Bug 14460
Summary: | REGRESSION: Crash viewing enlarged image on macrumors.com | ||
---|---|---|---|
Product: | WebKit | Reporter: | Matt Lilek <dev+webkit> |
Component: | Page Loading | Assignee: | Nobody <webkit-unassigned> |
Status: | RESOLVED DUPLICATE | ||
Severity: | Normal | Keywords: | NeedsReduction, Regression |
Priority: | P1 | ||
Version: | 523.x (Safari 3) | ||
Hardware: | All | ||
OS: | All |
Matt Lilek
Go to http://macrumors.com (ew) and scroll down to the post about iTunes 7.3 (currently 2nd but will likely be buried under a bajillion iPhone posts within minutes) and click the screenshot to enlarge it. It'll open a new window and crash.
My local debug build of r23868 spits to the console: objc: FREED(id): message retain sent to freed object=0x73dd6b0. This does not crash on windows with the r23841 nightly but the contents does not load. Safari 3.0.2 Beta works fine on both platforms.
Thread 0 Crashed:
0 libobjc.A.dylib 0x90a49ca0 _objc_trap + 0
1 libobjc.A.dylib 0x90a49c14 _objc_error + 76
2 libobjc.A.dylib 0x90a49ba4 __objc_error + 64
3 com.apple.WebKit 0x00421c04 WTF::RetainPtr<objc_object*>::RetainPtr[in-charge](objc_object*) + 64 (RetainPtr.h:66)
4 com.apple.WebKit 0x00392aa4 -[WebView(WebViewInternal) _addObject:forIdentifier:] + 192 (WebView.mm:3810)
5 com.apple.WebKit 0x003c16b8 WebFrameLoaderClient::assignIdentifierToInitialRequest(unsigned long, WebCore::DocumentLoader*, WebCore::ResourceRequest const&) + 372
6 com.apple.WebCore 0x01496e40 WebCore::FrameLoader::dispatchAssignIdentifierToInitialRequest(unsigned long, WebCore::DocumentLoader*, WebCore::ResourceRequest const&) + 92 (FrameLoader.cpp:4432)
7 com.apple.WebCore 0x01496ed8 WebCore::FrameLoader::assignIdentifierToInitialRequest(unsigned long, WebCore::ResourceRequest const&) + 64 (FrameLoader.cpp:3142)
8 com.apple.WebCore 0x014b0998 WebCore::ResourceLoader::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 248
9 com.apple.WebCore 0x014b1c40 WebCore::SubresourceLoader::willSendRequest(WebCore::ResourceRequest&, WebCore::ResourceResponse const&) + 52 (SubresourceLoader.cpp:131)
10 com.apple.WebCore 0x014b125c WebCore::ResourceLoader::load(WebCore::ResourceRequest const&) + 392
11 com.apple.WebCore 0x014b2424 WebCore::SubresourceLoader::load(WebCore::ResourceRequest const&) + 156 (SubresourceLoader.cpp:82)
12 com.apple.WebCore 0x014b27b0 WebCore::SubresourceLoader::create(WebCore::Frame*, WebCore::SubresourceLoaderClient*, WebCore::ResourceRequest const&, bool, bool) + 880 (SubresourceLoader.cpp:122)
13 com.apple.WebCore 0x01130634 WebCore::Loader::servePendingRequests() + 984 (loader.cpp:85)
14 com.apple.WebCore 0x011310b8 WebCore::Loader::load(WebCore::DocLoader*, WebCore::CachedResource*, bool, bool, bool) + 204 (loader.cpp:61)
15 com.apple.WebCore 0x0112cbf8 WebCore::CachedImage::CachedImage[in-charge](WebCore::DocLoader*, WebCore::String const&, bool) + 280 (CachedImage.cpp:56)
16 com.apple.WebCore 0x0112ac28 WebCore::createResource(WebCore::CachedResource::Type, WebCore::DocLoader*, WebCore::KURL const&, WebCore::String const*, bool, bool) + 212 (Cache.cpp:64)
17 com.apple.WebCore 0x0112b03c WebCore::Cache::requestResource(WebCore::DocLoader*, WebCore::CachedResource::Type, WebCore::KURL const&, WebCore::String const*, bool, bool) + 632 (Cache.cpp:107)
18 com.apple.WebCore 0x0112f80c WebCore::DocLoader::requestResource(WebCore::CachedResource::Type, WebCore::String const&, WebCore::String const*, bool, bool) + 300 (DocLoader.cpp:134)
19 com.apple.WebCore 0x0112fa2c WebCore::DocLoader::requestImage(WebCore::String const&) + 56 (DocLoader.cpp:85)
20 com.apple.WebCore 0x0135be94 WebCore::HTMLImageLoader::updateFromElement() + 544 (HTMLImageLoader.cpp:101)
21 com.apple.WebCore 0x0135de48 WebCore::HTMLImageElement::parseMappedAttribute(WebCore::MappedAttribute*) + 276 (HTMLImageElement.cpp:95)
22 com.apple.WebCore 0x012cfb2c WebCore::StyledElement::attributeChanged(WebCore::Attribute*, bool) + 772 (StyledElement.cpp:180)
23 com.apple.WebCore 0x012df434 WebCore::Element::setAttributeMap(WebCore::NamedAttrMap*) + 756 (Element.cpp:506)
24 com.apple.WebCore 0x010254b4 WebCore::HTMLParser::parseToken(WebCore::Token*) + 1484 (HTMLParser.cpp:237)
25 com.apple.WebCore 0x01027ee0 WebCore::HTMLTokenizer::processToken() + 608 (HTMLTokenizer.cpp:1641)
26 com.apple.WebCore 0x0102bcc4 WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) + 6936 (HTMLTokenizer.cpp:1206)
27 com.apple.WebCore 0x0102c87c WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) + 1524 (HTMLTokenizer.cpp:1437)
28 com.apple.WebCore 0x0110ee2c WebCore::Document::write(WebCore::String const&) + 252 (Document.cpp:1489)
29 com.apple.WebCore 0x01529dfc WebCore::JSHTMLDocument::write(KJS::ExecState*, KJS::List const&) + 80 (JSHTMLDocumentCustom.cpp:159)
30 com.apple.WebCore 0x0131b7cc WebCore::JSHTMLDocumentPrototypeFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 308 (JSHTMLDocument.cpp:349)
31 com.apple.JavaScriptCore 0x0058f334 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 288 (object.cpp:98)
32 com.apple.JavaScriptCore 0x005ae6f8 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 992 (nodes.cpp:790)
33 com.apple.JavaScriptCore 0x0059ac5c KJS::ExprStatementNode::execute(KJS::ExecState*) + 220 (nodes.cpp:1729)
34 com.apple.JavaScriptCore 0x00597384 KJS::SourceElementsNode::execute(KJS::ExecState*) + 624 (nodes.cpp:2535)
35 com.apple.JavaScriptCore 0x0059ae80 KJS::BlockNode::execute(KJS::ExecState*) + 216 (nodes.cpp:1706)
36 com.apple.JavaScriptCore 0x0059ba60 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 92 (function.cpp:319)
37 com.apple.JavaScriptCore 0x0059c3e8 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 688 (function.cpp:107)
38 com.apple.JavaScriptCore 0x0058f334 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 288 (object.cpp:98)
39 com.apple.JavaScriptCore 0x005af61c KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 792 (nodes.cpp:694)
40 com.apple.JavaScriptCore 0x0059ac5c KJS::ExprStatementNode::execute(KJS::ExecState*) + 220 (nodes.cpp:1729)
41 com.apple.JavaScriptCore 0x00597230 KJS::SourceElementsNode::execute(KJS::ExecState*) + 284 (nodes.cpp:2529)
42 com.apple.JavaScriptCore 0x0059ae80 KJS::BlockNode::execute(KJS::ExecState*) + 216 (nodes.cpp:1706)
43 com.apple.JavaScriptCore 0x0059ba60 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 92 (function.cpp:319)
44 com.apple.JavaScriptCore 0x0059c3e8 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 688 (function.cpp:107)
45 com.apple.JavaScriptCore 0x0058f334 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 288 (object.cpp:98)
46 com.apple.WebCore 0x012eeda4 WebCore::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 748 (kjs_events.cpp:115)
47 com.apple.WebCore 0x012b41c8 WebCore::EventTargetNode::handleLocalEvents(WebCore::Event*, bool) + 548 (EventTargetNode.cpp:166)
48 com.apple.WebCore 0x012b4de4 WebCore::EventTargetNode::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 1784 (EventTargetNode.cpp:240)
49 com.apple.WebCore 0x012b57b0 WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool, WebCore::EventTarget*) + 396 (EventTargetNode.cpp:308)
50 com.apple.WebCore 0x012b5844 WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 80 (EventTargetNode.cpp:292)
51 com.apple.WebCore 0x012b6724 WebCore::EventTargetNode::dispatchMouseEvent(WebCore::AtomicString const&, int, int, int, int, int, int, bool, bool, bool, bool, bool, WebCore::Node*, WTF::PassRefPtr<WebCore::Event>) + 724 (EventTargetNode.cpp:470)
52 com.apple.WebCore 0x012b6f3c WebCore::EventTargetNode::dispatchMouseEvent(WebCore::PlatformMouseEvent const&, WebCore::AtomicString const&, int, WebCore::Node*) + 560 (EventTargetNode.cpp:397)
53 com.apple.WebCore 0x014e1244 WebCore::EventHandler::dispatchMouseEvent(WebCore::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 212 (EventHandler.cpp:1190)
54 com.apple.WebCore 0x014e1d18 WebCore::EventHandler::handleMouseReleaseEvent(WebCore::PlatformMouseEvent const&) + 1028 (EventHandler.cpp:1024)
55 com.apple.WebCore 0x014d8af0 WebCore::EventHandler::mouseUp(NSEvent*) + 500 (EventHandlerMac.mm:520)
56 com.apple.WebKit 0x00352930 -[WebHTMLView mouseUp:] + 372 (WebHTMLView.mm:2967)
57 com.apple.AppKit 0x937f9900 -[NSWindow sendEvent:] + 4728
58 com.apple.Safari 0x000ab334 0x1000 + 697140
59 com.apple.AppKit 0x937a28d4 -[NSApplication sendEvent:] + 4172
60 com.apple.Safari 0x00016444 0x1000 + 87108
61 com.apple.AppKit 0x93799d10 -[NSApplication run] + 508
62 com.apple.AppKit 0x9388a87c NSApplicationMain + 452
63 com.apple.Safari 0x0000246c 0x1000 + 5228
64 com.apple.Safari 0x0004f1b0 0x1000 + 319920
Attachments | ||
---|---|---|
Add attachment proposed patch, testcase, etc. |
mitz
*** This bug has been marked as a duplicate of 14425 ***