Bug 12502

Crash when browsing SVG map. I'm not sure which action I took to produce this, so I know this isn't a very useful bug report. However perhaps code inspection will reveal a bug. Date/Time: 2007-01-31 05:28:13.322 -0800 OS Version: 10.4.8 (Build 8L2127) Report Version: 4 Command: Safari Path: /Applications/Safari.app/Contents/MacOS/Safari Parent: zsh [4985] Version: 2.0.4 (419.3) Build Version: 2 Project Name: WebBrowser Source Version: 4190300 PID: 9983 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x0000001a Thread 0 Crashed: 0 com.apple.WebCore 0x0118ca7d WebCore::RenderObject::setNeedsLayout(bool, bool) + 21 (RenderObject.cpp:658) 1 com.apple.WebCore 0x010bfc70 WebCore::SVGUseElement::notifyAttributeChange() const + 58 (SVGUseElement.cpp:145) 2 com.apple.WebCore 0x010b0050 WebCore::SVGStyledElement::attributeChanged(WebCore::Attribute*, bool) + 58 (SVGStyledElement.cpp:249) 3 com.apple.WebCore 0x0124ade4 WebCore::Element::setAttribute(WebCore::String const&, WebCore::String const&, int&) + 752 (Element.cpp:377) 4 com.apple.WebCore 0x0123a524 WebCore::JSElementPrototypeFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 610 (JSElement.cpp:274) 5 com.apple.JavaScriptCore 0x004f5480 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 6 com.apple.JavaScriptCore 0x004eb307 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 843 (nodes.cpp:772) 7 com.apple.JavaScriptCore 0x004e8524 KJS::ExprStatementNode::execute(KJS::ExecState*) + 148 (nodes.cpp:1672) 8 com.apple.JavaScriptCore 0x004e611c KJS::SourceElementsNode::execute(KJS::ExecState*) + 256 (nodes.cpp:2449) 9 com.apple.JavaScriptCore 0x004e4a54 KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1648) 10 com.apple.JavaScriptCore 0x004e847f KJS::IfNode::execute(KJS::ExecState*) + 523 (nodes.cpp:1698) 11 com.apple.JavaScriptCore 0x004e611c KJS::SourceElementsNode::execute(KJS::ExecState*) + 256 (nodes.cpp:2449) 12 com.apple.JavaScriptCore 0x004e4a54 KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1648) 13 com.apple.JavaScriptCore 0x004e8418 KJS::IfNode::execute(KJS::ExecState*) + 420 (nodes.cpp:1691) 14 com.apple.JavaScriptCore 0x004e6252 KJS::SourceElementsNode::execute(KJS::ExecState*) + 566 (nodes.cpp:2455) 15 com.apple.JavaScriptCore 0x004e4a54 KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1648) 16 com.apple.JavaScriptCore 0x004e8418 KJS::IfNode::execute(KJS::ExecState*) + 420 (nodes.cpp:1691) 17 com.apple.JavaScriptCore 0x004e6252 KJS::SourceElementsNode::execute(KJS::ExecState*) + 566 (nodes.cpp:2455) 18 com.apple.JavaScriptCore 0x004e4a54 KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1648) 19 com.apple.JavaScriptCore 0x004d6926 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 50 (function.cpp:362) 20 com.apple.JavaScriptCore 0x004d8c09 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 573 (function.cpp:111) 21 com.apple.JavaScriptCore 0x004f5480 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 22 com.apple.JavaScriptCore 0x004eb307 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 843 (nodes.cpp:772) 23 com.apple.JavaScriptCore 0x004e8524 KJS::ExprStatementNode::execute(KJS::ExecState*) + 148 (nodes.cpp:1672) 24 com.apple.JavaScriptCore 0x004e611c KJS::SourceElementsNode::execute(KJS::ExecState*) + 256 (nodes.cpp:2449) 25 com.apple.JavaScriptCore 0x004e4a54 KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1648) 26 com.apple.JavaScriptCore 0x004d6926 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 50 (function.cpp:362) 27 com.apple.JavaScriptCore 0x004d8c09 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 573 (function.cpp:111) 28 com.apple.JavaScriptCore 0x004f5480 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 29 com.apple.WebCore 0x0125f0a6 KJS::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 574 (kjs_events.cpp:121) 30 com.apple.WebCore 0x0122ac70 WebCore::EventTargetNode::handleLocalEvents(WebCore::Event*, bool) + 352 (EventTargetNode.cpp:167) 31 com.apple.WebCore 0x0122b436 WebCore::EventTargetNode::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 1108 (EventTargetNode.cpp:219) 32 com.apple.WebCore 0x0122d032 WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 332 (EventTargetNode.cpp:297) 33 com.apple.WebCore 0x0122bec9 WebCore::EventTargetNode::dispatchMouseEvent(WebCore::AtomicString const&, int, int, int, int, int, int, bool, bool, bool, bool, bool, WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) + 691 (EventTargetNode.cpp:455) 34 com.apple.WebCore 0x0122c574 WebCore::EventTargetNode::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WebCore::AtomicString const&, int, WebCore::Node*) + 398 (EventTargetNode.cpp:382) 35 com.apple.WebCore 0x013ea858 WebCore::EventHandler::dispatchMouseEvent(WebCore::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 572 (EventHandler.cpp:1040) 36 com.apple.WebCore 0x013eb48d WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 817 (EventHandler.cpp:746) 37 com.apple.WebCore 0x013e69f8 WebCore::EventHandler::mouseDown(NSEvent*) + 654 (EventHandlerMac.mm:669) 38 com.apple.WebKit 0x0033c393 -[WebHTMLView mouseDown:] + 413 (WebHTMLView.mm:2902) 39 com.apple.WebCore 0x013e41bd WebCore::EventHandler::passMouseDownEventToWidget(WebCore::Widget*) + 1437 (EventHandlerMac.mm:285) 40 com.apple.WebCore 0x013e42a0 WebCore::EventHandler::passWidgetMouseDownEventToWidget(WebCore::RenderWidget*) + 32 (EventHandlerMac.mm:202) 41 com.apple.WebCore 0x013e5109 WebCore::EventHandler::passSubframeEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*) + 621 (EventHandlerMac.mm:582) 42 com.apple.WebCore 0x013e5b09 WebCore::EventHandler::passMousePressEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*) + 31 (EventHandlerMac.mm:866) 43 com.apple.WebCore 0x013eb2b7 WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 347 (EventHandler.cpp:728) 44 com.apple.WebCore 0x013e69f8 WebCore::EventHandler::mouseDown(NSEvent*) + 654 (EventHandlerMac.mm:669) 45 com.apple.WebKit 0x0033c393 -[WebHTMLView mouseDown:] + 413 (WebHTMLView.mm:2902) 46 com.apple.AppKit 0x9334c3af -[NSWindow sendEvent:] + 5279 47 com.apple.Safari 0x0002338e 0x1000 + 140174 48 com.apple.AppKit 0x9333e350 -[NSApplication sendEvent:] + 5023 49 com.apple.Safari 0x00022f1e 0x1000 + 139038 50 com.apple.AppKit 0x93268dfe -[NSApplication run] + 547 51 com.apple.AppKit 0x9325cd2f NSApplicationMain + 573 52 com.apple.Safari 0x0005f7de 0x1000 + 387038 53 com.apple.Safari 0x0005f6f9 0x1000 + 386809 Thread 1: 0 libSystem.B.dylib 0x90009857 mach_msg_trap + 7 1 com.unsanity.ape 0xc0001db2 __ape_agent + 307 2 libSystem.B.dylib 0x90023d87 _pthread_body + 84 Thread 2: 0 libSystem.B.dylib 0x90019d3c select + 12 1 libSystem.B.dylib 0x90023d87 _pthread_body + 84 Thread 3: 0 libSystem.B.dylib 0x90024427 semaphore_wait_signal_trap + 7 1 com.apple.Foundation 0x9264b2f8 -[NSConditionLock lockWhenCondition:] + 39 2 com.apple.Syndication 0x9a410052 -[AsyncDB _run:] + 181 3 com.apple.Foundation 0x925f536c forkThreadForFunction + 123 4 libSystem.B.dylib 0x90023d87 _pthread_body + 84 Thread 4: 0 libSystem.B.dylib 0x90009857 mach_msg_trap + 7 1 com.apple.CoreFoundation 0x9082969a CFRunLoopRunSpecific + 2014 2 com.apple.CoreFoundation 0x90828eb5 CFRunLoopRunInMode + 61 3 com.apple.Foundation 0x9262aa9b +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 259 4 com.apple.Foundation 0x925f536c forkThreadForFunction + 123 5 libSystem.B.dylib 0x90023d87 _pthread_body + 84 Thread 5: 0 libSystem.B.dylib 0x90009857 mach_msg_trap + 7 1 com.apple.CoreFoundation 0x9082969a CFRunLoopRunSpecific + 2014 2 com.apple.CoreFoundation 0x90828eb5 CFRunLoopRunInMode + 61 3 com.apple.Foundation 0x92651c4e +[NSURLCache _diskCacheSyncLoop:] + 206 4 com.apple.Foundation 0x925f536c forkThreadForFunction + 123 5 libSystem.B.dylib 0x90023d87 _pthread_body + 84 Thread 6: 0 libSystem.B.dylib 0x90024427 semaphore_wait_signal_trap + 7 1 com.apple.ColorSync 0x9159b6bf pthreadSemaphoreWait(t_pthreadSemaphore*) + 35 2 com.apple.ColorSync 0x915b5dd0 CMMConvTask(void*) + 60 3 libSystem.B.dylib 0x90023d87 _pthread_body + 84 Thread 7: 0 libSystem.B.dylib 0x90009857 mach_msg_trap + 7 1 com.apple.opengl 0x931c46e4 glcDebugListener + 338 2 libSystem.B.dylib 0x90023d87 _pthread_body + 84 Thread 8: 0 libSystem.B.dylib 0x90024427 semaphore_wait_signal_trap + 7 1 com.apple.Foundation 0x9264b2f8 -[NSConditionLock lockWhenCondition:] + 39 2 com.apple.AppKit 0x93346270 -[NSUIHeartBeat _heartBeatThread:] + 377 3 com.apple.Foundation 0x925f536c forkThreadForFunction + 123 4 libSystem.B.dylib 0x90023d87 _pthread_body + 84 Thread 9: 0 libSystem.B.dylib 0x900268bc kevent + 12 1 ...ple.CoreServices.CarbonCore 0x90cb3f84 PrivateMPEntryPoint + 51 2 libSystem.B.dylib 0x90023d87 _pthread_body + 84 Thread 10: 0 libSystem.B.dylib 0x90024427 semaphore_wait_signal_trap + 7 1 ...ple.CoreServices.CarbonCore 0x90cb4129 MPWaitOnQueue + 198 2 com.apple.DesktopServices 0x9251b943 TNodeSyncTask::SyncTaskProc(void*) + 143 3 ...ple.CoreServices.CarbonCore 0x90cb3f84 PrivateMPEntryPoint + 51 4 libSystem.B.dylib 0x90023d87 _pthread_body + 84 Thread 0 crashed with X86 Thread State (32-bit): eax: 0x00000000 ebx: 0x0124ab02 ecx: 0x014cf9a3 edx: 0x00000001 edi: 0x00000002 esi: 0x004e8490 ebp: 0xbfffdc98 esp: 0xbfffdc60 ss: 0x0000001f efl: 0x00010286 eip: 0x0118ca7d cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037