Bug 13684

* SUMMARY Reproducible assertion failure in WebCore::FrameLoader::restoreScrollPositionAndViewState() going back from fark.com Photoshop contest. * STEPS TO REPRODUCE 1. Open Safari/WebKit. 2. Go to: http://www.fark.com/ 3. Scroll down to a Photoshop contest link. 4. Click on a Photoshop contest link. I used: http://forums.fark.com/cgi/fark/comments.pl?IDLink=2780805 5. Wait for the page to fully load. 6. Click the browser Back button. * EXPECTED RESULTS The browser should go back one page in history without crashing. * ACTUAL RESULTS The browser crashes due to an assertion failure going back one page in history. * REGRESSION This is a recent regression (last 24-48 hours) on ToT WebKit, and a regression of shipping Safari. * NOTES - Reproduced with a local debug build of WebKit r21422 with shipping Safari 2.0.4 (419.3) on Mac OS X 10.4.9 (8P135). - Console output: ASSERTION FAILED: m_currentHistoryItem (/Volumes/Data/WebKit/WebCore/loader/FrameLoader.cpp:3674 restoreScrollPositionAndViewState) Segmentation fault - Stack trace: Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0xbbadbeef Thread 0 Crashed: 0 com.apple.WebCore 0x0146fb00 WebCore::FrameLoader::restoreScrollPositionAndViewState() + 104 (FrameLoader.cpp:3674) 1 com.apple.WebCore 0x0146fcac WebCore::FrameLoader::didFirstLayout() + 164 (FrameLoader.cpp:2823) 2 com.apple.WebCore 0x010f47bc WebCore::FrameView::layout(bool) + 2872 (FrameView.cpp:449) 3 com.apple.WebCore 0x01318540 WebCore::RenderPart::updateWidgetPosition() + 1156 (RenderPart.cpp:117) 4 com.apple.WebCore 0x0119a254 WebCore::RenderView::updateWidgetPositions() + 120 (RenderView.cpp:446) 5 com.apple.WebCore 0x010f4684 WebCore::FrameView::layout(bool) + 2560 (FrameView.cpp:433) 6 com.apple.WebCore 0x010e480c WebCore::Frame::forceLayout(bool) + 80 (Frame.cpp:1369) 7 com.apple.WebCore 0x0110f2e4 -[WebCoreFrameBridge forceLayoutAdjustingViewSize:] + 76 (WebCoreFrameBridge.mm:384) 8 com.apple.WebKit 0x00350524 -[WebHTMLView layoutToMinimumPageWidth:maximumPageWidth:adjustingViewSize:] + 240 (WebHTMLView.mm:2619) 9 com.apple.WebKit 0x00350874 -[WebHTMLView layout] + 84 (WebHTMLView.mm:2645) 10 com.apple.WebKit 0x0034a6d0 -[WebHTMLView(WebPrivate) _layoutIfNeeded] + 284 (WebHTMLView.mm:1476) 11 com.apple.WebKit 0x0034a968 -[WebHTMLView(WebPrivate) _web_layoutIfNeededRecursive:testDirtyRect:] + 508 (WebHTMLView.mm:1496) 12 com.apple.WebKit 0x003488a4 -[WebHTMLView(WebPrivate) _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 320 (WebHTMLView.mm:830) 13 com.apple.AppKit 0x937e39a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676 14 com.apple.AppKit 0x937e39a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676 15 com.apple.AppKit 0x937e39a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676 16 com.apple.AppKit 0x937e39a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676 17 com.apple.AppKit 0x937e39a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676 18 com.apple.AppKit 0x937e39a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676 19 com.apple.AppKit 0x937e39a8 -[NSView _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 1676 20 com.apple.AppKit 0x93804044 -[NSThemeFrame _recursiveDisplayRectIfNeededIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:topView:] + 192 21 com.apple.AppKit 0x937dd054 -[NSView _displayRectIgnoringOpacity:isVisibleRect:rectIsVisibleRectForView:] + 384 22 com.apple.AppKit 0x937d2348 -[NSView displayIfNeeded] + 248 23 com.apple.AppKit 0x937d21b8 -[NSWindow displayIfNeeded] + 180 24 com.apple.Safari 0x0001a5f8 0x1000 + 103928 25 com.apple.AppKit 0x937d2064 _handleWindowNeedsDisplay + 200 26 com.apple.CoreFoundation 0x907de76c __CFRunLoopDoObservers + 352 27 com.apple.CoreFoundation 0x907dea0c __CFRunLoopRun + 420 28 com.apple.CoreFoundation 0x907de4ac CFRunLoopRunSpecific + 268 29 com.apple.HIToolbox 0x93298b20 RunCurrentEventLoopInMode + 264 30 com.apple.HIToolbox 0x9329812c ReceiveNextEventCommon + 244 31 com.apple.HIToolbox 0x93298020 BlockUntilNextEventMatchingListInMode + 96 32 com.apple.AppKit 0x9379eae4 _DPSNextEvent + 384 33 com.apple.AppKit 0x9379e7a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 34 com.apple.Safari 0x00006740 0x1000 + 22336 35 com.apple.AppKit 0x9379acec -[NSApplication run] + 472 36 com.apple.AppKit 0x9388b87c NSApplicationMain + 452 37 com.apple.Safari 0x0005c77c 0x1000 + 374652 38 com.apple.Safari 0x0005c624 0x1000 + 374308