Bug 12613

Hi William, please test this against WebKit ToT (tip-of-tree) to find out if the bug still exists. A stand-alone test case (code and/or HTML) would also help to get this bug fixed quicker. Thanks! http://webkit.org/building/checkout.html

I would love to test with the nightly, but the nightly for Feb 5 crashes randomly after a few seconds even if I do nothing at all. Thread 0: 0 libSystem.B.dylib 0x9000b208 mach_msg_trap + 8 1 libSystem.B.dylib 0x9000b15c mach_msg + 60 2 com.apple.CoreFoundation 0x9075d114 __CFRunLoopRun + 832 3 com.apple.CoreFoundation 0x9075ca18 CFRunLoopRunSpecific + 268 4 com.apple.HIToolbox 0x931861e0 RunCurrentEventLoopInMode + 264 5 com.apple.HIToolbox 0x93185874 ReceiveNextEventCommon + 380 6 com.apple.HIToolbox 0x931856e0 BlockUntilNextEventMatchingListInMode + 96 7 com.apple.AppKit 0x93683904 _DPSNextEvent + 384 8 com.apple.AppKit 0x936835c8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 9 com.apple.Safari 0x00007910 0x1000 + 26896 10 com.apple.AppKit 0x9367fb0c -[NSApplication run] + 472 11 com.apple.AppKit 0x93770618 NSApplicationMain + 452 12 com.apple.Safari 0x0000307c 0x1000 + 8316 13 com.apple.Safari 0x00057758 0x1000 + 354136 Thread 1: 0 libSystem.B.dylib 0x9000b208 mach_msg_trap + 8 1 libSystem.B.dylib 0x9000b15c mach_msg + 60 2 com.apple.CoreFoundation 0x9075d114 __CFRunLoopRun + 832 3 com.apple.CoreFoundation 0x9075ca18 CFRunLoopRunSpecific + 268 4 com.apple.Foundation 0x92905b9c +[NSURLConnection (NSURLConnectionInternal) _resourceLoadLoop:] + 264 5 com.apple.Foundation 0x928de6d4 forkThreadForFunction + 108 6 libSystem.B.dylib 0x9002b200 _pthread_body + 96 Thread 2 Crashed: 0 <<00000000>> 0xfffeff20 objc_msgSend_rtp + 32 1 com.apple.Foundation 0x92915f20 _replacementObjectForObject + 124 2 com.apple.Foundation 0x92915d74 _encodeObject_old + 156 3 com.apple.Foundation 0x92916be4 - [NSHTTPURLRequestParameters encodeWithCoder:] + 92 4 com.apple.Foundation 0x92915ddc _encodeObject_old + 260 5 com.apple.Foundation 0x929162bc -[NSURLRequest encodeWithCoder:] + 436 6 com.apple.Foundation 0x92915ddc _encodeObject_old + 260 7 com.apple.Foundation 0x929157f4 -[NSURLCache _diskCacheExecuteWrite:] + 128 8 com.apple.Foundation 0x9290e5e8 -[NSURLCache _diskCacheSync] + 256 9 com.apple.CoreFoundation 0x90770aec __CFRunLoopDoTimer + 184 10 com.apple.CoreFoundation 0x9075d464 __CFRunLoopRun + 1680 11 com.apple.CoreFoundation 0x9075ca18 CFRunLoopRunSpecific + 268 12 com.apple.Foundation 0x92906cdc +[NSURLCache _diskCacheSyncLoop:] + 152 13 com.apple.Foundation 0x928de6d4 forkThreadForFunction + 108 14 libSystem.B.dylib 0x9002b200 _pthread_body + 96 Thread 3: 0 libSystem.B.dylib 0x9002b8a8 semaphore_wait_signal_trap + 8 1 libSystem.B.dylib 0x9003001c pthread_cond_wait + 488 2 com.apple.Foundation 0x928e5840 -[NSConditionLock lockWhenCondition:] + 68 3 com.apple.Syndication 0x9af759ec -[AsyncDB _run:] + 192 4 com.apple.Foundation 0x928de6d4 forkThreadForFunction + 108 5 libSystem.B.dylib 0x9002b200 _pthread_body + 96 Thread 4: 0 libSystem.B.dylib 0x9001f20c select + 12 1 com.apple.CoreFoundation 0x9076f9a8 __CFSocketManager + 472 2 libSystem.B.dylib 0x9002b200 _pthread_body + 96 If I hurry and open a page handled by my plugin, then it just shows the contents of the file, but doesn't call the plugin. If I open an HTML page with an OBJECT tag with my plugin then it crashes differently. Thread 0: 0 libSystem.B.dylib 0x90040258 mach_wait_until + 8 1 libSystem.B.dylib 0x90040020 nanosleep + 384 2 libSystem.B.dylib 0x900437fc usleep + 60 3 libcurl-surge.dylib 0x061116a0 connect_to_surge + 348 (client.c:504) 4 libcurl-surge.dylib 0x061117a0 contact_surge + 56 (client.c:613) 5 libcurl-surge.dylib 0x06115fe4 NPP_New + 240 (plugin.c:1570) 6 com.apple.WebKit 0x003161b8 -[WebBaseNetscapePluginView (Internal) _createPlugin] + 136 7 com.apple.WebKit 0x00313aa0 - [WebBaseNetscapePluginView start] + 160 8 com.apple.WebKit 0x00314b18 - [WebBaseNetscapePluginView viewDidMoveToWindow] + 136 9 com.apple.AppKit 0x9369ea44 -[NSView _setWindow:] + 876 10 com.apple.AppKit 0x9369ecb4 -[NSView addSubview:] + 372 11 com.apple.WebKit 0x0032e590 -[WebHTMLView addSubview:] + 64 12 com.apple.WebCore 0x0122e138 WebCore::Widget::addToSuperview(NSView*) + 264 13 com.apple.WebCore 0x012c30f4 WebCore::RenderWidget::setWidget(WebCore::Widget*) + 596 14 com.apple.WebCore 0x012be23c WebCore::RenderPart::setWidget(WebCore::Widget*) + 108 15 com.apple.WebCore 0x01415a20 WebCore::FrameLoader::loadPlugin(WebCore::RenderPart*, WebCore::KURL const&, WebCore::String const&, WTF::Vector<WebCore::String, (unsigned long)0> const&, WTF::Vector<WebCore::String, (unsigned long)0> const&, bool) + 336 16 com.apple.WebCore 0x014259a8 WebCore::FrameLoader::requestObject(WebCore::RenderPart*, WebCore::String const&, WebCore::AtomicString const&, WebCore::String const&, WTF::Vector<WebCore::String, (unsigned long) 0> const&, WTF::Vector<WebCore::String, (unsigned long)0> const&) + 328 17 com.apple.WebCore 0x012c14e4 WebCore::RenderPartObject::updateWidget() + 4468 18 com.apple.WebCore 0x012aca48 WebCore::HTMLObjectElement::recalcStyle(WebCore::Node::StyleChange) + 120 19 com.apple.WebCore 0x01265c4c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 652 20 com.apple.WebCore 0x01265c4c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 652 21 com.apple.WebCore 0x010f559c WebCore::Document::recalcStyle(WebCore::Node::StyleChange) + 1228 22 com.apple.WebCore 0x01299690 KJS::WindowFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 768 23 com.apple.JavaScriptCore 0x001369e4 KJS::JSObject::call (KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 116 24 com.apple.JavaScriptCore 0x00129c48 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 600 25 com.apple.JavaScriptCore 0x0012de68 KJS::ExprStatementNode::execute(KJS::ExecState*) + 104 26 com.apple.JavaScriptCore 0x0013125c KJS::SourceElementsNode::execute(KJS::ExecState*) + 252 27 com.apple.JavaScriptCore 0x0012dd98 KJS::BlockNode::execute (KJS::ExecState*) + 152 28 com.apple.JavaScriptCore 0x0011afa8 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 56 29 com.apple.JavaScriptCore 0x0011a910 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 448 30 com.apple.JavaScriptCore 0x001369e4 KJS::JSObject::call (KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 116 31 com.apple.JavaScriptCore 0x00129c48 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 600 32 com.apple.JavaScriptCore 0x0012de68 KJS::ExprStatementNode::execute(KJS::ExecState*) + 104 33 com.apple.JavaScriptCore 0x0013125c KJS::SourceElementsNode::execute(KJS::ExecState*) + 252 34 com.apple.JavaScriptCore 0x0012dd98 KJS::BlockNode::execute (KJS::ExecState*) + 152 35 com.apple.JavaScriptCore 0x0011afa8 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 56 36 com.apple.JavaScriptCore 0x0011a910 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 448 37 com.apple.JavaScriptCore 0x001369e4 KJS::JSObject::call (KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 116 38 com.apple.WebCore 0x012824cc KJS::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 540 39 com.apple.WebCore 0x010efeac WebCore::Document::handleWindowEvent(WebCore::Event*, bool) + 156 40 com.apple.WebCore 0x01246e8c WebCore::EventTargetNode::dispatchWindowEvent(WebCore::AtomicString const&, bool, bool) + 252 41 com.apple.WebCore 0x010f4954 WebCore::Document::implicitClose() + 468 42 com.apple.WebCore 0x014124ac WebCore::FrameLoader::checkEmitLoadEvent() + 348 43 com.apple.WebCore 0x014222b0 WebCore::FrameLoader::checkCompleted() + 224 44 com.apple.WebCore 0x014236b8 WebCore::FrameLoader::finishedParsing() + 88 45 com.apple.WebCore 0x0101c7cc WebCore::HTMLTokenizer::end () + 188 46 com.apple.WebCore 0x0101e108 WebCore::HTMLTokenizer::finish() + 1160 47 com.apple.WebCore 0x01425234 WebCore::FrameLoader::endIfNotLoading() + 116 48 com.apple.WebCore 0x0141cb6c WebCore::FrameLoader::finishedLoading() + 92 49 com.apple.WebCore 0x0142c588 WebCore::MainResourceLoader::didFinishLoading() + 56 50 com.apple.WebCore 0x01402c14 - [WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 84 51 com.apple.Foundation 0x92910cdc -[NSURLConnection (NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 188 52 com.apple.Foundation 0x9290ef48 -[NSURLConnection (NSURLConnectionInternal) _sendCallbacks] + 556 53 com.apple.Foundation 0x9290eca0 _sendCallbacks + 156 54 com.apple.CoreFoundation 0x9075da68 __CFRunLoopDoSources0 + 384 55 com.apple.CoreFoundation 0x9075cf98 __CFRunLoopRun + 452 56 com.apple.CoreFoundation 0x9075ca18 CFRunLoopRunSpecific + 268 57 com.apple.HIToolbox 0x931861e0 RunCurrentEventLoopInMode + 264 58 com.apple.HIToolbox 0x93185874 ReceiveNextEventCommon + 380 59 com.apple.HIToolbox 0x931856e0 BlockUntilNextEventMatchingListInMode + 96 60 com.apple.AppKit 0x93683904 _DPSNextEvent + 384 61 com.apple.AppKit 0x936835c8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 62 com.apple.Safari 0x00007910 0x1000 + 26896 63 com.apple.AppKit 0x9367fb0c -[NSApplication run] + 472 64 com.apple.AppKit 0x93770618 NSApplicationMain + 452 65 com.apple.Safari 0x0000307c 0x1000 + 8316 66 com.apple.Safari 0x00057758 0x1000 + 354136 Thread 1: 0 libSystem.B.dylib 0x9000b208 mach_msg_trap + 8 1 libSystem.B.dylib 0x9000b15c mach_msg + 60 2 com.apple.CoreFoundation 0x9075d114 __CFRunLoopRun + 832 3 com.apple.CoreFoundation 0x9075ca18 CFRunLoopRunSpecific + 268 4 com.apple.Foundation 0x92905b9c +[NSURLConnection (NSURLConnectionInternal) _resourceLoadLoop:] + 264 5 com.apple.Foundation 0x928de6d4 forkThreadForFunction + 108 6 libSystem.B.dylib 0x9002b200 _pthread_body + 96 Thread 2 Crashed: 0 <<00000000>> 0xfffeff18 objc_msgSend_rtp + 24 1 com.apple.Foundation 0x92915f20 _replacementObjectForObject + 124 2 com.apple.Foundation 0x92915d74 _encodeObject_old + 156 3 com.apple.Foundation 0x92916be4 - [NSHTTPURLRequestParameters encodeWithCoder:] + 92 4 com.apple.Foundation 0x92915ddc _encodeObject_old + 260 5 com.apple.Foundation 0x929162bc -[NSURLRequest encodeWithCoder:] + 436 6 com.apple.Foundation 0x92915ddc _encodeObject_old + 260 7 com.apple.Foundation 0x929157f4 -[NSURLCache _diskCacheExecuteWrite:] + 128 8 com.apple.Foundation 0x9290e5e8 -[NSURLCache _diskCacheSync] + 256 9 com.apple.CoreFoundation 0x90770aec __CFRunLoopDoTimer + 184 10 com.apple.CoreFoundation 0x9075d464 __CFRunLoopRun + 1680 11 com.apple.CoreFoundation 0x9075ca18 CFRunLoopRunSpecific + 268 12 com.apple.Foundation 0x92906cdc +[NSURLCache _diskCacheSyncLoop:] + 152 13 com.apple.Foundation 0x928de6d4 forkThreadForFunction + 108 14 libSystem.B.dylib 0x9002b200 _pthread_body + 96 Thread 3: 0 libSystem.B.dylib 0x9001f20c select + 12 1 com.apple.CoreFoundation 0x9076f9a8 __CFSocketManager + 472 2 libSystem.B.dylib 0x9002b200 _pthread_body + 96 Thread 4: 0 libSystem.B.dylib 0x9002b8a8 semaphore_wait_signal_trap + 8 1 libSystem.B.dylib 0x9003001c pthread_cond_wait + 488 2 com.apple.Foundation 0x928e5840 -[NSConditionLock lockWhenCondition:] + 68 3 com.apple.Syndication 0x9af759ec -[AsyncDB _run:] + 192 4 com.apple.Foundation 0x928de6d4 forkThreadForFunction + 108 5 libSystem.B.dylib 0x9002b200 _pthread_body + 96

Is there a way for you to upgrade from Mac OS X 10.4.3 to 10.4.8 before testing? http://developer.apple.com/internet/safari/uamatrix.html

Crashing with a nightly would be a separate top priority bug if it still happens with 10.4.8, and it's not some Safari enhancer that is to blame. Looks like something goes wrong with URL loading. In both cases, the crashes are identical in fact AFAICT (see thread 2 stack trace).

I tried setting a breakpoint on NPP_New when opening www.macromedia.com/flash, and the mode passed was NP_EMBED. I suspect this fix, though it's a bit strange that/if it is still not in shipping WebKit: -------------------------------------- 2004-10-20 Chris Blumenberg <cblu@apple.com> Fixed: <rdar://problem/3842030> WebKit needs to pass the mode (NP_FULL, NP_EMBED, etc) when calling plugInViewWithArguments --------------------------------------

You might need to load a full page plugin and then an HTML page with an OBJECT/EMBED tag handled by that same plugin in order to see the bogus NP_FULL passed to NPP_New().

Reopening for further investigation. Please test with TOT WebKit, and/or provide more detailed steps to reproduce.

Well, a recent nightly won't load my plugin for full page use at all, so I can't tell if it is still broken. It will load it in an OBJECT tag where it is setting the mode right, but without the prior full page use that doesn't tell me if it is fixed. I guess I will file a bunch more bugs on the nightly.

This seems to be fixed in the current nightly.