Bug 13076

Summary:

Opening multiple bookmarks in tabs causes an assertion in debug builds in WebDocumentLoaderMac::decreaseLoadCount(unsigned long).

Steps to reproduce:

1. Open Safari/WebKit.

2. Set up the following tab set:

http://bugs.webkit.org/buglist.cgi?cmdtype=runnamed&namedcmd=WebKit%20Daily%20Changes
http://build.webkit.org/
http://cia.navi.cx/stats/project/WebKit
http://trac.webkit.org/projects/webkit
http://lists.macosforge.org/pipermail/webkit-unassigned/
http://ln-s.net/IkX

3. Select "Open in Tabs" for the above tab set from the Bookmarks menu.

Expected results:

Safari/WebKit should open all the tabs and load all the pages without crashing.

Actual results:

Safari/WebKit crashes when attempting to open all those pages in tabs.

Regression:

This is a recent regression (last day or two) from ToT WebKit.

Notes:

Tested with a local debug build of WebKit r20202 with Safari 2.0.4 (419.3) on Mac OS X 10.4.8 (8L127).

Stack trace:

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0xbbadbeef

Thread 0 Crashed:
0   com.apple.WebKit               	0x003c5ae4 WebDocumentLoaderMac::decreaseLoadCount(unsigned long) + 96 (WebDocumentLoaderMac.mm:98)
1   com.apple.WebKit               	0x003ca198 WebFrameLoaderClient::dispatchDidFinishLoading(WebCore::DocumentLoader*, unsigned long) + 296 (WebFrameLoaderClient.mm:357)
2   com.apple.WebCore              	0x01487db4 WebCore::FrameLoader::didFinishLoad(WebCore::ResourceLoader*) + 220 (FrameLoader.cpp:4131)
3   com.apple.WebCore              	0x0149f73c WebCore::ResourceLoader::didFinishLoadingOnePart() + 164
4   com.apple.WebCore              	0x0149f7c8 WebCore::ResourceLoader::didFinishLoading() + 120
5   com.apple.WebCore              	0x014668f4 WebCore::NetscapePlugInStreamLoader::didFinishLoading() + 264 (NetscapePlugInStreamLoaderMac.mm:112)
6   com.apple.WebCore              	0x0149f9f4 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) + 60
7   com.apple.WebCore              	0x014754b0 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 144 (ResourceHandleMac.mm:370)
8   com.apple.Foundation           	0x9299384c -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 188
9   com.apple.Foundation           	0x92991ab8 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 556
10  com.apple.Foundation           	0x92991810 _sendCallbacks + 156
11  com.apple.CoreFoundation       	0x907dd4cc __CFRunLoopDoSources0 + 384
12  com.apple.CoreFoundation       	0x907dc9fc __CFRunLoopRun + 452
13  com.apple.CoreFoundation       	0x907dc47c CFRunLoopRunSpecific + 268
14  com.apple.HIToolbox            	0x93208740 RunCurrentEventLoopInMode + 264
15  com.apple.HIToolbox            	0x93207d4c ReceiveNextEventCommon + 244
16  com.apple.HIToolbox            	0x93207c40 BlockUntilNextEventMatchingListInMode + 96
17  com.apple.AppKit               	0x9370cae4 _DPSNextEvent + 384
18  com.apple.AppKit               	0x9370c7a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
19  com.apple.Safari               	0x00006740 0x1000 + 22336
20  com.apple.AppKit               	0x93708cec -[NSApplication run] + 472
21  com.apple.AppKit               	0x937f987c NSApplicationMain + 452
22  com.apple.Safari               	0x0005c77c 0x1000 + 374652
23  com.apple.Safari               	0x0005c624 0x1000 + 374308