Bug 11859

Summary: REGRESSION: Gmail>Compose with signature: reproducible crash with right click
Product: WebKit Reporter: Stephen Harbage <s_harbage>
Component: FormsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Critical CC: ddkilzer, harrison
Priority: P1 Keywords: GoogleBug, InRadar, Regression
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
URL: http://mail.google.com/mail/

Stephen Harbage
Reported 2006-12-17 10:02:45 PST
Go to www.gmail.com > settings, add a signature Go to compose and right click/ctrl click above the signature, Safari crashes Crash log: ********** Host Name: Stephen-Harbages-Computer Date/Time: 2006-12-17 17:39:29.835 +0000 OS Version: 10.4.8 (Build 8L127) Report Version: 4 Command: Safari Path: /Applications/Safari.app/Contents/MacOS/Safari Parent: WindowServer [219] Version: ??? (18260) PID: 2316 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000014 Thread 0 Crashed: 0 com.apple.WebCore 0x011062b8 -[WebCoreFrameBridge fontForSelection:] + 56 1 com.apple.WebKit 0x003382cc -[WebHTMLView(WebInternal) _updateFontPanel] + 156 2 com.apple.WebKit 0x00333820 -[WebHTMLView becomeFirstResponder] + 304 3 com.apple.AppKit 0x937b5e48 -[NSWindow makeFirstResponder:] + 200 4 com.apple.Safari 0x000128e8 0x1000 + 71912 5 libobjc.A.dylib 0x90a441f4 objc_msgSendv + 180 6 com.apple.Foundation 0x9295cc88 -[NSInvocation invoke] + 944 7 com.apple.Foundation 0x9295d238 -[NSInvocation invokeWithTarget:] + 64 8 com.apple.Foundation 0x92955034 -[NSObject(NSForwardInvocation) forward::] + 408 9 libobjc.A.dylib 0x90a440b0 _objc_msgForward + 176 10 com.apple.WebKit 0x0031e6c8 -[WebFrameBridge makeFirstResponder:] + 88 11 com.apple.WebCore 0x01224674 WebCore::Widget::setFocus() + 372 12 com.apple.WebCore 0x010f96cc WebCore::Document::setFocusedNode(WTF::PassRefPtr<WebCore::Node>) + 1756 13 com.apple.WebCore 0x0140b610 WebCore::EventHandler::dispatchMouseEvent(WebCore::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 880 14 com.apple.WebCore 0x0140e040 WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 640 15 com.apple.WebCore 0x01408d6c WebCore::EventHandler::mouseDown(NSEvent*) + 620 16 com.apple.WebKit 0x00332e78 -[WebHTMLView mouseDown:] + 280 17 com.apple.WebCore 0x01406f48 WebCore::EventHandler::passMouseDownEventToWidget(WebCore::Widget*) + 856 18 com.apple.WebCore 0x01407364 WebCore::EventHandler::passSubframeEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*) + 452 19 com.apple.WebCore 0x0140df14 WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 340 20 com.apple.WebCore 0x01408d6c WebCore::EventHandler::mouseDown(NSEvent*) + 620 21 com.apple.WebKit 0x00332e78 -[WebHTMLView mouseDown:] + 280 22 com.apple.WebCore 0x01406f48 WebCore::EventHandler::passMouseDownEventToWidget(WebCore::Widget*) + 856 23 com.apple.WebCore 0x01407364 WebCore::EventHandler::passSubframeEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*) + 452 24 com.apple.WebCore 0x0140df14 WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 340 25 com.apple.WebCore 0x01408d6c WebCore::EventHandler::mouseDown(NSEvent*) + 620 26 com.apple.WebKit 0x00332e78 -[WebHTMLView mouseDown:] + 280 27 com.apple.WebCore 0x01406f48 WebCore::EventHandler::passMouseDownEventToWidget(WebCore::Widget*) + 856 28 com.apple.WebCore 0x01407364 WebCore::EventHandler::passSubframeEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*) + 452 29 com.apple.WebCore 0x0140df14 WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 340 30 com.apple.WebCore 0x01408d6c WebCore::EventHandler::mouseDown(NSEvent*) + 620 31 com.apple.WebKit 0x00332e78 -[WebHTMLView mouseDown:] + 280 32 com.apple.AppKit 0x93767890 -[NSWindow sendEvent:] + 4616 33 com.apple.Safari 0x00021734 0x1000 + 132916 34 com.apple.AppKit 0x937108d4 -[NSApplication sendEvent:] + 4172 35 com.apple.Safari 0x00021238 0x1000 + 131640 36 com.apple.AppKit 0x93707d10 -[NSApplication run] + 508 37 com.apple.AppKit 0x937f887c NSApplicationMain + 452 38 com.apple.Safari 0x0005c77c 0x1000 + 374652 39 com.apple.Safari 0x0005c624 0x1000 + 374308 Thread 1: 0 libSystem.B.dylib 0x9002bbc8 semaphore_wait_signal_trap + 8 1 libSystem.B.dylib 0x900306ac pthread_cond_wait + 480 2 com.apple.Foundation 0x92968300 -[NSConditionLock lockWhenCondition:] + 68 3 com.apple.AppKit 0x937a8708 -[NSUIHeartBeat _heartBeatThread:] + 324 4 com.apple.Foundation 0x92961194 forkThreadForFunction + 108 5 libSystem.B.dylib 0x9002b508 _pthread_body + 96 Thread 2: 0 libSystem.B.dylib 0x9000ab48 mach_msg_trap + 8 1 libSystem.B.dylib 0x9000aa9c mach_msg + 60 2 com.apple.CoreFoundation 0x907dcb78 __CFRunLoopRun + 832 3 com.apple.CoreFoundation 0x907dc47c CFRunLoopRunSpecific + 268 4 com.apple.Foundation 0x9298869c +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 264 5 com.apple.Foundation 0x92961194 forkThreadForFunction + 108 6 libSystem.B.dylib 0x9002b508 _pthread_body + 96 Thread 3: 0 libSystem.B.dylib 0x9000ab48 mach_msg_trap + 8 1 libSystem.B.dylib 0x9000aa9c mach_msg + 60 2 com.apple.CoreFoundation 0x907dcb78 __CFRunLoopRun + 832 3 com.apple.CoreFoundation 0x907dc47c CFRunLoopRunSpecific + 268 4 com.apple.Foundation 0x929897dc +[NSURLCache _diskCacheSyncLoop:] + 152 5 com.apple.Foundation 0x92961194 forkThreadForFunction + 108 6 libSystem.B.dylib 0x9002b508 _pthread_body + 96 Thread 4: 0 libSystem.B.dylib 0x9002bbc8 semaphore_wait_signal_trap + 8 1 libSystem.B.dylib 0x900306ac pthread_cond_wait + 480 2 com.apple.Foundation 0x92968300 -[NSConditionLock lockWhenCondition:] + 68 3 com.apple.Syndication 0x9b23642c -[AsyncDB _run:] + 192 4 com.apple.Foundation 0x92961194 forkThreadForFunction + 108 5 libSystem.B.dylib 0x9002b508 _pthread_body + 96 Thread 5: 0 libSystem.B.dylib 0x9001f08c select + 12 1 com.apple.CoreFoundation 0x907ef40c __CFSocketManager + 472 2 libSystem.B.dylib 0x9002b508 _pthread_body + 96 Thread 0 crashed with PPC Thread State 64: srr0: 0x00000000011062b8 srr1: 0x000000000200f030 vrsave: 0x0000000000000000 cr: 0x44002248 xer: 0x0000000000000004 lr: 0x00000000011062b8 ctr: 0x0000000000174ee0 r0: 0x00000000011062b8 r1: 0x00000000bfffb710 r2: 0x0000000000200000 r3: 0x0000000000000000 r4: 0x0000000006b51960 r5: 0x0000000000000004 r6: 0x0000000000000000 r7: 0x0000000000000001 r8: 0x0000000006098a48 r9: 0x0000000000444020 r10: 0x0000000000173a5c r11: 0x000000000044402c r12: 0x0000000000174ee0 r13: 0x00000000a3736688 r14: 0x0000000000000100 r15: 0x0000000000000000 r16: 0x00000000a3736688 r17: 0x00000000a3746688 r18: 0x00000000a3736688 r19: 0x00000000a3736688 r20: 0x0000000000000000 r21: 0x00000000a3706688 r22: 0x00000000a373ea0c r23: 0x00000000a3706688 r24: 0x00000000059c0100 r25: 0x00000000bfffbeb8 r26: 0x00000000059c0100 r27: 0x0000000000000000 r28: 0x00000000a3745d80 r29: 0x00000000097fa6f0 r30: 0x00000000bfffb7a8 r31: 0x0000000000338230 Binary Images Description: 0x1000 - 0xdcfff com.apple.Safari 2.0.4 (419.3) /Applications/Safari.app/Contents/MacOS/Safari 0x109000 - 0x10afff WebKitNightlyEnabler.dylib /Applications/WebKit.app/Contents/Resources/WebKitNightlyEnabler.dylib 0x10e000 - 0x19cfff com.apple.JavaScriptCore 420+ /Applications/WebKit.app/Contents/Resources/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x305000 - 0x3aefff com.apple.WebKit 420+ /Applications/WebKit.app/Contents/Resources/WebKit.framework/Versions/A/WebKit 0x7fb000 - 0x7fbfff com.aladdinsys.mmenabler 7.1.0 (129) /Library/InputManagers/MagicMenuEnabler/MagicMenuEnabler.bundle/Contents/MacOS/MagicMenuEnabler 0x1008000 - 0x1533fff com.apple.WebCore 420+ /Applications/WebKit.app/Contents/Resources/WebCore.framework/Versions/A/WebCore 0x520d000 - 0x520dfff com.apple.SpotLightCM 1.0 (121.20.2) /System/Library/Contextual Menu Items/SpotlightCM.plugin/Contents/MacOS/SpotlightCM 0x52ca000 - 0x52ccfff com.apple.AutomatorCMM 1.0 (48) /System/Library/Contextual Menu Items/AutomatorCMM.plugin/Contents/MacOS/AutomatorCMM 0x52e6000 - 0x52eafff com.apple.FolderActionsMenu 1.3 /System/Library/Contextual Menu Items/FolderActionsMenu.plugin/Contents/MacOS/FolderActionsMenu 0x8fe00000 - 0x8fe51fff dyld 45.3 /usr/lib/dyld 0x90000000 - 0x901bcfff libSystem.B.dylib /usr/lib/libSystem.B.dylib 0x90214000 - 0x90219fff libmathCommon.A.dylib /usr/lib/system/libmathCommon.A.dylib 0x9021b000 - 0x90268fff com.apple.CoreText 1.0.2 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x90293000 - 0x90344fff ATS /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x90373000 - 0x9072dfff com.apple.CoreGraphics 1.258.38 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x907ba000 - 0x90893fff com.apple.CoreFoundation 6.4.6 (368.27) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x908dc000 - 0x908dcfff com.apple.CoreServices 10.4 (???) /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x908de000 - 0x909e0fff libicucore.A.dylib /usr/lib/libicucore.A.dylib 0x90a3a000 - 0x90abefff libobjc.A.dylib /usr/lib/libobjc.A.dylib 0x90ae8000 - 0x90b58fff com.apple.framework.IOKit 1.4 (???) /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x90b6e000 - 0x90b80fff libauto.dylib /usr/lib/libauto.dylib 0x90b87000 - 0x90e5efff com.apple.CoreServices.CarbonCore 681.7 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x90ec4000 - 0x90f44fff com.apple.CoreServices.OSServices 4.1 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x90f8e000 - 0x90fcffff com.apple.CFNetwork 129.19 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x90fe4000 - 0x90ffcfff com.apple.WebServices 1.1.2 (1.1.0) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/WebServicesCore 0x9100c000 - 0x9108dfff com.apple.SearchKit 1.0.5 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x910d3000 - 0x910fdfff com.apple.Metadata 10.4.4 (121.36) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x9110e000 - 0x9111cfff libz.1.dylib /usr/lib/libz.1.dylib 0x9111f000 - 0x912dafff com.apple.security 4.6 (29770) /System/Library/Frameworks/Security.framework/Versions/A/Security 0x913d9000 - 0x913e2fff com.apple.DiskArbitration 2.1 /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x913e9000 - 0x91411fff com.apple.SystemConfiguration 1.8.3 /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x91424000 - 0x9142ffff libgcc_s.1.dylib /usr/lib/libgcc_s.1.dylib 0x91434000 - 0x9143cfff libbsm.dylib /usr/lib/libbsm.dylib 0x91440000 - 0x914bbfff com.apple.audio.CoreAudio 3.0.4 /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x914f8000 - 0x914f8fff com.apple.ApplicationServices 10.4 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x914fa000 - 0x91532fff com.apple.AE 1.5 (297) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x9154d000 - 0x9161afff com.apple.ColorSync 4.4.4 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x9166f000 - 0x91700fff com.apple.print.framework.PrintCore 4.6 (177.13) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x91747000 - 0x917fefff com.apple.QD 3.10.21 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x9183b000 - 0x91899fff com.apple.HIServices 1.5.3 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x918c8000 - 0x918ecfff com.apple.LangAnalysis 1.6.1 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x91900000 - 0x91925fff com.apple.FindByContent 1.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/FindByContent 0x91938000 - 0x9197afff com.apple.LaunchServices 181 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x91996000 - 0x919aafff com.apple.speech.synthesis.framework 3.3 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x919b8000 - 0x919fafff com.apple.ImageIO.framework 1.5.0 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x91a10000 - 0x91ad7fff libcrypto.0.9.7.dylib /usr/lib/libcrypto.0.9.7.dylib 0x91b25000 - 0x91b3afff libcups.2.dylib /usr/lib/libcups.2.dylib 0x91b3f000 - 0x91b5dfff libJPEG.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x91b63000 - 0x91bd2fff libJP2.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib 0x91be9000 - 0x91bedfff libGIF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x91bef000 - 0x91c4efff libRaw.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib 0x91c53000 - 0x91c90fff libTIFF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x91c97000 - 0x91cb0fff libPng.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x91cb5000 - 0x91cb8fff libRadiance.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x91cba000 - 0x91cbafff com.apple.Accelerate 1.2.2 (Accelerate 1.2.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x91cbc000 - 0x91da1fff com.apple.vImage 2.4 /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x91da9000 - 0x91dc8fff com.apple.Accelerate.vecLib 3.2.2 (vecLib 3.2.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x91e34000 - 0x91ea2fff libvMisc.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x91ead000 - 0x91f42fff libvDSP.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x91f5c000 - 0x924e4fff libBLAS.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x92517000 - 0x92842fff libLAPACK.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x92872000 - 0x928fafff com.apple.DesktopServices 1.3.5 /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x9293b000 - 0x92b66fff com.apple.Foundation 6.4.6 (567.27) /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x92c84000 - 0x92d62fff libxml2.2.dylib /usr/lib/libxml2.2.dylib 0x92d82000 - 0x92e70fff libiconv.2.dylib /usr/lib/libiconv.2.dylib 0x92e82000 - 0x92ea0fff libGL.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x92eab000 - 0x92f05fff libGLU.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x92f23000 - 0x92f23fff com.apple.Carbon 10.4 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x92f25000 - 0x92f39fff com.apple.ImageCapture 3.0 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x92f51000 - 0x92f61fff com.apple.speech.recognition.framework 3.4 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x92f6d000 - 0x92f82fff com.apple.securityhi 2.0 (203) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x92f94000 - 0x9301bfff com.apple.ink.framework 101.2 (69) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x9302f000 - 0x9303afff com.apple.help 1.0.3 (32) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x93044000 - 0x93071fff com.apple.openscripting 1.2.5 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x9308b000 - 0x9309bfff com.apple.print.framework.Print 5.0 (190.1) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x930a7000 - 0x9310dfff com.apple.htmlrendering 1.1.2 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x9313e000 - 0x9318dfff com.apple.NavigationServices 3.4.4 (3.4.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x931bb000 - 0x931d8fff com.apple.audio.SoundManager 3.9 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x931ea000 - 0x931f7fff com.apple.CommonPanels 1.2.2 (73) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x93200000 - 0x9350dfff com.apple.HIToolbox 1.4.8 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x9365c000 - 0x93668fff com.apple.opengl 1.4.7 /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x9366d000 - 0x9368dfff com.apple.DirectoryService.Framework 3.1 /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x93701000 - 0x93701fff com.apple.Cocoa 6.4 (???) /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x93703000 - 0x93d36fff com.apple.AppKit 6.4.7 (824.41) /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x940c3000 - 0x94133fff com.apple.CoreData 80 /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x9416c000 - 0x9422ffff com.apple.audio.toolbox.AudioToolbox 1.4.3 /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x94281000 - 0x94281fff com.apple.audio.units.AudioUnit 1.4 /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x94283000 - 0x94456fff com.apple.QuartzCore 1.4.9 /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x944ac000 - 0x944e9fff libsqlite3.0.dylib /usr/lib/libsqlite3.0.dylib 0x944f1000 - 0x94541fff libGLImage.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x945d2000 - 0x94614fff com.apple.vmutils 4.0.2 (93.1) /System/Library/PrivateFrameworks/vmutils.framework/Versions/A/vmutils 0x94658000 - 0x94674fff com.apple.securityfoundation 2.2 (27710) /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x94688000 - 0x946ccfff com.apple.securityinterface 2.2 (27692) /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x946f0000 - 0x946fffff libCGATS.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x94707000 - 0x94713fff libCSync.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x94759000 - 0x94771fff libRIP.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x94b0a000 - 0x94b7bfff libstdc++.6.dylib /usr/lib/libstdc++.6.dylib 0x94d16000 - 0x94e46fff com.apple.AddressBook.framework 4.0.4 (485.1) /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x94ed8000 - 0x94ee7fff com.apple.DSObjCWrappers.Framework 1.1 /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x94eef000 - 0x94f1cfff com.apple.LDAPFramework 1.4.1 (69.0.1) /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x94f23000 - 0x94f33fff libsasl2.2.dylib /usr/lib/libsasl2.2.dylib 0x94f37000 - 0x94f66fff libssl.0.9.7.dylib /usr/lib/libssl.0.9.7.dylib 0x94f76000 - 0x94f93fff libresolv.9.dylib /usr/lib/libresolv.9.dylib 0x9616c000 - 0x96195fff libxslt.1.dylib /usr/lib/libxslt.1.dylib 0x97ce1000 - 0x97ceefff com.apple.agl 2.5.6 (AGL-2.5.6) /System/Library/Frameworks/AGL.framework/Versions/A/AGL 0x9b233000 - 0x9b269fff com.apple.Syndication 1.0.6 (54) /System/Library/PrivateFrameworks/Syndication.framework/Versions/A/Syndication 0x9b286000 - 0x9b298fff com.apple.SyndicationUI 1.0.6 (54) /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI
Attachments
David Kilzer (:ddkilzer)
Comment 1 2006-12-17 11:48:08 PST
Confirmed with WebKit nightly r18260. Will post a debug stack trace when my r18269 debug build finishes. Note that I had to follow these steps to reproduce: 1. Log into GMail. 2. Create signature text. 3. Compose new message. 4. Left-click on top line (blank) of message body. 5. Right-click (or control-click) in the same place. I was also able to reverse Steps 4 and 5 to reproduce the error. Note that only right-clicking or control-clicking doesn't cause a crash.
David Kilzer (:ddkilzer)
Comment 2 2006-12-17 14:15:18 PST
The steps in Comment #1 do NOT work for WebKit nightly r18244, but the following still causes a crash (in both WebKit nightlies r18244 and r18260). Note that this may be a separate bug. 1. Start WebKit nightly r18244 or r18260. 2. Log into GMail. 3. Click "Compose Mail" link. 4. Click once in the message body textarea. 5. Close the window. 6. Wait about 5 seconds. 7. WebKit crashes.
David Kilzer (:ddkilzer)
Comment 3 2006-12-17 14:27:42 PST
Stack trace resulting from following steps in Comment #1 on a locally-built debug build of WebKit r18269 with Safari 2.0.4 (419.3) on Mac OS X 10.4.8 (8L127): Date/Time: 2006-12-17 16:12:37.349 -0600 OS Version: 10.4.8 (Build 8L127) Report Version: 4 Command: Safari Path: /Applications/Safari.app/Contents/MacOS/Safari Parent: bash [16966] Version: 2.0.4 (419.3) Build Version: 1 Project Name: WebBrowser Source Version: 4190300 PID: 26878 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000014 Thread 0 Crashed: 0 com.apple.WebCore 0x015d3eac WebCore::FontData::getNSFont() const + 20 (FontData.h:74) 1 com.apple.WebCore 0x011533cc -[WebCoreFrameBridge fontForSelection:] + 112 (WebCoreFrameBridge.mm:1428) 2 com.apple.WebKit 0x003630c4 -[WebHTMLView(WebInternal) _updateFontPanel] + 324 (WebHTMLView.m:5075) 3 com.apple.WebKit 0x00362e38 -[WebHTMLView(WebInternal) _selectionChanged] + 88 (WebHTMLView.m:5038) 4 com.apple.WebKit 0x0033896c -[WebFrameBridge respondToChangedSelection] + 236 (WebFrameBridge.mm:1001) 5 com.apple.WebCore 0x0112e478 WebCore::FrameMac::respondToChangedSelection(WebCore::Selection const&, bool) + 1040 (FrameMac.mm:868) 6 com.apple.WebCore 0x01296aac WebCore::SelectionController::setSelection(WebCore::Selection const&, bool, bool, bool) + 1612 (SelectionController.cpp:139) 7 com.apple.WebCore 0x014e4218 WebCore::EventHandler::selectClosestWordFromMouseEvent(WebCore::PlatformMouseEvent const&, WebCore::Node*) + 504 (EventHandler.cpp:147) 8 com.apple.WebCore 0x014e7c18 WebCore::EventHandler::sendContextMenuEvent(WebCore::PlatformMouseEvent) + 624 (EventHandler.cpp:1155) 9 com.apple.WebKit 0x00357fc4 -[WebHTMLView menuForEvent:] + 256 (WebHTMLView.m:2663) 10 com.apple.AppKit 0x93b51c5c -[NSView rightMouseDown:] + 68 11 com.apple.AppKit 0x93a23404 -[NSControl _rightMouseUpOrDown:] + 440 12 com.apple.AppKit 0x93767fa0 -[NSWindow sendEvent:] + 6424 13 com.apple.Safari 0x00021734 0x1000 + 132916 14 com.apple.AppKit 0x937108d4 -[NSApplication sendEvent:] + 4172 15 com.apple.Safari 0x00021238 0x1000 + 131640 16 com.apple.AppKit 0x93707d10 -[NSApplication run] + 508 17 com.apple.AppKit 0x937f887c NSApplicationMain + 452 18 com.apple.Safari 0x0005c77c 0x1000 + 374652 19 com.apple.Safari 0x0005c624 0x1000 + 374308
David Kilzer (:ddkilzer)
Comment 4 2006-12-17 16:28:20 PST
(In reply to comment #2) > The steps in Comment #1 do NOT work for WebKit nightly r18244, but the > following still causes a crash (in both WebKit nightlies r18244 and r18260). > Note that this may be a separate bug. > > 1. Start WebKit nightly r18244 or r18260. > 2. Log into GMail. > 3. Click "Compose Mail" link. > 4. Click once in the message body textarea. > 5. Close the window. > 6. Wait about 5 seconds. > 7. WebKit crashes. Filed Bug 11863 for this issue.
David Kilzer (:ddkilzer)
Comment 5 2006-12-20 19:16:06 PST
David Kilzer (:ddkilzer)
Comment 6 2006-12-20 20:00:36 PST
(In reply to comment #5) > This may have been fixed in r18369: > http://trac.webkit.org/projects/webkit/changeset/18369 Not so much, but the error stack is different now in a locally-built debug build of WebKit r18370 with Safari 2.0.4 (419.3) on Mac OS X 10.4.8 (8L127). Here's the error printed to the console: [23734] http://mail.google.com/mail/ line 9: TypeError: Null value (timer):Value undefined (result of expression GC) is not object. Segmentation fault And the stack trace: Date/Time: 2006-12-20 21:49:30.945 -0600 OS Version: 10.4.8 (Build 8L127) Report Version: 4 Command: Safari Path: /Applications/Safari.app/Contents/MacOS/Safari Parent: bash [412] Version: 2.0.4 (419.3) Build Version: 1 Project Name: WebBrowser Source Version: 4190300 PID: 23734 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0x742f8000 Thread 0 Crashed: 0 <<00000000>> 0x742f8000 0 + 1949270016 1 com.apple.WebCore 0x0132aca0 KJS::ScheduledAction::execute(KJS::Window*) + 892 (kjs_window.cpp:1845) 2 com.apple.WebCore 0x0132d700 KJS::Window::timerFired(KJS::DOMWindowTimer*) + 468 (kjs_window.cpp:1970) 3 com.apple.WebCore 0x0132d784 KJS::DOMWindowTimer::fired() + 72 (kjs_window.cpp:2528) 4 com.apple.WebCore 0x012ac894 WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*, (unsigned long)0> const&) + 236 (Timer.cpp:322) 5 com.apple.WebCore 0x012ac960 WebCore::TimerBase::sharedTimerFired() + 132 (Timer.cpp:355) 6 com.apple.WebCore 0x012abd0c WebCore::timerFired(__CFRunLoopTimer*, void*) + 60 (SharedTimerMac.cpp:47) 7 com.apple.CoreFoundation 0x907f0550 __CFRunLoopDoTimer + 184 8 com.apple.CoreFoundation 0x907dcec8 __CFRunLoopRun + 1680 9 com.apple.CoreFoundation 0x907dc47c CFRunLoopRunSpecific + 268 10 com.apple.HIToolbox 0x93208740 RunCurrentEventLoopInMode + 264 11 com.apple.HIToolbox 0x93207d4c ReceiveNextEventCommon + 244 12 com.apple.HIToolbox 0x93207c40 BlockUntilNextEventMatchingListInMode + 96 13 com.apple.AppKit 0x9370bae4 _DPSNextEvent + 384 14 com.apple.AppKit 0x9370b7a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 15 com.apple.Safari 0x00006740 0x1000 + 22336 16 com.apple.AppKit 0x93707cec -[NSApplication run] + 472 17 com.apple.AppKit 0x937f887c NSApplicationMain + 452 18 com.apple.Safari 0x0005c77c 0x1000 + 374652 19 com.apple.Safari 0x0005c624 0x1000 + 374308
David Kilzer (:ddkilzer)
Comment 7 2006-12-20 20:05:52 PST
(In reply to comment #6) > (In reply to comment #5) > > This may have been fixed in r18369: > > http://trac.webkit.org/projects/webkit/changeset/18369 > > Not so much, but the error stack is different now in a locally-built debug > build of WebKit r18370 with Safari 2.0.4 (419.3) on Mac OS X 10.4.8 (8L127). > Here's the error printed to the console: Sorry, I followed the steps in Comment #4 instead of Comment #2. This issue has been fixed, and it was most likely r18369 that fixed it: <rdar://problem/4893376> REGRESSION: Crash occurs at WebCoreFrameBridge fontForSelection: when drag selecting from a line break
Note You need to log in before you can comment on or make changes to this bug.