Bug 12791

Confirmed with a local debug build of WebKit r19660 with Safari 2.0.4 (419.3) on Mac OS X 10.4.8 (8N1037). Steps to reproduce: 1. Open Safari/WebKit. 2. Choose a bookmarked feed and wait for it to load. 3. Choose a different bookmarked feed. Stack trace (looks like it may be related to Bug 12768): Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x000000ac Thread 0 Crashed: 0 com.apple.WebCore 0x014ec125 WebCore::RenderView::frameView() const + 9 1 com.apple.WebCore 0x0117fa18 WebCore::RenderLayer::scrollToOffset(int, int, bool, bool) + 528 (RenderLayer.cpp:722) 2 com.apple.WebCore 0x011a86fe WebCore::RenderTextControl::forwardEvent(WebCore::Event*) + 222 (RenderTextControl.cpp:749) 3 com.apple.WebCore 0x010ce49f WebCore::HTMLInputElement::defaultEventHandler(WebCore::Event*) + 3073 (HTMLInputElement.cpp:1298) 4 com.apple.WebCore 0x0122eb44 WebCore::EventTargetNode::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 2164 (EventTargetNode.cpp:268) 5 com.apple.WebCore 0x012303e7 WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool, WebCore::EventTarget*) + 329 (EventTargetNode.cpp:304) 6 com.apple.WebCore 0x01230463 WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 75 (EventTargetNode.cpp:288) 7 com.apple.WebCore 0x0122ecff WebCore::EventTargetNode::dispatchHTMLEvent(WebCore::AtomicString const&, bool, bool) + 197 (EventTargetNode.cpp:527) 8 com.apple.WebCore 0x0122ed4b WebCore::EventTargetNode::dispatchBlurEvent() + 51 (EventTargetNode.cpp:521) 9 com.apple.WebCore 0x010cab3d WebCore::HTMLInputElement::dispatchBlurEvent() + 177 (HTMLInputElement.cpp:243) 10 com.apple.WebCore 0x010f09fa WebCore::Document::setFocusedNode(WTF::PassRefPtr<WebCore::Node>) + 764 (Document.cpp:2127) 11 com.apple.WebCore 0x010f0e3d WebCore::Document::focusedNodeRemoved(WebCore::Node*) + 43 (Document.cpp:2052) 12 com.apple.WebCore 0x01246a75 WebCore::Node::willRemove() + 49 (Node.cpp:817) 13 com.apple.WebCore 0x010fa294 WebCore::ContainerNode::willRemove() + 68 (ContainerNode.cpp:334) 14 com.apple.WebCore 0x010fa275 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331) 15 com.apple.WebCore 0x010fa275 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331) 16 com.apple.WebCore 0x010fa275 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331) 17 com.apple.WebCore 0x010fa275 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331) 18 com.apple.WebCore 0x010fa275 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331) 19 com.apple.WebCore 0x010fa275 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331) 20 com.apple.WebCore 0x013be6df WebCore::FrameLoader::clear(bool) + 159 (FrameLoader.cpp:739) 21 com.apple.WebCore 0x013c4589 WebCore::FrameLoader::begin(WebCore::KURL const&) + 61 (FrameLoader.cpp:813) 22 com.apple.WebCore 0x013c4a8b WebCore::FrameLoader::receivedFirstData() + 39 (FrameLoader.cpp:772) 23 com.apple.WebCore 0x013c4c6b WebCore::FrameLoader::setEncoding(WebCore::String const&, bool) + 45 (FrameLoader.cpp:1510) 24 com.apple.WebCore 0x01101892 -[WebCoreFrameBridge receivedData:textEncodingName:] + 220 (WebCoreFrameBridge.mm:1482) 25 com.apple.WebKit 0x003319c9 -[WebHTMLRepresentation receivedData:withDataSource:] + 199 (WebHTMLRepresentation.mm:175) 26 com.apple.WebKit 0x0032d04f -[WebDataSource(WebInternal) _receivedData:] + 89 (WebDataSource.mm:178) 27 com.apple.WebKit 0x00392f8d WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 127 (WebFrameLoaderClient.mm:642) 28 com.apple.WebCore 0x013bac69 WebCore::FrameLoader::committedLoad(WebCore::DocumentLoader*, char const*, int) + 53 (FrameLoader.cpp:2948) 29 com.apple.WebCore 0x013cb7b5 WebCore::DocumentLoader::commitLoad(char const*, int) + 87 (DocumentLoader.cpp:320) 30 com.apple.WebCore 0x013cb80e WebCore::DocumentLoader::receivedData(char const*, int) + 76 (DocumentLoader.cpp:333) 31 com.apple.WebCore 0x013ba24b WebCore::FrameLoader::receivedData(char const*, int) + 41 (FrameLoader.cpp:1915) 32 com.apple.WebCore 0x013cca68 WebCore::MainResourceLoader::addData(char const*, int, bool) + 80 (MainResourceLoader.cpp:134) 33 com.apple.WebCore 0x013ceac5 WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) + 83 34 com.apple.WebCore 0x013ccdad WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool) + 281 (MainResourceLoader.cpp:291) 35 com.apple.WebCore 0x013ce72c WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) + 58 36 com.apple.WebCore 0x013ad094 -[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] + 172 (ResourceHandleMac.mm:352) 37 com.apple.Foundation 0x9265eb86 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 641 38 com.apple.Foundation 0x9265ce67 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 686 39 com.apple.Foundation 0x9265cb41 _sendCallbacks + 201 40 com.apple.CoreFoundation 0x9082b09a CFRunLoopRunSpecific + 1413 41 com.apple.CoreFoundation 0x9082ab0e CFRunLoopRunInMode + 61 42 com.apple.HIToolbox 0x92ddabef RunCurrentEventLoopInMode + 285 43 com.apple.HIToolbox 0x92dda234 ReceiveNextEventCommon + 184 44 com.apple.HIToolbox 0x92dda154 BlockUntilNextEventMatchingListInMode + 81 45 com.apple.AppKit 0x9327f465 _DPSNextEvent + 572 46 com.apple.AppKit 0x9327f056 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 137 47 com.apple.Safari 0x00006cea 0x1000 + 23786 48 com.apple.AppKit 0x93278ddb -[NSApplication run] + 512 49 com.apple.AppKit 0x9326cd2f NSApplicationMain + 573 50 com.apple.Safari 0x0005f54a 0x1000 + 386378 51 com.apple.Safari 0x0005f471 0x1000 + 386161

*** This bug has been marked as a duplicate of 12768 ***