Bug 13365

Summary:

ASSERT in WebDocumentLoaderMac::decreaseLoadCount() un-discarding Gmail message

Product:

WebKit

Reporter:

Brady Eidson <beidson>

Component:

Page Loading

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Major

CC:

mbritto, sroret

Priority:

Keywords:

InRadar, Regression

Version:

523.x (Safari 3)

Hardware:

Mac (Intel)

OS:

OS X 10.4

URL:

http://gmail.com

Attachments:

Description	Flags
proposed patch	mjs: review-

Brady Eidson

Reported 2007-04-16 11:20:46 PDT

* SUMMARY I hit an assertion failure when I un-do the discard of a message in Gmail. I am not sure what happens in release builds. * STEPS TO REPRODUCE 1. Log into Gmail 2. Click on a message in your inbox. 3. Begin typing a reply. 4. Click the "Discard" button below the message. (Next to "Send" and "Save Now") 5. A message will appear that reads, "Your message have been discarded. Undo discard." Click, "Undo Discard" 6. CRASH! NOTE: This crash does NOT occur if you un-do the discard of a NEW message. You must un-do the discard of a REPLY message. Date/Time: 2007-04-13 12:13:48.220 -0700 OS Version: 10.4.9 (Build 8P2137) Report Version: 4 Command: Safari Path: /Build/symroots/Debug/Safari.app/Contents/MacOS/Safari Parent: WindowServer [61] Version: 3.0 (4522.4) PID: 4975 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0xbbadbeef Thread 0 Crashed: 0 com.apple.WebKit 0x00490e65 WebDocumentLoaderMac::decreaseLoadCount(unsigned long) + 89 (WebDocumentLoaderMac.mm:93) 1 com.apple.WebKit 0x00494130 WebFrameLoaderClient::dispatchDidFailLoading(WebCore::DocumentLoader*, unsigned long, WebCore::ResourceError const&) + 210 (WebFrameLoaderClient.mm:365) 2 com.apple.WebCore 0x0137635b WebCore::FrameLoader::didFailToLoad(WebCore::ResourceLoader*, WebCore::ResourceError const&) + 167 (FrameLoader.cpp:3091) 3 com.apple.WebCore 0x0138a773 WebCore::ResourceLoader::didCancel(WebCore::ResourceError const&) + 331 4 com.apple.WebCore 0x0138857a WebCore::MainResourceLoader::didCancel(WebCore::ResourceError const&) + 226 (MainResourceLoader.cpp:92) 5 com.apple.WebCore 0x0138a2e1 WebCore::ResourceLoader::cancel(WebCore::ResourceError const&) + 111 6 com.apple.WebCore 0x0138a363 WebCore::ResourceLoader::cancel() + 43 7 com.apple.WebCore 0x013875db WebCore::DocumentLoader::stopLoading() + 247 (DocumentLoader.cpp:279) 8 com.apple.WebCore 0x0137d89b WebCore::FrameLoader::stopAllLoaders() + 101 (FrameLoader.cpp:2150) 9 com.apple.WebCore 0x01382a17 WebCore::FrameLoader::frameDetached() + 17 (FrameLoader.cpp:2882) 10 com.apple.WebCore 0x01364fa6 WebCore::HTMLFrameElementBase::willRemove() + 56 (HTMLFrameElementBase.cpp:193) 11 com.apple.WebCore 0x010d2ee9 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331) 12 com.apple.WebCore 0x010d2ee9 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331) 13 com.apple.WebCore 0x010d2ee9 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331) 14 com.apple.WebCore 0x010d2ee9 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331) 15 com.apple.WebCore 0x010d2ee9 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331) 16 com.apple.WebCore 0x010d2ee9 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331) 17 com.apple.WebCore 0x010d2ee9 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331) 18 com.apple.WebCore 0x010d2ee9 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331) 19 com.apple.WebCore 0x010d2ee9 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331) 20 com.apple.WebCore 0x010d2ee9 WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:331) 21 com.apple.WebCore 0x010d4803 WebCore::willRemoveChild(WebCore::Node*) + 77 (ContainerNode.cpp:348) 22 com.apple.WebCore 0x010d4837 WebCore::ContainerNode::removeChildren() + 39 (ContainerNode.cpp:446) 23 com.apple.WebCore 0x01013d43 WebCore::HTMLElement::setInnerHTML(WebCore::String const&, int&) + 101 (HTMLElement.cpp:291) 24 com.apple.WebCore 0x012431c1 KJS::JSHTMLElement::putValueProperty(KJS::ExecState*, int, KJS::JSValue*, int) + 315 (kjs_html.cpp:1385) 25 com.apple.WebCore 0x01543992 bool KJS::lookupPut<KJS::JSHTMLElement>(KJS::ExecState*, KJS::Identifier const&, KJS::JSValue*, int, KJS::HashTable const*, KJS::JSHTMLElement*) + 162 (lookup.h:254) 26 com.apple.WebCore 0x015439d4 void KJS::lookupPut<KJS::JSHTMLElement, WebCore::JSHTMLElement>(KJS::ExecState*, KJS::Identifier const&, KJS::JSValue*, int, KJS::HashTable const*, KJS::JSHTMLElement*) + 52 (lookup.h:268) 27 com.apple.WebCore 0x012434cc KJS::JSHTMLElement::put(KJS::ExecState*, KJS::Identifier const&, KJS::JSValue*, int) + 468 (kjs_html.cpp:1184) 28 com.apple.WebCore 0x0156642d void KJS::lookupPut<WebCore::JSHTMLDivElement, KJS::JSHTMLElement>(KJS::ExecState*, KJS::Identifier const&, KJS::JSValue*, int, KJS::HashTable const*, WebCore::JSHTMLDivElement*) + 97 (lookup.h:269) 29 com.apple.WebCore 0x012a2c7b WebCore::JSHTMLDivElement::put(KJS::ExecState*, KJS::Identifier const&, KJS::JSValue*, int) + 61 (JSHTMLDivElement.cpp:131) 30 com.apple.JavaScriptCore 0x0068a755 KJS::AssignDotNode::evaluate(KJS::ExecState*) + 1573 (nodes.cpp:1466) 31 com.apple.JavaScriptCore 0x00683a8c KJS::ExprStatementNode::execute(KJS::ExecState*) + 148 (nodes.cpp:1681) 32 com.apple.JavaScriptCore 0x00681684 KJS::SourceElementsNode::execute(KJS::ExecState*) + 256 (nodes.cpp:2458) 33 com.apple.JavaScriptCore 0x0067ffbc KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1657) 34 com.apple.JavaScriptCore 0x00680b8a KJS::TryNode::execute(KJS::ExecState*) + 154 (nodes.cpp:2303) 35 com.apple.JavaScriptCore 0x00681684 KJS::SourceElementsNode::execute(KJS::ExecState*) + 256 (nodes.cpp:2458) 36 com.apple.JavaScriptCore 0x0067ffbc KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1657) 37 com.apple.JavaScriptCore 0x00673628 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 50 (function.cpp:362) 38 com.apple.JavaScriptCore 0x006754ff KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 573 (function.cpp:111) 39 com.apple.JavaScriptCore 0x0068f986 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 40 com.apple.JavaScriptCore 0x00687056 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 716 (nodes.cpp:687) 41 com.apple.JavaScriptCore 0x00683a8c KJS::ExprStatementNode::execute(KJS::ExecState*) + 148 (nodes.cpp:1681) 42 com.apple.JavaScriptCore 0x006817ba KJS::SourceElementsNode::execute(KJS::ExecState*) + 566 (nodes.cpp:2464) 43 com.apple.JavaScriptCore 0x0067ffbc KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1657) 44 com.apple.JavaScriptCore 0x00673628 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 50 (function.cpp:362) 45 com.apple.JavaScriptCore 0x006754ff KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 573 (function.cpp:111) 46 com.apple.JavaScriptCore 0x0068f986 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 47 com.apple.JavaScriptCore 0x00687056 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 716 (nodes.cpp:687) 48 com.apple.JavaScriptCore 0x00683a8c KJS::ExprStatementNode::execute(KJS::ExecState*) + 148 (nodes.cpp:1681) 49 com.apple.JavaScriptCore 0x006817ba KJS::SourceElementsNode::execute(KJS::ExecState*) + 566 (nodes.cpp:2464) 50 com.apple.JavaScriptCore 0x0067ffbc KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1657) 51 com.apple.JavaScriptCore 0x00683980 KJS::IfNode::execute(KJS::ExecState*) + 420 (nodes.cpp:1700) 52 com.apple.JavaScriptCore 0x006817ba KJS::SourceElementsNode::execute(KJS::ExecState*) + 566 (nodes.cpp:2464) 53 com.apple.JavaScriptCore 0x0067ffbc KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1657) 54 com.apple.JavaScriptCore 0x00683980 KJS::IfNode::execute(KJS::ExecState*) + 420 (nodes.cpp:1700) 55 com.apple.JavaScriptCore 0x00681684 KJS::SourceElementsNode::execute(KJS::ExecState*) + 256 (nodes.cpp:2458) 56 com.apple.JavaScriptCore 0x0067ffbc KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1657) 57 com.apple.JavaScriptCore 0x00673628 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 50 (function.cpp:362) 58 com.apple.JavaScriptCore 0x006754ff KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 573 (function.cpp:111) 59 com.apple.JavaScriptCore 0x0068f986 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 60 com.apple.JavaScriptCore 0x00687056 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 716 (nodes.cpp:687) 61 com.apple.JavaScriptCore 0x00683a8c KJS::ExprStatementNode::execute(KJS::ExecState*) + 148 (nodes.cpp:1681) 62 com.apple.JavaScriptCore 0x00681684 KJS::SourceElementsNode::execute(KJS::ExecState*) + 256 (nodes.cpp:2458) 63 com.apple.JavaScriptCore 0x0067ffbc KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1657) 64 com.apple.JavaScriptCore 0x006839e7 KJS::IfNode::execute(KJS::ExecState*) + 523 (nodes.cpp:1707) 65 com.apple.JavaScriptCore 0x00681684 KJS::SourceElementsNode::execute(KJS::ExecState*) + 256 (nodes.cpp:2458) 66 com.apple.JavaScriptCore 0x0067ffbc KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1657) 67 com.apple.JavaScriptCore 0x00673628 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 50 (function.cpp:362) 68 com.apple.JavaScriptCore 0x006754ff KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 573 (function.cpp:111) 69 com.apple.JavaScriptCore 0x0068f986 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 70 com.apple.JavaScriptCore 0x00687056 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 716 (nodes.cpp:687) 71 com.apple.JavaScriptCore 0x00683a8c KJS::ExprStatementNode::execute(KJS::ExecState*) + 148 (nodes.cpp:1681) 72 com.apple.JavaScriptCore 0x006817ba KJS::SourceElementsNode::execute(KJS::ExecState*) + 566 (nodes.cpp:2464) 73 com.apple.JavaScriptCore 0x0067ffbc KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1657) 74 com.apple.JavaScriptCore 0x00683980 KJS::IfNode::execute(KJS::ExecState*) + 420 (nodes.cpp:1700) 75 com.apple.JavaScriptCore 0x006817ba KJS::SourceElementsNode::execute(KJS::ExecState*) + 566 (nodes.cpp:2464) 76 com.apple.JavaScriptCore 0x0067ffbc KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1657) 77 com.apple.JavaScriptCore 0x00683980 KJS::IfNode::execute(KJS::ExecState*) + 420 (nodes.cpp:1700) 78 com.apple.JavaScriptCore 0x00681684 KJS::SourceElementsNode::execute(KJS::ExecState*) + 256 (nodes.cpp:2458) 79 com.apple.JavaScriptCore 0x0067ffbc KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1657) 80 com.apple.JavaScriptCore 0x00673628 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 50 (function.cpp:362) 81 com.apple.JavaScriptCore 0x006754ff KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 573 (function.cpp:111) 82 com.apple.JavaScriptCore 0x0068f986 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 83 com.apple.JavaScriptCore 0x00686d71 KJS::FunctionCallBracketNode::evaluate(KJS::ExecState*) + 1155 (nodes.cpp:741) 84 com.apple.JavaScriptCore 0x0067fe01 KJS::AssignExprNode::evaluate(KJS::ExecState*) + 41 (nodes.cpp:1537) 85 com.apple.JavaScriptCore 0x00683e20 KJS::VarDeclNode::evaluate(KJS::ExecState*) + 90 (nodes.cpp:1554) 86 com.apple.JavaScriptCore 0x00683d3e KJS::VarDeclListNode::evaluate(KJS::ExecState*) + 52 (nodes.cpp:1602) 87 com.apple.JavaScriptCore 0x00683c16 KJS::VarStatementNode::execute(KJS::ExecState*) + 148 (nodes.cpp:1626) 88 com.apple.JavaScriptCore 0x00681684 KJS::SourceElementsNode::execute(KJS::ExecState*) + 256 (nodes.cpp:2458) 89 com.apple.JavaScriptCore 0x0067ffbc KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1657) 90 com.apple.JavaScriptCore 0x00680b8a KJS::TryNode::execute(KJS::ExecState*) + 154 (nodes.cpp:2303) 91 com.apple.JavaScriptCore 0x00681684 KJS::SourceElementsNode::execute(KJS::ExecState*) + 256 (nodes.cpp:2458) 92 com.apple.JavaScriptCore 0x0067ffbc KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1657) 93 com.apple.JavaScriptCore 0x00682ba4 KJS::ForNode::execute(KJS::ExecState*) + 876 (nodes.cpp:1828) 94 com.apple.JavaScriptCore 0x006817ba KJS::SourceElementsNode::execute(KJS::ExecState*) + 566 (nodes.cpp:2464) 95 com.apple.JavaScriptCore 0x0067ffbc KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1657) 96 com.apple.JavaScriptCore 0x00673628 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 50 (function.cpp:362) 97 com.apple.JavaScriptCore 0x006754ff KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 573 (function.cpp:111) 98 com.apple.JavaScriptCore 0x0068f986 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 99 com.apple.JavaScriptCore 0x00687056 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 716 (nodes.cpp:687) 100 com.apple.JavaScriptCore 0x00682743 KJS::ReturnNode::execute(KJS::ExecState*) + 295 (nodes.cpp:2030) 101 com.apple.JavaScriptCore 0x006817ba KJS::SourceElementsNode::execute(KJS::ExecState*) + 566 (nodes.cpp:2464) 102 com.apple.JavaScriptCore 0x0067ffbc KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1657) 103 com.apple.JavaScriptCore 0x00680b8a KJS::TryNode::execute(KJS::ExecState*) + 154 (nodes.cpp:2303) 104 com.apple.JavaScriptCore 0x00681684 KJS::SourceElementsNode::execute(KJS::ExecState*) + 256 (nodes.cpp:2458) 105 com.apple.JavaScriptCore 0x0067ffbc KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1657) 106 com.apple.JavaScriptCore 0x00673628 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 50 (function.cpp:362) 107 com.apple.JavaScriptCore 0x006754ff KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 573 (function.cpp:111) 108 com.apple.JavaScriptCore 0x0068f986 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 109 com.apple.JavaScriptCore 0x00687056 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 716 (nodes.cpp:687) 110 com.apple.JavaScriptCore 0x0067fe01 KJS::AssignExprNode::evaluate(KJS::ExecState*) + 41 (nodes.cpp:1537) 111 com.apple.JavaScriptCore 0x00683e20 KJS::VarDeclNode::evaluate(KJS::ExecState*) + 90 (nodes.cpp:1554) 112 com.apple.JavaScriptCore 0x00683d3e KJS::VarDeclListNode::evaluate(KJS::ExecState*) + 52 (nodes.cpp:1602) 113 com.apple.JavaScriptCore 0x00683c16 KJS::VarStatementNode::execute(KJS::ExecState*) + 148 (nodes.cpp:1626) 114 com.apple.JavaScriptCore 0x006817ba KJS::SourceElementsNode::execute(KJS::ExecState*) + 566 (nodes.cpp:2464) 115 com.apple.JavaScriptCore 0x0067ffbc KJS::BlockNode::execute(KJS::ExecState*) + 140 (nodes.cpp:1657) 116 com.apple.JavaScriptCore 0x00673628 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 50 (function.cpp:362) 117 com.apple.JavaScriptCore 0x006754ff KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 573 (function.cpp:111) 118 com.apple.JavaScriptCore 0x0068f986 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97) 119 com.apple.WebCore 0x0123aba6 KJS::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 574 (kjs_events.cpp:123) 120 com.apple.WebCore 0x0120585a WebCore::EventTargetNode::handleLocalEvents(WebCore::Event*, bool) + 352 (EventTargetNode.cpp:166) 121 com.apple.WebCore 0x01206131 WebCore::EventTargetNode::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 1381 (EventTargetNode.cpp:240) 122 com.apple.WebCore 0x01207ccd WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool, WebCore::EventTarget*) + 329 (EventTargetNode.cpp:308) 123 com.apple.WebCore 0x01207d49 WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 75 (EventTargetNode.cpp:292) 124 com.apple.WebCore 0x01206b01 WebCore::EventTargetNode::dispatchMouseEvent(WebCore::AtomicString const&, int, int, int, int, int, int, bool, bool, bool, bool, bool, WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) + 691 (EventTargetNode.cpp:470) 125 com.apple.WebCore 0x0120720e WebCore::EventTargetNode::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WebCore::AtomicString const&, int, WebCore::Node*) + 496 (EventTargetNode.cpp:397) 126 com.apple.WebCore 0x013acdb2 WebCore::EventHandler::dispatchMouseEvent(WebCore::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 146 (EventHandler.cpp:1153) 127 com.apple.WebCore 0x013adb4b WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 951 (EventHandler.cpp:812) 128 com.apple.WebCore 0x013a8a2c WebCore::EventHandler::mouseDown(NSEvent*) + 556 (EventHandlerMac.mm:470) 129 com.apple.WebKit 0x0043c997 -[WebHTMLView mouseDown:] + 413 (WebHTMLView.mm:2975) 130 com.apple.WebCore 0x013a768b WebCore::EventHandler::passMouseDownEventToWidget(WebCore::Widget*) + 1413 (EventHandlerMac.mm:264) 131 com.apple.WebCore 0x013a776a WebCore::EventHandler::passWidgetMouseDownEventToWidget(WebCore::RenderWidget*) + 32 (EventHandlerMac.mm:181) 132 com.apple.WebCore 0x013a85c7 WebCore::EventHandler::passSubframeEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*) + 621 (EventHandlerMac.mm:390) 133 com.apple.WebCore 0x013a8f39 WebCore::EventHandler::passMousePressEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*) + 31 (EventHandlerMac.mm:613) 134 com.apple.WebCore 0x013ad94a WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 438 (EventHandler.cpp:790) 135 com.apple.WebCore 0x013a8a2c WebCore::EventHandler::mouseDown(NSEvent*) + 556 (EventHandlerMac.mm:470) 136 com.apple.WebKit 0x0043c997 -[WebHTMLView mouseDown:] + 413 (WebHTMLView.mm:2975) 137 com.apple.WebCore 0x013a768b WebCore::EventHandler::passMouseDownEventToWidget(WebCore::Widget*) + 1413 (EventHandlerMac.mm:264) 138 com.apple.WebCore 0x013a776a WebCore::EventHandler::passWidgetMouseDownEventToWidget(WebCore::RenderWidget*) + 32 (EventHandlerMac.mm:181) 139 com.apple.WebCore 0x013a85c7 WebCore::EventHandler::passSubframeEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*) + 621 (EventHandlerMac.mm:390) 140 com.apple.WebCore 0x013a8f39 WebCore::EventHandler::passMousePressEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*) + 31 (EventHandlerMac.mm:613) 141 com.apple.WebCore 0x013ad94a WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 438 (EventHandler.cpp:790) 142 com.apple.WebCore 0x013a8a2c WebCore::EventHandler::mouseDown(NSEvent*) + 556 (EventHandlerMac.mm:470) 143 com.apple.WebKit 0x0043c997 -[WebHTMLView mouseDown:] + 413 (WebHTMLView.mm:2975) 144 com.apple.AppKit 0x933613af -[NSWindow sendEvent:] + 5279 145 com.apple.Safari 0x000adfa8 -[Window sendEvent:] + 363 (Window.m:85) 146 com.apple.AppKit 0x93353350 -[NSApplication sendEvent:] + 5023 147 com.apple.Safari 0x000221a5 -[BrowserApplication sendEvent:] + 463 (BrowserApplication.m:143) 148 com.apple.AppKit 0x9327ddfe -[NSApplication run] + 547 149 com.apple.AppKit 0x93271d2f NSApplicationMain + 573 150 com.apple.Safari 0x000a8f63 main + 95 (main.m:27) 151 com.apple.Safari 0x00002772 _start + 216 152 com.apple.Safari 0x00002699 start + 41 Thread 1: 0 libSystem.B.dylib 0x900247e7 semaphore_wait_signal_trap + 7 1 com.apple.Foundation 0x9284626c -[NSConditionLock lockWhenCondition:] + 39 2 com.apple.Syndication 0x9a789052 -[AsyncDB _run:] + 181 3 com.apple.Foundation 0x927f02e0 forkThreadForFunction + 123 4 libSystem.B.dylib 0x90024147 _pthread_body + 84 Thread 2: 0 libSystem.B.dylib 0x90009bf7 mach_msg_trap + 7 1 com.apple.CoreFoundation 0x9082e2b3 CFRunLoopRunSpecific + 2014 2 com.apple.CoreFoundation 0x9082dace CFRunLoopRunInMode + 61 3 com.apple.Foundation 0x92825a0f +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 259 4 com.apple.Foundation 0x927f02e0 forkThreadForFunction + 123 5 libSystem.B.dylib 0x90024147 _pthread_body + 84 Thread 3: 0 libSystem.B.dylib 0x90009bf7 mach_msg_trap + 7 1 com.apple.CoreFoundation 0x9082e2b3 CFRunLoopRunSpecific + 2014 2 com.apple.CoreFoundation 0x9082dace CFRunLoopRunInMode + 61 3 com.apple.Foundation 0x9284cbc2 +[NSURLCache _diskCacheSyncLoop:] + 206 4 com.apple.Foundation 0x927f02e0 forkThreadForFunction + 123 5 libSystem.B.dylib 0x90024147 _pthread_body + 84 Thread 4: 0 libSystem.B.dylib 0x9001a0ec select + 12 1 libSystem.B.dylib 0x90024147 _pthread_body + 84 Thread 5: 0 libSystem.B.dylib 0x900247e7 semaphore_wait_signal_trap + 7 1 com.apple.Foundation 0x9284626c -[NSConditionLock lockWhenCondition:] + 39 2 com.apple.AppKit 0x9335b270 -[NSUIHeartBeat _heartBeatThread:] + 377 3 com.apple.Foundation 0x927f02e0 forkThreadForFunction + 123 4 libSystem.B.dylib 0x90024147 _pthread_body + 84 Thread 0 crashed with X86 Thread State (32-bit): eax: 0xbbadbeef ebx: 0x00490e18 ecx: 0xa0001e80 edx: 0x00000000 edi: 0x184489a0 esi: 0x184489a0 ebp: 0xbfffc4d8 esp: 0xbfffc4c0 ss: 0x0000001f efl: 0x00010286 eip: 0x00490e65 cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037

Attachments
proposed patch (1.27 KB, patch) 2007-06-19 01:44 PDT, Maxime BRITTO	mjs: review-	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Brady Eidson

Comment 1 2007-04-16 11:21:25 PDT

<rdar://problem/5133420> also, this seems almost certainly related to http://bugs.webkit.org/show_bug.cgi?id=13360

Maxime BRITTO

Comment 2 2007-06-14 08:20:50 PDT

(In reply to comment #1) > <rdar://problem/5133420> > > also, this seems almost certainly related to > http://bugs.webkit.org/show_bug.cgi?id=13360 > The bug 13360 is fixed now but this one still occurs. I think the problem is in the HTMLFrameElementBase::willRemove() call because : - if we "undo discard" on Gmail with a new message contentFrame() returns 0 - if we "undo discard" on Gmail with a reply message (the one which leads to the crash) the contentFrame() returns something so we get in the "if" condition and then we crash. I've also tried to comment everything inside the if and I can no longer reproduce the crash ; obviously that is not the solution but it shows it's related to this fonction and maybe we need to modify the condition by adding something to handle this particulary case.

Maxime BRITTO

Comment 3 2007-06-19 01:44:48 PDT

Created attachment 15116 [details] proposed patch If a provisionnal frame loader never gets committed, this patch is dropping it if it's still alive when trying to detach the frame. The bug is no longer reproductible and no test cases are affected by this. Though I can't produce a layout test because I don't know why this provisionnal frame loader never gets committed.

Maciej Stachowiak

Comment 4 2007-06-25 19:48:14 PDT

Comment on attachment 15116 [details] proposed patch It should be impossible for the provisional document loader and the regular document loader to ever be the same: > + if ((m_provisionalDocumentLoader && m_documentLoader) && (m_provisionalDocumentLoader != m_documentLoader)) { Also, is the bug reproducible now or not? If the bug no longer happens, I'm not sure we should make a change. If it does, then it needs a test case. r- until these comments are addressed.

Maxime BRITTO

Comment 5 2007-06-26 01:36:06 PDT

When I said the bug was no longer reproductible, I meant with this patch. If I remove the patch, I can reproduce the assertion error, so the bug stills exists. My main problem with this bug is the fact that I don't know why this frame loader never gets commited. This patch fixes the bug, but I think I can find out a more effective solution if I understand why it's happening.

Adele Peterson

Comment 6 2007-08-30 14:05:48 PDT

committed in r24087

Note You need to log in before you can comment on or make changes to this bug.