() to generate a "unique" name for a child frame. However, this value can repeat if frames are removed from the parent. 2900 1 brettw 2007-08-07 10:59:46 -0700 I have a patch for this. 2896 2 ggaren 2007-08-07 11:21:04 -0700 This is a dup, but I can't find the original right now. You might want to do some searching -- I remember past patches for this issue causing significant regressions. 2893 3 brettw 2007-08-07 11:31:09 -0700 *** This bug has been marked as a duplicate of 7899 ***