Bug 13774

Summary: REGRESSION: Crash emailing blog entry using Google Reader
Product: WebKit Reporter: Bill Rodriguez <billrod>
Component: Layout and RenderingAssignee: mitz
Status: RESOLVED FIXED    
Severity: Normal CC: mitz
Priority: P1 Keywords: GoogleBug, InRadar, Regression
Version: 523.x (Safari 3)   
Hardware: Mac (PowerPC)   
OS: OS X 10.4   
URL: http://www.google.com/reader/view/
Attachments:
Description Flags
Recalc sections if dirty in section{Above,Below} and cell{Above,Below,Before,After} darin: review+

Bill Rodriguez
Reported 2007-05-18 07:34:47 PDT
When using the EMAIL part in Google Reader the browser crashes (brings up the box to try again). The email does get sent. This does work in Safari Version 2.0.4 (419.3) Just not in Webkit. I am currently testing on current-revision=21545
Attachments
Recalc sections if dirty in section{Above,Below} and cell{Above,Below,Before,After} (30.94 KB, patch)
2007-05-19 04:30 PDT, mitz 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Brady Eidson
Comment 1 2007-05-18 09:41:12 PDT
Thanks for your bug report! It's extremely helpful to include a crash report with your bugs. Also, explicit steps to reproduce would be useful too - these modern web apps are very complex and sometimes there's a very specific series of steps to follow to trigger a certain crash (note I haven't tried this one just yet so I'm not show about it)
Bill Rodriguez
Comment 2 2007-05-18 09:58:01 PDT
When this happens I am in Google Reader and i click on EMAIL then a box appears with the TO: SUBJECT and MESSAGE.. I then click on send and the browser crashes.. Here is the report.. Date/Time: 2007-05-18 12:42:52.620 -0400 OS Version: 10.4.9 (Build 8P135) Report Version: 4 Command: Safari Path: /Applications/Safari.app/Contents/MacOS/Safari Parent: WindowServer [63] Version: ??? (21545) PID: 19180 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x0000000c Thread 0 Crashed: 0 com.apple.WebCore 0x01196d80 WebCore::RenderTableCell::collapsedTopBorder() const + 256 1 com.apple.WebCore 0x01196f90 WebCore::RenderTableCell::borderHalfTop(bool) const + 32 2 com.apple.WebCore 0x01149cdc WebCore::RenderBox::calculateBackgroundImageGeometry(WebCore::BackgroundLayer const*, int, int, int, int, WebCore::IntRect&, WebCore::IntPoint&, WebCore::IntSize&) + 188 3 com.apple.WebCore 0x0114b034 WebCore::RenderBox::imageChanged(WebCore::CachedImage*) + 916 4 com.apple.WebCore 0x010e74cc WebCore::CachedImage::ref(WebCore::CachedResourceClient*) + 188 5 com.apple.WebCore 0x01173c94 WebCore::RenderObject::updateBackgroundImages(WebCore::RenderStyle*) + 292 6 com.apple.WebCore 0x01174ad4 WebCore::RenderObject::setStyle(WebCore::RenderStyle*) + 2356 7 com.apple.WebCore 0x0114833c WebCore::RenderBox::setStyle(WebCore::RenderStyle*) + 44 8 com.apple.WebCore 0x0113b8f8 WebCore::RenderBlock::setStyle(WebCore::RenderStyle*) + 88 9 com.apple.WebCore 0x011970c8 WebCore::RenderTableCell::setStyle(WebCore::RenderStyle*) + 216 10 com.apple.WebCore 0x01240f38 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 488 11 com.apple.WebCore 0x0124100c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700 12 com.apple.WebCore 0x0124100c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700 13 com.apple.WebCore 0x0124100c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700 14 com.apple.WebCore 0x0124100c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700 15 com.apple.WebCore 0x0124100c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700 16 com.apple.WebCore 0x0124100c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700 17 com.apple.WebCore 0x0124100c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700 18 com.apple.WebCore 0x0124100c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700 19 com.apple.WebCore 0x0124100c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700 20 com.apple.WebCore 0x0124100c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700 21 com.apple.WebCore 0x0124100c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700 22 com.apple.WebCore 0x0124100c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700 23 com.apple.WebCore 0x0124100c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700 24 com.apple.WebCore 0x0124100c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700 25 com.apple.WebCore 0x010ce2dc WebCore::Document::recalcStyle(WebCore::Node::StyleChange) + 1212 26 com.apple.WebCore 0x010c667c WebCore::Document::updateDocumentsRendering() + 76 27 com.apple.WebCore 0x0125e4b4 KJS::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 1668 28 com.apple.WebCore 0x011a22f0 WebCore::XMLHttpRequest::callReadyStateChangeListener() + 256 29 com.apple.WebCore 0x011a2d9c WebCore::XMLHttpRequest::didFinishLoading(WebCore::SubresourceLoader*) + 300 30 com.apple.WebCore 0x013ff270 WebCore::SubresourceLoader::didFinishLoading() + 96 31 com.apple.WebCore 0x013cf284 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 84 32 com.apple.Foundation 0x92c1389c -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 188 33 com.apple.Foundation 0x92c11b08 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 556 34 com.apple.Foundation 0x92c11860 _sendCallbacks + 156 35 com.apple.CoreFoundation 0x907df4fc __CFRunLoopDoSources0 + 384 36 com.apple.CoreFoundation 0x907dea2c __CFRunLoopRun + 452 37 com.apple.CoreFoundation 0x907de4ac CFRunLoopRunSpecific + 268 38 com.apple.HIToolbox 0x93298b20 RunCurrentEventLoopInMode + 264 39 com.apple.HIToolbox 0x932981b4 ReceiveNextEventCommon + 380 40 com.apple.HIToolbox 0x93298020 BlockUntilNextEventMatchingListInMode + 96 41 com.apple.AppKit 0x9379eae4 _DPSNextEvent + 384 42 com.apple.AppKit 0x9379e7a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 43 com.apple.Safari 0x00006740 0x1000 + 22336 44 com.apple.AppKit 0x9379acec -[NSApplication run] + 472 45 com.apple.AppKit 0x9388b87c NSApplicationMain + 452 46 com.apple.Safari 0x0005c77c 0x1000 + 374652 47 com.apple.Safari 0x0005c624 0x1000 + 374308 Thread 1: 0 libSystem.B.dylib 0x9000b6e8 mach_msg_trap + 8 1 libSystem.B.dylib 0x9000b63c mach_msg + 60 2 com.apple.CoreFoundation 0x907deba8 __CFRunLoopRun + 832 3 com.apple.CoreFoundation 0x907de4ac CFRunLoopRunSpecific + 268 4 com.apple.Foundation 0x92c086a8 +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 264 5 com.apple.Foundation 0x92be11a0 forkThreadForFunction + 108 6 libSystem.B.dylib 0x9002c0a8 _pthread_body + 96 Thread 2: 0 libSystem.B.dylib 0x9000b6e8 mach_msg_trap + 8 1 libSystem.B.dylib 0x9000b63c mach_msg + 60 2 com.apple.CoreFoundation 0x907deba8 __CFRunLoopRun + 832 3 com.apple.CoreFoundation 0x907de4ac CFRunLoopRunSpecific + 268 4 com.apple.Foundation 0x92c097e8 +[NSURLCache _diskCacheSyncLoop:] + 152 5 com.apple.Foundation 0x92be11a0 forkThreadForFunction + 108 6 libSystem.B.dylib 0x9002c0a8 _pthread_body + 96 Thread 3: 0 libSystem.B.dylib 0x9002c768 semaphore_wait_signal_trap + 8 1 libSystem.B.dylib 0x9003124c pthread_cond_wait + 480 2 com.apple.Foundation 0x92be830c -[NSConditionLock lockWhenCondition:] + 68 3 com.apple.Syndication 0x9b8f542c -[AsyncDB _run:] + 192 4 com.apple.Foundation 0x92be11a0 forkThreadForFunction + 108 5 libSystem.B.dylib 0x9002c0a8 _pthread_body + 96 Thread 4: 0 libSystem.B.dylib 0x9001fc2c select + 12 1 com.apple.CoreFoundation 0x907f1434 __CFSocketManager + 472 2 libSystem.B.dylib 0x9002c0a8 _pthread_body + 96 Thread 5: 0 libSystem.B.dylib 0x9002f42c kevent + 12 1 com.apple.DesktopServices 0x92af4eb0 TFSNotificationTask::FSNotificationTaskProc(void*) + 56 2 ...ple.CoreServices.CarbonCore 0x90bc6868 PrivateMPEntryPoint + 76 3 libSystem.B.dylib 0x9002c0a8 _pthread_body + 96 Thread 6: 0 libSystem.B.dylib 0x9002c768 semaphore_wait_signal_trap + 8 1 libSystem.B.dylib 0x9003124c pthread_cond_wait + 480 2 ...ple.CoreServices.CarbonCore 0x90bc6a58 MPWaitOnQueue + 224 3 com.apple.DesktopServices 0x92af552c TNodeSyncTask::SyncTaskProc(void*) + 116 4 ...ple.CoreServices.CarbonCore 0x90bc6868 PrivateMPEntryPoint + 76 5 libSystem.B.dylib 0x9002c0a8 _pthread_body + 96 Thread 7: 0 libSystem.B.dylib 0x9002c768 semaphore_wait_signal_trap + 8 1 libSystem.B.dylib 0x9003124c pthread_cond_wait + 480 2 com.apple.Foundation 0x92be830c -[NSConditionLock lockWhenCondition:] + 68 3 com.apple.AppKit 0x9383b708 -[NSUIHeartBeat _heartBeatThread:] + 324 4 com.apple.Foundation 0x92be11a0 forkThreadForFunction + 108 5 libSystem.B.dylib 0x9002c0a8 _pthread_body + 96 Thread 8: 0 libSystem.B.dylib 0x9000b6e8 mach_msg_trap + 8 1 libSystem.B.dylib 0x9000b63c mach_msg + 60 2 ...romedia.Flash Player.plugin 0x080bc70c native_ShockwaveFlash_TCallFrame + 1368276 3 libSystem.B.dylib 0x9002c0a8 _pthread_body + 96 Thread 0 crashed with PPC Thread State 64: srr0: 0x0000000001196d80 srr1: 0x000000000200f030 vrsave: 0x00000000fff00000 cr: 0x24444244 xer: 0x0000000000000004 lr: 0x0000000001196d5c ctr: 0x0000000090131ce0 r0: 0x0000000000000006 r1: 0x00000000bfffd880 r2: 0x0000000000000000 r3: 0x00000000bfffd900 r4: 0x00000000bfffd988 r5: 0x0000000000000008 r6: 0x00000000074aa0ec r7: 0x0000000000000006 r8: 0x0000000000000001 r9: 0x0000000007db989c r10: 0x00000000bfffd980 r11: 0x0000000001555a74 r12: 0x00000000bfffd908 r13: 0x00000000000001d5 r14: 0x0000000000000107 r15: 0x0000000000000001 r16: 0x00000000bfffdba8 r17: 0x0000000000000000 r18: 0x000000000000a617 r19: 0x0000000000000000 r20: 0x00000000bfffe584 r21: 0x0000000005f98334 r22: 0x0000000007bd1984 r23: 0x0000000005bce300 r24: 0x0000000007db98f0 r25: 0x00000000066e3220 r26: 0x00000000bfffd900 r27: 0x000000000640bc08 r28: 0x0000000007db98f0 r29: 0x00000000bfffd980 r30: 0x0000000000000006 r31: 0x00000000011741b4 Binary Images Description: 0x1000 - 0xdcfff com.apple.Safari 2.0.4 (419.3) /Applications/Safari.app/Contents/MacOS/Safari 0x109000 - 0x10afff WebKitNightlyEnabler.dylib /Applications/WebKit.app/Contents/Resources/WebKitNightlyEnabler.dylib 0x305000 - 0x3b6fff com.apple.WebKit 522+ /Applications/WebKit.app/Contents/Resources/WebKit.framework/Versions/A/WebKit 0x436000 - 0x4e9fff com.apple.JavaScriptCore 522+ /Applications/WebKit.app/Contents/Resources/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x1008000 - 0x1554fff com.apple.WebCore 522+ /Applications/WebKit.app/Contents/Resources/WebCore.framework/Versions/A/WebCore 0x55e7000 - 0x55ecfff com.apple.JavaScriptGlue 522+ /Applications/WebKit.app/Contents/Resources/JavaScriptGlue.framework/Versions/A/JavaScriptGlue 0x7e05000 - 0x811afff com.macromedia.Flash Player.plugin 9.0.45.0 (1.0.1f41) /Library/Internet Plug-Ins/Flash Player.plugin/Contents/MacOS/Flash Player 0x8fe00000 - 0x8fe52fff dyld 46.12 /usr/lib/dyld 0x90000000 - 0x901bdfff libSystem.B.dylib /usr/lib/libSystem.B.dylib 0x90215000 - 0x9021afff libmathCommon.A.dylib /usr/lib/system/libmathCommon.A.dylib 0x9021c000 - 0x90269fff com.apple.CoreText 1.0.3 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x90294000 - 0x90345fff ATS /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x90374000 - 0x9072ffff com.apple.CoreGraphics 1.258.61 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x907bc000 - 0x90895fff com.apple.CoreFoundation 6.4.7 (368.28) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x908de000 - 0x908defff com.apple.CoreServices 10.4 (???) /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x908e0000 - 0x909e2fff libicucore.A.dylib /usr/lib/libicucore.A.dylib 0x90a3c000 - 0x90ac0fff libobjc.A.dylib /usr/lib/libobjc.A.dylib 0x90aea000 - 0x90b5cfff com.apple.framework.IOKit 1.4 (???) /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x90b72000 - 0x90b84fff libauto.dylib /usr/lib/libauto.dylib 0x90b8b000 - 0x90e62fff com.apple.CoreServices.CarbonCore 681.10 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x90ec8000 - 0x90f48fff com.apple.CoreServices.OSServices 4.1 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x90f92000 - 0x90fd3fff com.apple.CFNetwork 4.0 (129.20) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x90fe8000 - 0x91000fff com.apple.WebServices 1.1.2 (1.1.0) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/WebServicesCore 0x91010000 - 0x91091fff com.apple.SearchKit 1.0.5 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x910d7000 - 0x91100fff com.apple.Metadata 10.4.4 (121.36) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x91111000 - 0x9111ffff libz.1.dylib /usr/lib/libz.1.dylib 0x91122000 - 0x912ddfff com.apple.security 4.6 (29770) /System/Library/Frameworks/Security.framework/Versions/A/Security 0x913dc000 - 0x913e5fff com.apple.DiskArbitration 2.1 /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x913ec000 - 0x913f4fff libbsm.dylib /usr/lib/libbsm.dylib 0x913f8000 - 0x91420fff com.apple.SystemConfiguration 1.8.3 /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x91433000 - 0x9143efff libgcc_s.1.dylib /usr/lib/libgcc_s.1.dylib 0x91443000 - 0x914befff com.apple.audio.CoreAudio 3.0.4 /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x914fb000 - 0x914fbfff com.apple.ApplicationServices 10.4 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x914fd000 - 0x91535fff com.apple.AE 1.5 (297) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x91550000 - 0x91622fff com.apple.ColorSync 4.4.9 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x91675000 - 0x91706fff com.apple.print.framework.PrintCore 4.6 (177.13) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x9174d000 - 0x91804fff com.apple.QD 3.10.24 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x91841000 - 0x9189ffff com.apple.HIServices 1.5.3 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x918ce000 - 0x918effff com.apple.LangAnalysis 1.6.1 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x91903000 - 0x91928fff com.apple.FindByContent 1.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/FindByContent 0x9193b000 - 0x9197dfff com.apple.LaunchServices 182 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x91999000 - 0x919adfff com.apple.speech.synthesis.framework 3.3 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x919bb000 - 0x91a01fff com.apple.ImageIO.framework 1.5.4 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x91a18000 - 0x91adffff libcrypto.0.9.7.dylib /usr/lib/libcrypto.0.9.7.dylib 0x91b2d000 - 0x91b42fff libcups.2.dylib /usr/lib/libcups.2.dylib 0x91b47000 - 0x91b65fff libJPEG.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x91b6b000 - 0x91c22fff libJP2.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib 0x91c71000 - 0x91c75fff libGIF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x91c77000 - 0x91cdffff libRaw.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib 0x91ce4000 - 0x91d21fff libTIFF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x91d28000 - 0x91d41fff libPng.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x91d46000 - 0x91d49fff libRadiance.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x91d4b000 - 0x91e29fff libxml2.2.dylib /usr/lib/libxml2.2.dylib 0x91e49000 - 0x91e49fff com.apple.Accelerate 1.2.2 (Accelerate 1.2.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x91e4b000 - 0x91f30fff com.apple.vImage 2.4 /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x91f38000 - 0x91f57fff com.apple.Accelerate.vecLib 3.2.2 (vecLib 3.2.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x91fc3000 - 0x92031fff libvMisc.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x9203c000 - 0x920d1fff libvDSP.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x920eb000 - 0x92673fff libBLAS.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x926a6000 - 0x929d1fff libLAPACK.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x92a01000 - 0x92aeffff libiconv.2.dylib /usr/lib/libiconv.2.dylib 0x92af2000 - 0x92b7afff com.apple.DesktopServices 1.3.6 /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x92bbb000 - 0x92de6fff com.apple.Foundation 6.4.8 (567.29) /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x92f13000 - 0x92f31fff libGL.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x92f3c000 - 0x92f96fff libGLU.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x92fb4000 - 0x92fb4fff com.apple.Carbon 10.4 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x92fb6000 - 0x92fcafff com.apple.ImageCapture 3.0 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x92fe2000 - 0x92ff2fff com.apple.speech.recognition.framework 3.4 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x92ffe000 - 0x93013fff com.apple.securityhi 2.0 (203) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x93025000 - 0x930acfff com.apple.ink.framework 101.2 (69) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x930c0000 - 0x930cbfff com.apple.help 1.0.3 (32) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x930d5000 - 0x93102fff com.apple.openscripting 1.2.5 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x9311c000 - 0x9312bfff com.apple.print.framework.Print 5.2 (192.4) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x93137000 - 0x9319dfff com.apple.htmlrendering 1.1.2 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x931ce000 - 0x9321dfff com.apple.NavigationServices 3.4.4 (3.4.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x9324b000 - 0x93268fff com.apple.audio.SoundManager 3.9 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x9327a000 - 0x93287fff com.apple.CommonPanels 1.2.2 (73) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x93290000 - 0x9359efff com.apple.HIToolbox 1.4.9 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x936ee000 - 0x936fafff com.apple.opengl 1.4.7 /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x936ff000 - 0x9371ffff com.apple.DirectoryService.Framework 3.1 /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x93794000 - 0x93794fff com.apple.Cocoa 6.4 (???) /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x93796000 - 0x93dc9fff com.apple.AppKit 6.4.7 (824.41) /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x94156000 - 0x941c8fff com.apple.CoreData 91 (92.1) /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x94201000 - 0x942c5fff com.apple.audio.toolbox.AudioToolbox 1.4.5 /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x94317000 - 0x94317fff com.apple.audio.units.AudioUnit 1.4 /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x94319000 - 0x944d9fff com.apple.QuartzCore 1.4.12 /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x94523000 - 0x94560fff libsqlite3.0.dylib /usr/lib/libsqlite3.0.dylib 0x94568000 - 0x945b8fff libGLImage.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x945c1000 - 0x945dbfff com.apple.CoreVideo 1.4 /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x945eb000 - 0x9460bfff libmx.A.dylib /usr/lib/libmx.A.dylib 0x94699000 - 0x946dbfff com.apple.vmutils 4.0.2 (93.1) /System/Library/PrivateFrameworks/vmutils.framework/Versions/A/vmutils 0x9471f000 - 0x9473bfff com.apple.securityfoundation 2.2 (27710) /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x9474f000 - 0x94793fff com.apple.securityinterface 2.2 (27692) /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x947b7000 - 0x947c6fff libCGATS.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x947ce000 - 0x947dbfff libCSync.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x94821000 - 0x9483afff libRIP.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x94841000 - 0x94b57fff com.apple.QuickTime 7.1.6 /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime 0x94c39000 - 0x94caafff libstdc++.6.dylib /usr/lib/libstdc++.6.dylib 0x94e1f000 - 0x94f4ffff com.apple.AddressBook.framework 4.0.4 (485.1) /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x94fe1000 - 0x94ff0fff com.apple.DSObjCWrappers.Framework 1.1 /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x94ff8000 - 0x95025fff com.apple.LDAPFramework 1.4.1 (69.0.1) /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x9502c000 - 0x9503cfff libsasl2.2.dylib /usr/lib/libsasl2.2.dylib 0x95040000 - 0x9506ffff libssl.0.9.7.dylib /usr/lib/libssl.0.9.7.dylib 0x9507f000 - 0x9509cfff libresolv.9.dylib /usr/lib/libresolv.9.dylib 0x9626b000 - 0x96294fff libxslt.1.dylib /usr/lib/libxslt.1.dylib 0x96b60000 - 0x96b76fff libJapaneseConverter.dylib /System/Library/CoreServices/Encodings/libJapaneseConverter.dylib 0x97db6000 - 0x97dc3fff com.apple.agl 2.5.6 (AGL-2.5.6) /System/Library/Frameworks/AGL.framework/Versions/A/AGL 0x9b8f2000 - 0x9b928fff com.apple.Syndication 1.0.6 (54) /System/Library/PrivateFrameworks/Syndication.framework/Versions/A/Syndication 0x9b945000 - 0x9b957fff com.apple.SyndicationUI 1.0.6 (54) /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI Model: PowerBook6,1, BootROM 4.5.5f4, 1 processors, PowerPC G4 (3.3), 867 MHz, 640 MB Graphics: NVIDIA GeForce4 MX, GeForce4 MX, AGP, 32 MB Memory Module: DIMM0/BUILT-IN, 128 MB, built-in, built-in Memory Module: DIMM1/J31, 512 MB, DDR SDRAM, PC2100U-25330 AirPort: AirPort Extreme, 405.1 (3.90.34.0.p18) Modem: MicroDash, UCJ, V.92, 1.0F, APPLE VERSION 2.6.6 Bluetooth: Version 1.7.14f14, 2 service, 1 devices, 1 incoming serial ports Network Service: Built-in Ethernet, Ethernet, en0 Parallel ATA Device: MATSHITACD-RW CW-8122 Parallel ATA Device: FUJITSU MHS2060AT, 55.89 GB USB Device: Hub, Up to 12 Mb/sec, 500 mA USB Device: Apple Optical USB Mouse, Mitsumi Electric, Up to 1.5 Mb/sec, 500 mA USB Device: Comfort Curve Keyboard 2000, Microsoft, Up to 1.5 Mb/sec, 500 mA USB Device: USB KVM Switch, Justcom Technology, Up to 1.5 Mb/sec, 500 mA USB Device: Bluetooth HCI, Up to 12 Mb/sec, 500 mA FireWire Device: iSight, Apple Computer, Inc., Up to 400 Mb/sec
mitz
Comment 3 2007-05-18 13:40:12 PDT
See also bug 13764.
mitz
Comment 4 2007-05-18 13:40:57 PDT
(In reply to comment #3) > See also bug 13764. Meant to write bug 13674.
David Kilzer (:ddkilzer)
Comment 5 2007-05-18 23:09:22 PDT
Confirmed using a local debug build of WebKit r21595 with Safari 2.0.4 (419.3) on Mac OS X 10.4.9 (8P135). * STEPS TO REPRODUCE 0. Launch Safari/WebKit. 1. Access Google Reader (log in if needed): http://www.google.com/reader/view/ 2. View a blog entry. (I had Surfin' Safari set already, so I picked the latest entry "Back to Basics".) 3. Scroll down and click on the "Email (Updated)" link. 4. Fill in a To: email address. 5. Click "Send". * EXPECTED RESULTS Email should be sent and Safari should not crash. * ACTUAL RESULTS Email is sent but Safari crashes. * REGRESSION This is a regression from shipping Safari 2.0.4 (419.3) on Mac OS X 10.4.9 (8P135). * NOTES Console output from crash: Bus error Stack trace: Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x0000000c Thread 0 Crashed: 0 com.apple.WebCore 0x015db64c WebCore::RenderObject::parent() const + 20 1 com.apple.WebCore 0x016ad73c WebCore::RenderTableCell::section() const + 48 (RenderTableCell.h:57) 2 com.apple.WebCore 0x0120891c WebCore::RenderTableCell::collapsedTopBorder() const + 396 (RenderTableCell.cpp:440) 3 com.apple.WebCore 0x01208cd8 WebCore::RenderTableCell::borderHalfTop(bool) const + 44 (RenderTableCell.cpp:585) 4 com.apple.WebCore 0x0120931c WebCore::RenderTableCell::borderTop() const + 68 (RenderTableCell.cpp:559) 5 com.apple.WebCore 0x01199e3c WebCore::RenderBox::calculateBackgroundImageGeometry(WebCore::BackgroundLayer const*, int, int, int, int, WebCore::IntRect&, WebCore::IntPoint&, WebCore::IntSize&) + 268 (RenderBox.cpp:527) 6 com.apple.WebCore 0x0119aadc WebCore::RenderBox::imageChanged(WebCore::CachedImage*) + 1532 (RenderBox.cpp:502) 7 com.apple.WebCore 0x01127508 WebCore::CachedImage::ref(WebCore::CachedResourceClient*) + 152 (CachedImage.cpp:86) 8 com.apple.WebCore 0x011d8108 WebCore::RenderObject::updateBackgroundImages(WebCore::RenderStyle*) + 476 (RenderObject.cpp:2321) 9 com.apple.WebCore 0x011dab38 WebCore::RenderObject::setStyle(WebCore::RenderStyle*) + 3808 (RenderObject.cpp:2278) 10 com.apple.WebCore 0x01197640 WebCore::RenderBox::setStyle(WebCore::RenderStyle*) + 92 (RenderBox.cpp:82) 11 com.apple.WebCore 0x0117ec24 WebCore::RenderBlock::setStyle(WebCore::RenderStyle*) + 72 (RenderBlock.cpp:133) 12 com.apple.WebCore 0x0120843c WebCore::RenderTableCell::setStyle(WebCore::RenderStyle*) + 380 (RenderTableCell.cpp:247) 13 com.apple.WebCore 0x012c91e0 WebCore::Node::setRenderStyle(WebCore::RenderStyle*) + 92 (Node.cpp:1053) 14 com.apple.WebCore 0x012d15d0 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 760 (Element.cpp:690) 15 com.apple.WebCore 0x012d183c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 1380 (Element.cpp:713) 16 com.apple.WebCore 0x012d183c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 1380 (Element.cpp:713) 17 com.apple.WebCore 0x012d183c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 1380 (Element.cpp:713) 18 com.apple.WebCore 0x012d183c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 1380 (Element.cpp:713) 19 com.apple.WebCore 0x012d183c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 1380 (Element.cpp:713) 20 com.apple.WebCore 0x012d183c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 1380 (Element.cpp:713) 21 com.apple.WebCore 0x012d183c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 1380 (Element.cpp:713) 22 com.apple.WebCore 0x012d183c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 1380 (Element.cpp:713) 23 com.apple.WebCore 0x012d183c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 1380 (Element.cpp:713) 24 com.apple.WebCore 0x012d183c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 1380 (Element.cpp:713) 25 com.apple.WebCore 0x012d183c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 1380 (Element.cpp:713) 26 com.apple.WebCore 0x012d183c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 1380 (Element.cpp:713) 27 com.apple.WebCore 0x012d183c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 1380 (Element.cpp:713) 28 com.apple.WebCore 0x012d183c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 1380 (Element.cpp:713) 29 com.apple.WebCore 0x0110a790 WebCore::Document::recalcStyle(WebCore::Node::StyleChange) + 1284 (Document.cpp:1004) 30 com.apple.WebCore 0x01100fb0 WebCore::Document::updateRendering() + 84 (Document.cpp:1029) 31 com.apple.WebCore 0x011061fc WebCore::Document::updateDocumentsRendering() + 96 (Document.cpp:1036) 32 com.apple.WebCore 0x012ee308 KJS::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 1628 (kjs_events.cpp:155) 33 com.apple.WebCore 0x0121b6c8 WebCore::XMLHttpRequest::callReadyStateChangeListener() + 388 (xmlhttprequest.cpp:305) 34 com.apple.WebCore 0x0121ba40 WebCore::XMLHttpRequest::changeState(WebCore::XMLHttpRequestState) + 68 (xmlhttprequest.cpp:297) 35 com.apple.WebCore 0x0121bea4 WebCore::XMLHttpRequest::didFinishLoading(WebCore::SubresourceLoader*) + 408 (xmlhttprequest.cpp:625) 36 com.apple.WebCore 0x014ad0e8 WebCore::SubresourceLoader::didFinishLoading() + 204 (SubresourceLoader.cpp:194) 37 com.apple.WebCore 0x014aaf08 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) + 60 38 com.apple.WebCore 0x0148006c -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 144 (ResourceHandleMac.mm:370) 39 com.apple.Foundation 0x92c1589c -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 188 40 com.apple.Foundation 0x92c13b08 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 556 41 com.apple.Foundation 0x92c13860 _sendCallbacks + 156 42 com.apple.CoreFoundation 0x907df4fc __CFRunLoopDoSources0 + 384 43 com.apple.CoreFoundation 0x907dea2c __CFRunLoopRun + 452 44 com.apple.CoreFoundation 0x907de4ac CFRunLoopRunSpecific + 268 45 com.apple.HIToolbox 0x9329bb20 RunCurrentEventLoopInMode + 264 46 com.apple.HIToolbox 0x9329b1b4 ReceiveNextEventCommon + 380 47 com.apple.HIToolbox 0x9329b020 BlockUntilNextEventMatchingListInMode + 96 48 com.apple.AppKit 0x937a1ae4 _DPSNextEvent + 384 49 com.apple.AppKit 0x937a17a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 50 com.apple.Safari 0x00006740 0x1000 + 22336 51 com.apple.AppKit 0x9379dcec -[NSApplication run] + 472 52 com.apple.AppKit 0x9388e87c NSApplicationMain + 452 53 com.apple.Safari 0x0005c77c 0x1000 + 374652 54 com.apple.Safari 0x0005c624 0x1000 + 374308
mitz
Comment 6 2007-05-19 01:59:53 PDT
Still can't reproduce, but it looks like the table cell is orphaned, so section() hits a null pointer.
mitz
Comment 7 2007-05-19 02:47:43 PDT
(In reply to comment #5) > * STEPS TO REPRODUCE > 0. Launch Safari/WebKit. > 1. Access Google Reader (log in if needed): http://www.google.com/reader/view/ 1.5. Switch to Expanded view
mitz
Comment 8 2007-05-19 04:30:51 PDT
Created attachment 14623 [details] Recalc sections if dirty in section{Above,Below} and cell{Above,Below,Before,After}
Darin Adler
Comment 9 2007-05-19 10:01:55 PDT
Comment on attachment 14623 [details] Recalc sections if dirty in section{Above,Below} and cell{Above,Below,Before,After} r=me
Mark Rowe (bdash)
Comment 10 2007-05-19 16:32:25 PDT
Landed in r21602.
Beth Dakin
Comment 11 2007-06-18 15:37:09 PDT
<rdar://problem/5275087>
Note You need to log in before you can comment on or make changes to this bug.