6382 2006-01-05 06:49:24 -0800 REGRESSION: Repro crash when clicking link with target="_blank" 2006-01-22 04:57:25 -0800 1 1 1 Unclassified WebKit Frames 420+ Mac OS X 10.4 VERIFIED FIXED InRadar P1 Critical --- 1 mitz webkit-unassigned sullivan oldest_to_newest 27780 0 mitz 2006-01-05 06:49:24 -0800 TOT crashes when you click a link with target "_blank". To reproduce: open the testcase and click "test". Crash backtrace: Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x000000dc Thread 0 Crashed: 0 com.apple.WebCore 0x016d6e04 KWQKHTMLPart::generateFrameName() + 248 (KWQKHTMLPart.mm:205) 1 com.apple.WebCore 0x0175864c KHTMLPart::requestFrameName() + 56 (khtml_part.cpp: 1743) 2 com.apple.WebCore 0x016ddc70 KWQKHTMLPart::setName(QString const&) + 224 (KWQKHTMLPart.mm:3830) 3 com.apple.WebCore 0x0174c754 -[WebCoreBridge setName:] + 92 (WebCoreBridge.mm: 1627) 4 com.apple.WebKit 0x003666a4 -[WebFrame(WebPrivate) _continueLoadRequestAfterNewWindowPolicy:frameName:formState:] + 432 (WebFrame.m:1827) 5 com.apple.WebKit 0x0035d4b8 -[NSObject(WebExtraPerformMethod) performSelector:withObject:withObject:withObject:] + 72 (WebFrame.m:125) 6 com.apple.WebKit 0x00365794 -[WebFrame(WebPrivate) _continueAfterNewWindowPolicy:] + 712 (WebFrame.m:1661) 7 com.apple.WebKit 0x003bdc80 -[WebPolicyDecisionListener _usePolicy:] + 120 (WebPolicyDelegate.m:92) 8 com.apple.WebKit 0x003bdd84 -[WebPolicyDecisionListener use] + 68 (WebPolicyDelegate.m:107) 9 libobjc.A.dylib 0x909c4214 objc_msgSendv + 180 10 com.apple.Foundation 0x928e21c8 -[NSInvocation invoke] + 944 11 com.apple.Foundation 0x928e2778 -[NSInvocation invokeWithTarget:] + 64 12 com.apple.WebKit 0x003afd6c -[_WebSafeForwarder forwardInvocation:] + 624 (WebView.m:1459) 13 com.apple.Foundation 0x928da574 -[NSObject(NSForwardInvocation) forward::] + 408 14 libobjc.A.dylib 0x909c40d0 _objc_msgForward + 176 15 com.apple.WebKit 0x0036549c -[WebFrame(WebPrivate) _checkNewWindowPolicyForRequest:action:frameName:formState:andCall:withSelector:] + 580 (WebFrame.m:1630) 16 com.apple.WebKit 0x00366a9c -[WebFrame(WebPrivate) _loadURL:referrer:loadType:target:triggeringEvent:form:formValues:] + 792 (WebFrame.m:1868) 17 com.apple.WebKit 0x00335538 -[WebBridge loadURL:referrer:reload:userGesture:target:triggeringEvent:form:formValues:] + 436 (WebBridge.m:726) 18 com.apple.WebCore 0x016e5058 KWQKHTMLPart::urlSelected(KURL const&, int, int, KParts::URLArgs const&) + 548 (KWQKHTMLPart.mm:719) 19 com.apple.WebCore 0x01764834 KHTMLPart::urlSelected(QString const&, int, int, QString const&, KParts::URLArgs) + 820 (khtml_part.cpp:1707) 20 com.apple.WebCore 0x0181f4a0 DOM::HTMLAnchorElementImpl::defaultEventHandler (DOM::EventImpl*) + 2080 (html_inlineimpl.cpp:208) 21 com.apple.WebCore 0x018d3f40 DOM::NodeImpl::dispatchGenericEvent(DOM::EventImpl*, int&) + 1072 (dom_nodeimpl.cpp:624) 22 com.apple.WebCore 0x018d41ec DOM::NodeImpl::dispatchEvent(DOM::EventImpl*, int&, bool) + 364 (dom_nodeimpl.cpp:533) 23 com.apple.WebCore 0x018d4a48 DOM::NodeImpl::dispatchMouseEvent(DOM::AtomicString const&, int, int, int, int, int, int, bool, bool, bool, bool) + 492 (dom_nodeimpl.cpp:779) 24 com.apple.WebCore 0x018da5e4 DOM::NodeImpl::dispatchMouseEvent(QMouseEvent*, DOM::AtomicString const&, int) + 804 (dom_nodeimpl.cpp:741) 25 com.apple.WebCore 0x01768f1c KHTMLView::dispatchMouseEvent(DOM::AtomicString const&, DOM::NodeImpl*, bool, int, QMouseEvent*, bool, int) + 1064 (khtmlview.cpp:1079) 26 com.apple.WebCore 0x0176a4d0 KHTMLView::viewportMouseReleaseEvent(QMouseEvent*) + 632 (khtmlview.cpp:725) 27 com.apple.WebCore 0x016e6694 KWQKHTMLPart::mouseUp(NSEvent*) + 584 (KWQKHTMLPart.mm:2706) 28 com.apple.WebCore 0x0174ae6c -[WebCoreBridge mouseUp:] + 52 (WebCoreBridge.mm: 1187) 29 com.apple.WebKit 0x0037f92c -[WebHTMLView mouseUp:] + 292 (WebHTMLView.m:2911) 30 com.apple.AppKit 0x936e7f18 -[NSWindow sendEvent:] + 4728 31 com.apple.Safari 0x00022180 0x1000 + 135552 32 com.apple.AppKit 0x93690ef4 -[NSApplication sendEvent:] + 4172 33 com.apple.Safari 0x00021c84 0x1000 + 134276 34 com.apple.AppKit 0x93688330 -[NSApplication run] + 508 35 com.apple.AppKit 0x93778e60 NSApplicationMain + 452 36 com.apple.Safari 0x0005d028 0x1000 + 376872 37 com.apple.Safari 0x0005cecc 0x1000 + 376524 27781 1 5494 mitz 2006-01-05 06:49:51 -0800 Created attachment 5494 testcase 27811 2 alice.barraclough 2006-01-05 14:39:09 -0800 <rdar://problem/4400293> 27820 3 webkit 2006-01-05 15:56:27 -0800 Not sure about this but this could be a result of the implementation of the following patch: http://bugzilla.opendarwin.org/show_bug.cgi?id=6357 27852 4 5512 mitz 2006-01-06 06:45:59 -0800 Created attachment 5512 Proposed patch 27854 5 5512 darin 2006-01-06 06:54:56 -0800 Comment on attachment 5512 Proposed patch r=me 27863 6 ggaren 2006-01-06 11:22:52 -0800 Landed. 27918 7 mitz 2006-01-07 05:44:27 -0800 *** Bug 6398 has been marked as a duplicate of this bug. *** 29403 8 joost 2006-01-22 04:57:25 -0800 Removing keyword(s) since bug is fixed. 5494 2006-01-05 06:49:51 -0800 2006-01-05 06:49:51 -0800 testcase frames crash.html text/html 107 mitz PGh0bWw+CjxoZWFkPgo8dGl0bGU+PC90aXRsZT4KPC9oZWFkPgo8Ym9keT4KQ2xpY2sgdG8gPGEg aHJlZj0iLyIgdGFyZ2V0PSJfYmxhbmsiPnRlc3Q8L2E+Lgo8L2JvZHk+CjwvaHRtbD4= 5512 2006-01-06 06:45:59 -0800 2006-01-06 06:54:56 -0800 Proposed patch 6382_r1.patch text/plain 747 mitz SW5kZXg6IFdlYkNvcmUva3dxL0tXUUtIVE1MUGFydC5tbQo9PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09ClJDUyBmaWxlOiAv Y3ZzL3Jvb3QvV2ViQ29yZS9rd3EvS1dRS0hUTUxQYXJ0Lm1tLHYKcmV0cmlldmluZyByZXZpc2lv biAxLjcxNApkaWZmIC1wIC11IC1yMS43MTQgV2ViQ29yZS9rd3EvS1dRS0hUTUxQYXJ0Lm1tCi0t LSBXZWJDb3JlL2t3cS9LV1FLSFRNTFBhcnQubW0JNSBKYW4gMjAwNiAwNjo0MToyMyAtMDAwMAkx LjcxNAorKysgV2ViQ29yZS9rd3EvS1dRS0hUTUxQYXJ0Lm1tCTYgSmFuIDIwMDYgMTQ6NTM6NDEg LTAwMDAKQEAgLTM4MjYsNyArMzgyNiw3IEBAIHZvaWQgS1dRS0hUTUxQYXJ0OjpzZXROYW1lKGNv bnN0IFFTdHJpbmcKICAgICBLV1FLSFRNTFBhcnQgKnBhcmVudCA9IEtXUShwYXJlbnRQYXJ0KCkp OwogCiAgICAgLy8gRklYTUU6IGlzIHRoZSBibGFuayBydWxlIG5lZWRlZCBvciB1c2VmdWw/Ci0g ICAgaWYgKHBhcmVudCAmJiAobmFtZS5pc0VtcHR5KCkgfHwgcGFyZW50LT5mcmFtZUV4aXN0cyhu YW1lKSkgfHwgbmFtZSA9PSAiX2JsYW5rIikKKyAgICBpZiAocGFyZW50ICYmIChuYW1lLmlzRW1w dHkoKSB8fCBwYXJlbnQtPmZyYW1lRXhpc3RzKG5hbWUpIHx8IG5hbWUgPT0gIl9ibGFuayIpKQog CW4gPSBwYXJlbnQtPnJlcXVlc3RGcmFtZU5hbWUoKTsKIAogICAgIEtIVE1MUGFydDo6c2V0TmFt ZShuKTsK