Bug 15747

<rdar://problem/5564604>

I see this assertion failure on the Symantec home page with a debug build of WebKit r27223 as well. Console: ASSERTION FAILED: !HashTranslator::equal(KeyTraits::emptyValue(), key) (/path/to/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/PrivateHeaders/HashTable.h:407 Value* WTF::HashTable<Key, Value, Extractor, HashFunctions, Traits, KeyTraits>::lookup(const T&) [with T = int, HashTranslator = WTF::IdentityHashTranslator<int, std::pair<int, int>, WTF::IntHash<int32_t> >, Key = int, Value = std::pair<int, int>, Extractor = WTF::PairFirstExtractor<std::pair<int, int> >, HashFunctions = WTF::IntHash<int32_t>, Traits = WTF::PairHashTraits<WTF::HashTraits<int32_t>, WTF::HashTraits<int32_t> >, KeyTraits = WTF::HashTraits<int32_t>]) Stack trace: Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0xbbadbeef Thread 0 Crashed: 0 com.apple.WebCore 0x017478cc std::pair<int, int>* WTF::HashTable<int, std::pair<int, int>, WTF::PairFirstExtractor<std::pair<int, int> >, WTF::IntHash<int>, WTF::PairHashTraits<WTF::HashTraits<int>, WTF::HashTraits<int> >, WTF::HashTraits<int> >::lookup<int, WTF::IdentityHashTranslator<int, std::pair<int, int>, WTF::IntHash<int> > >(int const&) + 184 (HashTable.h:407) 1 com.apple.WebCore 0x01747a58 WTF::HashTable<int, std::pair<int, int>, WTF::PairFirstExtractor<std::pair<int, int> >, WTF::IntHash<int>, WTF::PairHashTraits<WTF::HashTraits<int>, WTF::HashTraits<int> >, WTF::HashTraits<int> >::lookup(int const&) + 40 (HashTable.h:321) 2 com.apple.WebCore 0x019d237c WTF::HashMap<WebCore::AtomicStringImpl*, WebCore::CSSRuleDataList*, WTF::PtrHash<WebCore::AtomicStringImpl*>, WTF::HashTraits<WebCore::AtomicStringImpl*>, WTF::HashTraits<WebCore::CSSRuleDataList*> >::get(WebCore::AtomicStringImpl* const&) const + 88 (HashMap.h:299) 3 com.apple.WebCore 0x019d2448 WebCore::CSSRuleSet::getClassRules(WebCore::AtomicStringImpl*) + 52 (CSSStyleSelector.cpp:196) 4 com.apple.WebCore 0x015af8b0 WebCore::CSSStyleSelector::matchRules(WebCore::CSSRuleSet*, int&, int&) + 296 (CSSStyleSelector.cpp:382) 5 com.apple.WebCore 0x015c013c WebCore::CSSStyleSelector::styleForElement(WebCore::Element*, WebCore::RenderStyle*, bool, bool) + 1328 (CSSStyleSelector.cpp:854) 6 com.apple.WebCore 0x012f139c WebCore::Element::styleForRenderer(WebCore::RenderObject*) + 80 (Element.cpp:615) 7 com.apple.WebCore 0x012e8d7c WebCore::Node::createRendererIfNeeded() + 496 (Node.cpp:1020) 8 com.apple.WebCore 0x012f4c34 WebCore::Element::attach() + 36 (Element.cpp:663) 9 com.apple.WebCore 0x0102481c WebCore::HTMLParser::insertNode(WebCore::Node*, bool) + 920 (HTMLParser.cpp:327) 10 com.apple.WebCore 0x01025468 WebCore::HTMLParser::parseToken(WebCore::Token*) + 1796 (HTMLParser.cpp:252) 11 com.apple.WebCore 0x01027f64 WebCore::HTMLTokenizer::processToken() + 608 (HTMLTokenizer.cpp:1653) 12 com.apple.WebCore 0x0102bddc WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) + 6988 (HTMLTokenizer.cpp:1218) 13 com.apple.WebCore 0x0102c994 WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) + 1524 (HTMLTokenizer.cpp:1449) 14 com.apple.WebCore 0x01027c60 WebCore::HTMLTokenizer::notifyFinished(WebCore::CachedResource*) + 1144 (HTMLTokenizer.cpp:1762) 15 com.apple.WebCore 0x01165f64 WebCore::CachedScript::checkNotify() + 108 (CachedScript.cpp:92) 16 com.apple.WebCore 0x01166140 WebCore::CachedScript::data(WTF::PassRefPtr<WebCore::SharedBuffer>, bool) + 336 (CachedScript.cpp:84) 17 com.apple.WebCore 0x01169210 WebCore::Loader::didFinishLoading(WebCore::SubresourceLoader*) + 408 (loader.cpp:116) 18 com.apple.WebCore 0x014e7388 WebCore::SubresourceLoader::didFinishLoading() + 204 (SubresourceLoader.cpp:195) 19 com.apple.WebCore 0x014e5150 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) + 60 20 com.apple.WebCore 0x014b3f38 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 204 (ResourceHandleMac.mm:456) 21 com.apple.Foundation 0x92c1589c -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 188 22 com.apple.Foundation 0x92c13b08 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 556 23 com.apple.Foundation 0x92c13860 _sendCallbacks + 156 24 com.apple.CoreFoundation 0x907de4fc __CFRunLoopDoSources0 + 384 25 com.apple.CoreFoundation 0x907dda2c __CFRunLoopRun + 452 26 com.apple.CoreFoundation 0x907dd4ac CFRunLoopRunSpecific + 268 27 com.apple.HIToolbox 0x9329bb20 RunCurrentEventLoopInMode + 264 28 com.apple.HIToolbox 0x9329b1b4 ReceiveNextEventCommon + 380 29 com.apple.HIToolbox 0x9329b020 BlockUntilNextEventMatchingListInMode + 96 30 com.apple.AppKit 0x937a1ae4 _DPSNextEvent + 384 31 com.apple.AppKit 0x937a17a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 32 com.apple.Safari 0x00006770 0x1000 + 22384 33 com.apple.AppKit 0x9379dcec -[NSApplication run] + 472 34 com.apple.AppKit 0x9388e87c NSApplicationMain + 452 35 com.apple.Safari 0x0000244c 0x1000 + 5196 36 com.apple.Safari 0x0004f1b0 0x1000 + 319920

This also asserts on Hotwire.com when searching for flights.

*** Bug 15757 has been marked as a duplicate of this bug. ***

(In reply to comment #4) > *** Bug 15757 has been marked as a duplicate of this bug. *** Digg.com crashes in release builds (different stack). See Bug 15757.

Created attachment 16973 [details] Crash log report.... Crash happened moments after accessing digg.com

Created attachment 16974 [details] Another crash log Like last night's crash this one occurred while viewing a discussion. Ironically on a OS X Trojan Horse Jim

Created attachment 16981 [details] Crash log ....... spontaneous crash Same spontaneous crash as before........ Go to Digg.com Select a long discussion use you scroll ball to move up and down quickly Crash will occur in a few seconds...... generally going down Jim

Created attachment 16986 [details] Crash log r27337 Again looking at a Digg.com discussion. This time no scrolling was taking place.

(In reply to comment #9) > Created an attachment (id=16986) [edit] > Crash log r27337 > > Again looking at a Digg.com discussion. This time no scrolling was taking > place. > Jim, thanks for the crash logs, but they're all identical so we don't need anymore right now. If you can trigger a crash another way and the crash log isn't the same as the one for this bug, please file a new bug and attach it there.

Created attachment 17027 [details] 10.5 crash log Just opened Webkit and started to browse when crash occurred. Previous spontaneous crashes while view Digg.com had not occurred since using this last nightly build. Then I installed 10.5. Jim

Created attachment 17036 [details] Crash log while in Spaces using in spaces... Crash occurred while viewing an iPhoto slide show in another space

(In reply to comment #12) > Crash log while in Spaces Jim, your crash is unrelated to HashTranslator::equal. Please file a separate bug report.

Actually, I'm not at all sure if that's true. What's the status of this bug, Maciej?

This bug is definitely fixed. If the digg.com problem is still around with the latest nightly builds, then it's another bug. Changing status on this one to FIXED.

I believe this was fixed in r27441, but neither the ChangeLog nor the commit message mention it. http://trac.webkit.org/projects/webkit/changeset/27441

(In reply to comment #16) > I believe this was fixed in r27441, but neither the ChangeLog nor the commit > message mention it. > > http://trac.webkit.org/projects/webkit/changeset/27441 > It was hard to tell from the crash logs attached to this bug whether it was about the instance that I'd fixed.

(In reply to comment #15) > If the digg.com problem is still around with the latest nightly builds, then > it's another bug. Changing status on this one to FIXED. The digg.com bug still occurs. See Bug 15848. (In reply to comment #17) > It was hard to tell from the crash logs attached to this bug whether it was > about the instance that I'd fixed. Doh! You were correct.

(In reply to comment #3) > This also asserts on Hotwire.com when searching for flights. The Hotwire.com bug appears to have been fixed. See Comment #16.