20540 2008-08-27 04:08:06 -0700 HTML/JavaScript causes Read AV[3c]@WebKit.dll+4c00 #bd95c6be 2022-02-12 18:19:55 -0800 1 1 1 Unclassified WebKit New Bugs 525.x (Safari 3.1) PC Windows Vista RESOLVED CONFIGURATION CHANGED http://skypher.com/SkyLined/Repro/Safari/AVR%5B3c%5D@WebKit.dll+4c00%20%23bd95c6be/repro.html HasReduction, InRadar P2 Critical --- 1 skylined webkit-unassigned ap bfulgham oldest_to_newest 89469 0 skylined 2008-08-27 04:08:06 -0700 The following HTML file triggers a NULL pointer AV: <BODY onload=go()></BODY> <SCRIPT> function go() { var oOldBody = document.body; document.addEventListener("DOMNodeRemoved", function () { event.relatedNode.parentElement.removeChild(event.relatedNode); },true); document.body.parentElement.removeChild(document.body); oOldBody.innerHTML = "x<l><html>"; } </SCRIPT> 89510 1 mrowe 2008-08-27 12:09:51 -0700 <rdar://problem/6180069> 89619 2 ap 2008-08-28 03:38:09 -0700 Could you please try this with a nightly build (http://nightly.webkit.org)? We could not reproduce this yet. 89635 3 skylined 2008-08-28 08:52:52 -0700 I tested it in nightly and it does indeed not repro - but... I open Safari (with webkit nightly) and drag the URL in. The page opens fine. I drag the URL in again and I see this: (f6c.df0): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. WebKit!WebCore::DragController::concludeDrag+0x3a: 00000000`6d4a0cda 8b03 mov eax,dword ptr [ebx] ds:002b:00000000`00000000=???????? So something is still messed up in nightly, but it doesn't repro until you do a drag and drop. 89643 4 skylined 2008-08-28 09:08:36 -0700 This same drag and drop problem happens with the repro for bug 19516 89645 5 ap 2008-08-28 09:16:49 -0700 That certainly sounds bad - but probably a separate problem. 89649 6 skylined 2008-08-28 09:35:50 -0700 Do I need to file a new bug or can we reuse this one? 89706 7 mrowe 2008-08-28 18:16:14 -0700 A new bug report would be preferred since it appears to be a separate issue. 89729 8 skylined 2008-08-29 01:28:59 -0700 Ok, if we're going to be bueaucratic about it: I opened bug 20565 :)