16866 2008-01-13 16:50:01 -0800 fast/frames/frame-name-reset.html crashes Windows XP 2008-01-14 10:45:30 -0800 1 1 1 Unclassified WebKit New Bugs 528+ (Nightly build) PC Windows XP RESOLVED INVALID http://build.webkit.org/builders/trunk-win-release/builds/6984 InRadar, LayoutTestFailure P2 Normal --- 1 mitz webkit-unassigned alice.barraclough aroben oldest_to_newest 67166 0 mitz 2008-01-13 16:50:01 -0800 fast/frames/frame-name-reset.html crashes on my Windows XP machine and on a build bot running Windows XP (see URL). When run in the debugger, the test outputs the ALERT message, then hangs for a while under CFNetwork code, then appears to crash due to memory corruption. 67168 1 mitz 2008-01-13 16:57:14 -0800 <http://build.webkit.org/builders/trunk-win-release/builds/6954> (@r29409) is the earliest run with this crash, because earlier runs crashed in an earlier test. 67175 2 mitz 2008-01-13 19:39:21 -0800 My untested theory of the day is that calling CFURLConnectionResume on a connection during one of that connection's callbacks results in the connection being over-released due to a bug in CFURLConnection. (In the test case, alert() is called under the data: URL's CFURLConnection's callback, and the chrome uses a PageGroupLoadDeferrer around the alert, which calls CFURLConnectionHalt and CFURLConnectionResume on the data: URL connection). 67176 3 mitz 2008-01-13 19:41:24 -0800 <rdar://problem/5686091> 67182 4 mitz 2008-01-13 21:10:05 -0800 (In reply to comment #2) > (In the test case, alert() > is called under the data: URL's CFURLConnection's callback I was wrong. It is called under the test's URL's (file:///cygwin/...) callback, so it is not immediately clear how the data: URL is involved. The file: URL connection is also halted and resumed, but that is expected to happen in any test that calls alert() before it is finished loading. 67186 5 mitz 2008-01-13 21:49:12 -0800 To test my theory, I added a CFRetain(d->m_connection.get()) in the !defers case of ResourceHandle::setDefersLoading(). After doing that, I could not reproduce the crash. I am not sure that the problem is over-releasing, though. It might be simply that there are still messages posted for the CFURLConnection on the queue when it is deallocated. 67203 6 aroben 2008-01-14 05:53:22 -0800 This reminds me of a crash that Alice was working on -- maybe she can shed some more light? 67233 7 mitz 2008-01-14 10:45:30 -0800 The problem is most probably in a non-WebKit component.