Bug 16097

Summary: Safari crashes during load of LexisNexis search results
Product: WebKit Reporter: Sam Stigler <sstigler1985>
Component: Page LoadingAssignee: Darin Adler <darin>
Status: RESOLVED FIXED    
Severity: Major CC: ddkilzer, dev+webkit, mark, mitz
Priority: P1 Keywords: InRadar
Version: 523.x (Safari 3)   
Hardware: Mac (Intel)   
OS: OS X 10.5   
URL: http://www.lexisnexis.com:80/us/lnacademic/search/loadForm.do?formID=AC00NBGenSrch&random=0.230971188932794
Attachments:
Description Flags
Packet trace from crash on build 28129 (29 Nov. 2007)
none
patch
darin: review-
Reduction (will crash), can be turned into regression test
none
better patch, without so much leaking ;-)
none
better patch, also handles case where node is moved out of the document
none
patch, compiles now (oops) mitz: review+

Sam Stigler
Reported 2007-11-22 21:01:21 PST
Overview Description: An EXC_BAD_ACCESS is triggered as the search results page is loading, resulting in a crash of Safari. Steps to Reproduce: 1) Visit the URL above; sign in if necessary. 2) Select the "Natural Language" radio button 3) Enter "Ethnic identity and domestic security" (without the quotation marks) as the search term 4) Enter "Ethnic" as a required term 5) Select "International Security" (a journal) as the source. (Note: I arrived at this page from my college library's site (library.lclark.edu --> Journal Title), and "International Security" was already selected.) 6) Click the red "Search" button to the right of the form. Actual Results: Safari crashed after loading roughly 1/6 of a page of the search results, giving an EXC_BAD_ACCESS error as the reason. The crash report is below from CrashReporter. Expected Results: The search results would load completely; Safari wouldn't crash. Build Date & Platform: Unsure of the build date; I'm using the version that came bundled with Leopard (3.0.4 (5523.10)). Additional Information: Here is the crash report generated by CrashReporter: Process: Safari [8607] Path: /Applications/Safari.app/Contents/MacOS/Safari Identifier: com.apple.Safari Version: 3.0.4 (5523.10) Build Info: WebBrowser-55231000~1 Code Type: X86 (Native) Parent Process: launchd [66] Date/Time: 2007-11-22 20:34:52.063 -0800 OS Version: Mac OS X 10.5.1 (9B18) Report Version: 6 Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000498 Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.WebCore 0x95ae5a09 WebCore::DocumentLoader::isLoadingMultipartContent() const + 9 1 com.apple.WebCore 0x95ae566a WebCore::ImageTokenizer::finish() + 138 2 com.apple.WebCore 0x958c8e94 WebCore::FrameLoader::endIfNotLoadingMainResource() + 116 3 com.apple.WebCore 0x959072f3 WebCore::Document::close() + 35 4 com.apple.WebCore 0x959569bc WebCore::JSHTMLDocumentPrototypeFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 732 5 com.apple.JavaScriptCore 0x92574a13 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 915 6 com.apple.JavaScriptCore 0x9257d735 KJS::ExprStatementNode::execute(KJS::ExecState*) + 69 7 com.apple.JavaScriptCore 0x92572f27 KJS::SourceElementsNode::execute(KJS::ExecState*) + 423 8 com.apple.JavaScriptCore 0x92572601 KJS::BlockNode::execute(KJS::ExecState*) + 49 9 com.apple.JavaScriptCore 0x92581797 KJS::IfNode::execute(KJS::ExecState*) + 407 10 com.apple.JavaScriptCore 0x92572f27 KJS::SourceElementsNode::execute(KJS::ExecState*) + 423 11 com.apple.JavaScriptCore 0x92572601 KJS::BlockNode::execute(KJS::ExecState*) + 49 12 com.apple.JavaScriptCore 0x9257e57c KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 28 13 com.apple.JavaScriptCore 0x9257df8f KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 559 14 com.apple.JavaScriptCore 0x9258d4b3 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 915 15 com.apple.JavaScriptCore 0x9257d735 KJS::ExprStatementNode::execute(KJS::ExecState*) + 69 16 com.apple.JavaScriptCore 0x92572e0b KJS::SourceElementsNode::execute(KJS::ExecState*) + 139 17 com.apple.JavaScriptCore 0x92572601 KJS::BlockNode::execute(KJS::ExecState*) + 49 18 com.apple.JavaScriptCore 0x9257e57c KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 28 19 com.apple.JavaScriptCore 0x9257df8f KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 559 20 com.apple.JavaScriptCore 0x925a9127 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 135 21 com.apple.WebCore 0x959b83a2 WebCore::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 1074 22 com.apple.WebCore 0x9594f446 WebCore::EventTargetNode::handleLocalEvents(WebCore::Event*, bool) + 182 23 com.apple.WebCore 0x9594f2ad WebCore::EventTargetNode::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 1053 24 com.apple.WebCore 0x95919c8e WebCore::EventTargetNode::dispatchWindowEvent(WebCore::AtomicString const&, bool, bool) + 478 25 com.apple.WebCore 0x95907c9c WebCore::Document::implicitClose() + 252 26 com.apple.WebCore 0x958c9194 WebCore::FrameLoader::checkCallImplicitClose() + 308 27 com.apple.WebCore 0x958c8fdb WebCore::FrameLoader::checkCompleted() + 187 28 com.apple.WebCore 0x9593aa07 WebCore::Loader::didFinishLoading(WebCore::SubresourceLoader*) + 327 29 com.apple.WebCore 0x959375c1 WebCore::SubresourceLoader::didFinishLoading() + 49 30 com.apple.WebCore 0x959357f8 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 72 31 com.apple.Foundation 0x94d21357 -[NSURLConnection(NSURLConnectionReallyInternal) sendDidFinishLoading] + 87 32 com.apple.Foundation 0x94d212e4 _NSURLConnectionDidFinishLoading + 68 33 com.apple.CFNetwork 0x91e22adf sendDidFinishLoadingCallback + 148 34 com.apple.CFNetwork 0x91e1f9d2 _CFURLConnectionSendCallbacks + 1908 35 com.apple.CFNetwork 0x91e1f1e3 muxerSourcePerform + 283 36 com.apple.CoreFoundation 0x917ee64e CFRunLoopRunSpecific + 3166 37 com.apple.CoreFoundation 0x917eed38 CFRunLoopRunInMode + 88 38 com.apple.HIToolbox 0x91a7c8a4 RunCurrentEventLoopInMode + 283 39 com.apple.HIToolbox 0x91a7c6bd ReceiveNextEventCommon + 374 40 com.apple.HIToolbox 0x91a7c531 BlockUntilNextEventMatchingListInMode + 106 41 com.apple.AppKit 0x93d09d5b _DPSNextEvent + 657 42 com.apple.AppKit 0x93d096a0 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 43 com.apple.Safari 0x00009d4e 0x1000 + 36174 44 com.apple.AppKit 0x93d026d1 -[NSApplication run] + 795 45 com.apple.AppKit 0x93ccf9ba NSApplicationMain + 574 46 com.apple.Safari 0x00002876 0x1000 + 6262 Thread 1: 0 libSystem.B.dylib 0x918f9ace __semwait_signal + 10 1 libSystem.B.dylib 0x91923ced pthread_cond_wait$UNIX2003 + 73 2 com.apple.WebCore 0x958b35af WebCore::IconDatabase::syncThreadMainLoop() + 239 3 com.apple.WebCore 0x958aeba5 WebCore::IconDatabase::iconDatabaseSyncThread() + 181 4 libSystem.B.dylib 0x91923075 _pthread_start + 321 5 libSystem.B.dylib 0x91922f32 thread_start + 34 Thread 2: 0 libSystem.B.dylib 0x918f28e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x918fa0dc mach_msg + 72 2 com.apple.CoreFoundation 0x917ee0fe CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x917eed38 CFRunLoopRunInMode + 88 4 com.apple.CFNetwork 0x91e1a7c2 CFURLCacheWorkerThread(void*) + 396 5 libSystem.B.dylib 0x91923075 _pthread_start + 321 6 libSystem.B.dylib 0x91922f32 thread_start + 34 Thread 3: 0 libSystem.B.dylib 0x918f28e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x918fa0dc mach_msg + 72 2 com.apple.CoreFoundation 0x917ee0fe CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x917eed38 CFRunLoopRunInMode + 88 4 com.apple.Foundation 0x94d1f560 +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] + 320 5 com.apple.Foundation 0x94cbc04d -[NSThread main] + 45 6 com.apple.Foundation 0x94cbbbf4 __NSThread__main__ + 308 7 libSystem.B.dylib 0x91923075 _pthread_start + 321 8 libSystem.B.dylib 0x91922f32 thread_start + 34 Thread 4: 0 libSystem.B.dylib 0x91941f5a select$DARWIN_EXTSN + 10 1 libSystem.B.dylib 0x91923075 _pthread_start + 321 2 libSystem.B.dylib 0x91922f32 thread_start + 34 Thread 5: 0 libSystem.B.dylib 0x9195b95a __workq_ops + 10 1 libSystem.B.dylib 0x9195b98a start_wqthread + 30 Thread 6: Thread 0 crashed with X86 Thread State (32-bit): eax: 0x00000000 ebx: 0x958c8e37 ecx: 0x157af630 edx: 0x159d0240 edi: 0x156cddb0 esi: 0x156f2960 ebp: 0xbfffdea8 esp: 0xbfffdea8 ss: 0x0000001f efl: 0x00010282 eip: 0x95ae5a09 cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 cr2: 0x00000498 Binary Images: 0x1000 - 0x12efef com.apple.Safari 3.0.4 (5523.10) <c10a33847b3bae1843862f299f82c6ab> /Applications/Safari.app/Contents/MacOS/Safari 0x176000 - 0x184ff8 SyndicationUI ??? (???) <8adc35e1eb5001dead3c18ee25f2e8db> /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI 0x632000 - 0x718ff7 com.apple.RawCamera.bundle 2.0 (2.0) /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera 0x139ac000 - 0x139b1ff3 libCGXCoreImage.A.dylib ??? (???) <978986709159e5fe9e094df5efddac1d> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXCoreImage.A.dylib 0x15a2b000 - 0x15a2bffe com.apple.JavaPluginCocoa 12.0.0 (12.0.0) <02a9f23a8bfc902c32ac0adfb66d6816> /Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/MacOS/JavaPluginCocoa 0x16058000 - 0x1605fffd com.apple.JavaVM 12.0.0 (12.0.0) <44b9536fe4d7c7fcb3506adb695a180f> /System/Library/Frameworks/JavaVM.framework/Versions/A/JavaVM 0x8fe00000 - 0x8fe2d883 dyld 95.3 (???) <81592e798780564b5d46b988f7ee1a6a> /usr/lib/dyld 0x90003000 - 0x90017ff3 com.apple.ImageCapture 4.0 (5.0.0) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x90018000 - 0x90075ffb libstdc++.6.dylib ??? (???) <04b812dcec670daa8b7d2852ab14be60> /usr/lib/libstdc++.6.dylib 0x90076000 - 0x9070dfef com.apple.CoreGraphics 1.351.0 (???) <7a6f399039eed6dbe845c169f7d21a70> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x9072b000 - 0x90761fef libtidy.A.dylib ??? (???) <e4d3e7399fb83d7f145f9b4ec8196242> /usr/lib/libtidy.A.dylib 0x915e3000 - 0x91619fff com.apple.SystemConfiguration 1.9.0 (1.9.0) <7919d9588c3b0d556646e555b7193f1f> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x9161a000 - 0x9161dfff com.apple.help 1.1 (36) <b507b08e484cb89033e9cf23062d77de> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x91636000 - 0x9177bff7 com.apple.ImageIO.framework 2.0.0 (2.0.0) <154d4d8cda2bd99518cbabc9f2d69833> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x9177c000 - 0x918aefe7 com.apple.CoreFoundation 6.5 (476) <8bfebc0dbad6fc33bea0fa00a1b9ec37> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x918af000 - 0x918f1fef com.apple.NavigationServices 3.5.1 (161) <cc6bd78eabf1e2e7166914e9f12f5850> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x918f2000 - 0x91a4cfe3 libSystem.B.dylib ??? (???) <8ecc83dc0399be3946f7a46e88cf4bbb> /usr/lib/libSystem.B.dylib 0x91a4d000 - 0x91d53fff com.apple.HIToolbox 1.5.0 (???) <1b872a7151ee3f80c9c736a3e46d00d9> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x91d54000 - 0x91d56ff5 libRadiance.dylib ??? (???) <20eadb285da83df96c795c2c5fa20590> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x91d57000 - 0x91d86fe3 com.apple.AE 402 (402) <994ba8e884aefe7bf1fc5987df099e7b> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x91d87000 - 0x91e0eff7 libsqlite3.0.dylib ??? (???) <273efcb717e89c21207c851d7d33fda4> /usr/lib/libsqlite3.0.dylib 0x91e0f000 - 0x91e86fe3 com.apple.CFNetwork 220 (220) <0ae8fbcbadcb9bd8d673aa4531c0fcfc> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x91e87000 - 0x91ee0fff libGLU.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x91f1e000 - 0x91f1effb com.apple.installserver.framework 1.0 (8) /System/Library/PrivateFrameworks/InstallServer.framework/Versions/A/InstallServer 0x91f1f000 - 0x91fd5fe3 com.apple.CoreServices.OSServices 210.2 (210.2) <4ed69f07fc0f211ab32d1ee96e281fc2> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x91fd6000 - 0x91fecfff com.apple.DictionaryServices 1.0.0 (1.0.0) <ad0aa0252e3323d182e17f50defe56fc> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices 0x91fed000 - 0x923fdfef libBLAS.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x923fe000 - 0x924dfff7 libxml2.2.dylib ??? (???) <450ec38b57fb46013847cce851001a2f> /usr/lib/libxml2.2.dylib 0x92531000 - 0x9254fff3 com.apple.DirectoryService.Framework 3.5 (3.5) <899d8c9ee31b004a6ff73dab88982b1a> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x92550000 - 0x925f9fff com.apple.JavaScriptCore 5523.10.3 (5523.10.3) <9e6719a7a0740f5c224099a7b853e45b> /System/Library/Frameworks/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x926d6000 - 0x92a6cff7 com.apple.QuartzCore 1.5.1 (1.5.1) <deb61cbeb3f734a1b2f4669f6268b9de> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x92a7a000 - 0x92b2afff edu.mit.Kerberos 6.0.11 (6.0.11) <33c25789baedcd70a7e24881775dd9ad> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos 0x92b2b000 - 0x92ee9fea libLAPACK.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x92eea000 - 0x92fb5fff com.apple.ColorSync 4.5.0 (4.5.0) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x92fb6000 - 0x92fb6ff8 com.apple.ApplicationServices 34 (34) <8f910fa65f01d401ad8d04cc933cf887> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x92fb8000 - 0x92fb8ffa com.apple.CoreServices 32 (32) <2fcc8f3bd5bbfc000b476cad8e6a3dd2> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x92fe9000 - 0x92ff1fff com.apple.DiskArbitration 2.2 (2.2) <1551b2af557fdf6f368f93e093933852> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x92ff2000 - 0x9306cff8 com.apple.print.framework.PrintCore 5.5 (245) <9441d178f4b430cf92b67bf346646693> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x931a4000 - 0x9322efff com.apple.framework.IOKit 1.5.1 (???) <5176a7383151a19c962334009fef2c6d> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x9322f000 - 0x932bbff7 com.apple.LaunchServices 284 (284) <0fb50a7a6fd38875f727fc2592a496e4> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x933b1000 - 0x9357afef com.apple.security 5.0.1 (32736) <8c9eda0fcc1d8a571543025ac900715f> /System/Library/Frameworks/Security.framework/Versions/A/Security 0x9357b000 - 0x93642ff2 com.apple.vImage 3.0 (3.0) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x93643000 - 0x93744fff com.apple.PubSub 1.0.1 (59) /System/Library/Frameworks/PubSub.framework/Versions/A/PubSub 0x93745000 - 0x937f4fff com.apple.DesktopServices 1.4.3 (1.4.3) <66d5ed56111c43d234e235d365d02469> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x937f5000 - 0x9383ffe1 com.apple.securityinterface 3.0 (32532) <f521dae416ce7a3bdd594b0d4e2fb517> /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x9388d000 - 0x9389afe7 com.apple.opengl 1.5.5 (1.5.5) <aa08b52d2a84b44dc6ee5d544a53fe8a> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x9389b000 - 0x938a2ffe libbsm.dylib ??? (???) <d25c63378a5029648ffd4b4669be31bf> /usr/lib/libbsm.dylib 0x938a3000 - 0x938a8fff com.apple.backup.framework 1.0 (1.0) /System/Library/PrivateFrameworks/Backup.framework/Versions/A/Backup 0x93bbc000 - 0x93ca0ffb com.apple.CoreData 100 (185) <a4e63784275e25e62f57e75e0af0b94d> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x93ca1000 - 0x93cb7fe7 com.apple.CoreVideo 1.5.0 (1.5.0) <8947e88900afa1d2ca78b69bff98b0d7> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x93cb8000 - 0x93cc8fff com.apple.speech.synthesis.framework 3.6.59 (3.6.59) <4ffef145fad3d4d787e0c33eab26b336> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x93cc9000 - 0x944c3fef com.apple.AppKit 6.5 (949) <f8d0f6d0bb5ac092f48f42ca684bdb54> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x944c4000 - 0x944f6fff com.apple.LDAPFramework 1.4.3 (106) <3a5c9df6032143cd6bc2658a9d328d8e> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x944f7000 - 0x945a9ffb libcrypto.0.9.7.dylib ??? (???) <330b0e48e67faffc8c22dfc069ca7a47> /usr/lib/libcrypto.0.9.7.dylib 0x945aa000 - 0x945b9ffe com.apple.DSObjCWrappers.Framework 1.2 (1.2) <f5b58d1d3a855a63d493ccbec417a1e9> /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x945ba000 - 0x945f9fef libTIFF.dylib ??? (???) <6d0f80e9d4d81f3f64c876aca005bd53> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x94686000 - 0x946c7fe7 libRIP.A.dylib ??? (???) <bdc6d70bf4ed3dace321b4ff76a353b3> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x946c8000 - 0x94783fe3 com.apple.WebKit 5523.10.3 (5523.10.3) <2741777559b3948d520a4d126330dbce> /System/Library/Frameworks/WebKit.framework/Versions/A/WebKit 0x9484a000 - 0x94b23fe7 com.apple.CoreServices.CarbonCore 783 (783) <8370e664eeb25edc98d5c1f5405b06ae> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x94b72000 - 0x94b7eff5 libGL.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x94b7f000 - 0x94bcfff7 com.apple.HIServices 1.6.0 (???) <d74aa73e4cfd30a08fb169198a8d2539> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x94bd0000 - 0x94c63fff com.apple.ink.framework 101.3 (86) <bf3fa8927b4b8baae92381a976fd2079> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x94c6c000 - 0x94ca5ffe com.apple.securityfoundation 3.0 (32768) <1e9885d63ced51f81bc1f39af624637d> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x94cb2000 - 0x94f2bfe7 com.apple.Foundation 6.5.1 (677.1) <85ac18c7cd454378db6122bea0c00965> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x94f2c000 - 0x94fa8feb com.apple.audio.CoreAudio 3.1.0 (3.1) <70bb7c657061631491029a61babe0b26> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x94fcf000 - 0x94feaffb libPng.dylib ??? (???) <b6abcac36ec7654ff3e1cfa786b0117b> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x94feb000 - 0x950cafff libobjc.A.dylib ??? (???) <5eda47fec2d0e7853b3506aa1fd2dafa> /usr/lib/libobjc.A.dylib 0x950cb000 - 0x95597ffe libGLProgrammability.dylib ??? (???) <e8bc0af671427cf2b6279a035805a086> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib 0x95598000 - 0x955a6ffd libz.1.dylib ??? (???) <5ddd8539ae2ebfd8e7cc1c57525385c7> /usr/lib/libz.1.dylib 0x955a7000 - 0x955aefe9 libgcc_s.1.dylib ??? (???) <f53c808e87d1184c0f9df63aef53ce0b> /usr/lib/libgcc_s.1.dylib 0x955af000 - 0x955f4fef com.apple.Metadata 10.5.0 (398) <4fd74fba0062c2e08ec4b1c10b40ff63> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x95861000 - 0x95880ffa libJPEG.dylib ??? (???) <0cfb80109d624beb9ceb3c43b6c5ec10> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x95881000 - 0x95882fef libmathCommon.A.dylib ??? (???) /usr/lib/system/libmathCommon.A.dylib 0x958a7000 - 0x958abfff libGIF.dylib ??? (???) <d4234e6f5e5f530bdafb969157f1f17b> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x958ac000 - 0x95dc1fff com.apple.WebCore 5523.10.3 (5523.10.3) <89179acba0e5ae2163d4a75ad460cbdb> /System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebCore.framework/Versions/A/WebCore 0x95dc2000 - 0x95dd2ffc com.apple.LangAnalysis 1.6.4 (1.6.4) <cbeb17ab39f28351fe2ab5b82bf465bc> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x95dd3000 - 0x95dddfeb com.apple.audio.SoundManager 3.9.2 (3.9.2) <0f2ba6e891d3761212cf5a5e6134d683> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x95dde000 - 0x95e52fef libvMisc.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x95e53000 - 0x95e7bff7 com.apple.shortcut 1 (1.0) <057783867138902b52bc0941fedb74d1> /System/Library/PrivateFrameworks/Shortcut.framework/Versions/A/Shortcut 0x95e7c000 - 0x95ee1ffb com.apple.ISSupport 1.6 (34) /System/Library/PrivateFrameworks/ISSupport.framework/Versions/A/ISSupport 0x95f17000 - 0x95f26fff libsasl2.2.dylib ??? (???) <b9e1ca0b6612e280b6cbea6df0eec5f6> /usr/lib/libsasl2.2.dylib 0x95f27000 - 0x95f30fff com.apple.speech.recognition.framework 3.7.24 (3.7.24) <d3180f9edbd9a5e6f283d6156aa3c602> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x95f31000 - 0x95f31fff com.apple.Carbon 136 (136) <98a5e3bc0c4fa44bbb09713bb88707fe> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x95f32000 - 0x95f32ffd com.apple.Accelerate 1.4 (Accelerate 1.4) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x95f33000 - 0x960b1fff com.apple.AddressBook.framework 4.1 (687) <3f005092d08e963eabe8f7f66c09cc1e> /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x960b2000 - 0x961eaff7 libicucore.A.dylib ??? (???) <afcea652ff2ec36885b2c81c57d06d4c> /usr/lib/libicucore.A.dylib 0x961eb000 - 0x96247ff7 com.apple.htmlrendering 68 (1.1.3) <fe87a9dede38db00e6c8949942c6bd4f> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x96248000 - 0x9626cfff libxslt.1.dylib ??? (???) <4933ddc7f6618743197aadc85b33b5ab> /usr/lib/libxslt.1.dylib 0x9626d000 - 0x9626ffff com.apple.securityhi 3.0 (30817) <2b2854123fed609d1820d2779e2e0963> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x96270000 - 0x96270ffc com.apple.audio.units.AudioUnit 1.5 (1.5) /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x96271000 - 0x96272ffc libffi.dylib ??? (???) <a3b573eb950ca583290f7b2b4c486d09> /usr/lib/libffi.dylib 0x963ca000 - 0x96424ff7 com.apple.CoreText 2.0.0 (???) <7fa39cd5bc847615ec02e7c7a37c0508> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x96425000 - 0x96425ffd com.apple.vecLib 3.4 (vecLib 3.4) /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x9645d000 - 0x9645dffd com.apple.Accelerate.vecLib 3.4 (vecLib 3.4) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x9645e000 - 0x96482feb libssl.0.9.7.dylib ??? (???) <acee7fc534674498dcac211318aa23e8> /usr/lib/libssl.0.9.7.dylib 0x96488000 - 0x9648efff com.apple.print.framework.Print 218 (220) <c35172175abbe554ddadd9b6401351fa> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x9648f000 - 0x9649afe7 libCSync.A.dylib ??? (???) <df82fc093e498a9eb5490761cb292218> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x9649c000 - 0x965c0fe3 com.apple.audio.toolbox.AudioToolbox 1.5 (1.5) /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x965c1000 - 0x96653ff3 com.apple.ApplicationServices.ATS 3.0 (???) <fb5f572243dbc370a0ea5efc8e81ae11> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x9676d000 - 0x9676ffff com.apple.CrashReporterSupport 10.5.0 (156) <3088b785b10d03504ed02f3fee5d3aab> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Versions/A/CrashReporterSupport 0x967a2000 - 0x967cffeb libvDSP.dylib ??? (???) <a26683d121ee0f96df9a9d0bfca36049> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x967d6000 - 0x96813ff7 libGLImage.dylib ??? (???) <202d73e6a4688fc06ff11b71910c2ce7> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x969de000 - 0x96a85fff com.apple.QD 3.11.50 (???) <e2f71720ae1dad06a8883ac80775b21a> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x96a86000 - 0x96a9efff com.apple.openscripting 1.2.6 (???) <b8e553df643f2aec68fa968b3b459b2b> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x96a9f000 - 0x96aa4fff com.apple.CommonPanels 1.2.4 (85) <ea0665f57cd267609466ed8b2b20e893> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x96aa5000 - 0x96aacff7 libCGATS.A.dylib ??? (???) <9b29a5500efe01cc3adea67bbc42568e> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x96b8d000 - 0x96c0cff5 com.apple.SearchKit 1.2.0 (1.2.0) <277b460da86bc222785159fe77e2e2ed> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x96c0d000 - 0x96c34fff libcups.2.dylib ??? (???) <6b61eb99e6f5dd2d66cd224e9f82427d> /usr/lib/libcups.2.dylib 0x96c35000 - 0x96c40ff9 com.apple.helpdata 1.0 (14) /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/HelpData 0x96c41000 - 0x96c7bff7 com.apple.coreui 0.1 (60) /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI 0x96ce5000 - 0x96ce5ff8 com.apple.Cocoa 6.5 (???) <e064f94d969ce25cb7de3cfb980c3249> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x96ce6000 - 0x96d04fff libresolv.9.dylib ??? (???) <54e6a08c2f108bdf5916fb483d51961b> /usr/lib/libresolv.9.dylib 0x96d05000 - 0x96d2ffef libauto.dylib ??? (???) <d468bc4a8a69343f1748c293db1b57fb> /usr/lib/libauto.dylib 0xfffe8000 - 0xfffebfff libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib 0xffff0000 - 0xffff1780 libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib
Attachments
Packet trace from crash on build 28129 (29 Nov. 2007) (311.37 KB, application/octet-stream)
2007-11-28 23:29 PST, Sam Stigler 		no flags
Details
patch (2.86 KB, patch)
2007-12-01 09:40 PST, Darin Adler 		darin: review-
DetailsFormatted DiffDiff
Reduction (will crash), can be turned into regression test (326 bytes, text/html)
2007-12-01 10:05 PST, mitz 		no flags
Details
better patch, without so much leaking ;-) (7.82 KB, patch)
2007-12-01 10:37 PST, Darin Adler 		no flags
DetailsFormatted DiffDiff
better patch, also handles case where node is moved out of the document (8.38 KB, patch)
2007-12-01 10:55 PST, Darin Adler 		no flags
DetailsFormatted DiffDiff
patch, compiles now (oops) (8.43 KB, patch)
2007-12-01 11:00 PST, Darin Adler 		mitz: review+
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2007-11-28 21:49:45 PST
Sam, does this happen with a WebKit nightly build? <http://nightly.webkit.org/> Looks like a multi-part request issue. (May be hard to reproduce without access to the actual web site.) We probably need a packet trace if we can't get access to the site (e.g., using tcpdump).
David Kilzer (:ddkilzer)
Comment 2 2007-11-28 21:53:07 PST
<rdar://problem/5619305>
David Kilzer (:ddkilzer)
Comment 3 2007-11-28 22:03:29 PST
(In reply to comment #1) > Looks like a multi-part request issue. (May be hard to reproduce without > access to the actual web site.) We probably need a packet trace if we can't > get access to the site (e.g., using tcpdump). Sam, could you capture a packet trace when Safari crashes? Basically, run this command from a Terminal window BEFORE Step 6 in Comment #0 (assuming your ethernet port is en1; if you're using a wireless connection it may be en1; run the "ifconfig -a" command and pick the interface that has a valid IP address with it): sudo tcpdump -s 0 -w packets.tcpdump -i en0 Then click the "Search" button as in Step 6. When Safari has crashed, hit Ctrl-C to stop the command, then attach packets.tcpdump to this bug. Please note that this command will capture ALL network traffic, so please don't log into any other sites while you're running the command. If you'd rather not post the packet dump to the bug, please send me private email.
Sam Stigler
Comment 4 2007-11-28 23:21:51 PST
Yes. I was just able to reproduce this with the November 29, 2007 nightly build (28129). (In reply to comment #1) > Sam, does this happen with a WebKit nightly build? > <http://nightly.webkit.org/> > > Looks like a multi-part request issue. (May be hard to reproduce without > access to the actual web site.) We probably need a packet trace if we can't > get access to the site (e.g., using tcpdump). >
Sam Stigler
Comment 5 2007-11-28 23:29:17 PST
Created attachment 17588 [details] Packet trace from crash on build 28129 (29 Nov. 2007)
Sam Stigler
Comment 6 2007-11-28 23:34:26 PST
While I was able to reproduce this on build 28129, the behavior of the bug was slightly different: This time the page loaded, for the most part, but seemed to be waiting for one more thing. Then after a few seconds the crash occurred. I'm pasting in an updated stack trace for Thread 0 below; please note this most recent crash occurred in a different method: Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000000 Crashed Thread: 0 Thread 0 Crashed: 0 ??? 0000000000 0 + 0 1 com.apple.WebCore 0x00c7c2e4 WebCore::FrameLoader::endIfNotLoadingMainResource() + 116 2 com.apple.WebCore 0x00c13833 WebCore::Document::close() + 35 3 com.apple.WebCore 0x00d69606 WebCore::JSHTMLDocumentPrototypeFunctionClose::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 70 4 com.apple.JavaScriptCore 0x00340ac0 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 816 5 com.apple.JavaScriptCore 0x0032b5ed KJS::ExprStatementNode::execute(KJS::ExecState*) + 109 6 com.apple.JavaScriptCore 0x002ec28d KJS::BlockNode::execute(KJS::ExecState*) + 61 7 com.apple.JavaScriptCore 0x0032b71b KJS::IfNode::execute(KJS::ExecState*) + 203 8 com.apple.JavaScriptCore 0x003621c3 KJS::FunctionBodyNode::execute(KJS::ExecState*) + 467 9 com.apple.JavaScriptCore 0x002ea13c KJS::FunctionImp::execute(KJS::ExecState*) + 28 10 com.apple.JavaScriptCore 0x0035f953 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 387 11 com.apple.JavaScriptCore 0x003432ed KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 909 12 com.apple.JavaScriptCore 0x0032b5ed KJS::ExprStatementNode::execute(KJS::ExecState*) + 109 13 com.apple.JavaScriptCore 0x003621c3 KJS::FunctionBodyNode::execute(KJS::ExecState*) + 467 14 com.apple.JavaScriptCore 0x002ea13c KJS::FunctionImp::execute(KJS::ExecState*) + 28 15 com.apple.JavaScriptCore 0x0035f953 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 387 16 com.apple.JavaScriptCore 0x00315c17 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 135 17 com.apple.WebCore 0x010b1c69 WebCore::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 1433 18 com.apple.WebCore 0x00c43786 WebCore::EventTargetNode::handleLocalEvents(WebCore::Event*, bool) + 182 19 com.apple.WebCore 0x00c440fd WebCore::EventTargetNode::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event>, int&, bool) + 1053 20 com.apple.WebCore 0x00c4454e WebCore::EventTargetNode::dispatchWindowEvent(WebCore::AtomicString const&, bool, bool) + 478 21 com.apple.WebCore 0x00c13599 WebCore::Document::implicitClose() + 281 22 com.apple.WebCore 0x00c69f44 WebCore::FrameLoader::checkCallImplicitClose() + 308 23 com.apple.WebCore 0x00c7928b WebCore::FrameLoader::checkCompleted() + 187 24 com.apple.WebCore 0x010c4967 WebCore::Loader::didFinishLoading(WebCore::SubresourceLoader*) + 327 25 com.apple.WebCore 0x0104b111 WebCore::SubresourceLoader::didFinishLoading() + 49 26 com.apple.WebCore 0x00f13418 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 72 27 com.apple.Foundation 0x94d21357 -[NSURLConnection(NSURLConnectionReallyInternal) sendDidFinishLoading] + 87 28 com.apple.Foundation 0x94d212e4 _NSURLConnectionDidFinishLoading + 68 29 com.apple.CFNetwork 0x91e22adf sendDidFinishLoadingCallback + 148 30 com.apple.CFNetwork 0x91e1f9d2 _CFURLConnectionSendCallbacks + 1908 31 com.apple.CFNetwork 0x91e1f1e3 muxerSourcePerform + 283 32 com.apple.CoreFoundation 0x917ee64e CFRunLoopRunSpecific + 3166 33 com.apple.CoreFoundation 0x917eed38 CFRunLoopRunInMode + 88 34 com.apple.HIToolbox 0x91a7c8a4 RunCurrentEventLoopInMode + 283 35 com.apple.HIToolbox 0x91a7c6bd ReceiveNextEventCommon + 374 36 com.apple.HIToolbox 0x91a7c531 BlockUntilNextEventMatchingListInMode + 106 37 com.apple.AppKit 0x93d09d5b _DPSNextEvent + 657 38 com.apple.AppKit 0x93d096a0 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 39 com.apple.Safari 0x00009d4e 0x1000 + 36174 40 com.apple.AppKit 0x93d026d1 -[NSApplication run] + 795 41 com.apple.AppKit 0x93ccf9ba NSApplicationMain + 574 42 com.apple.Safari 0x00002876 0x1000 + 6262 (In reply to comment #4) > Yes. I was just able to reproduce this with the November 29, 2007 nightly > build (28129). > > (In reply to comment #1) > > Sam, does this happen with a WebKit nightly build? > > <http://nightly.webkit.org/> > > > > Looks like a multi-part request issue. (May be hard to reproduce without > > access to the actual web site.) We probably need a packet trace if we can't > > get access to the site (e.g., using tcpdump). > > >
Matt Lilek
Comment 7 2007-11-29 15:18:54 PST
My school seems to use this service - I'll find out tomorrow how I can actually log into the thing and see if I can get some more info on this bug.
David Kilzer (:ddkilzer)
Comment 8 2007-11-29 15:50:28 PST
(In reply to comment #7) > My school seems to use this service - I'll find out tomorrow how I can actually > log into the thing and see if I can get some more info on this bug. Cool. I'm looking at the packet trace, but the responses are all chunked/gzipped, and Wireshark won't unchunk them for me. Currently I'm writing a Perl script to read them after saving the "Follow streams" output to files.
David Kilzer (:ddkilzer)
Comment 9 2007-11-29 20:44:13 PST
See Bug 15805.
David Kilzer (:ddkilzer)
Comment 10 2007-11-29 20:48:56 PST
*** Bug 15170 has been marked as a duplicate of this bug. ***
David Kilzer (:ddkilzer)
Comment 11 2007-11-29 20:49:46 PST
See also Bug 14568. I think there's enough evidence to confirm this issue.
Darin Adler
Comment 12 2007-12-01 09:33:11 PST
I think I found the remaining/other problem. This second crash is not in isLoadingMultipartContent, but it happens with the same test cases. The problem in this case is that the image document doesn't retain its image element, so we get a bad pointer for cachedImage; this is very easy to fix.
Darin Adler
Comment 13 2007-12-01 09:34:46 PST
I can reproduce the crash like this: 1. Visit http://java3d.org/jmenu.html 2. View Moving Images > Car. Wait for the car to spin around at least once. 3. Visit Java 3D Programs > Stereoscopic Cube. Safari crashes before drawing the cube.
Darin Adler
Comment 14 2007-12-01 09:40:38 PST
Created attachment 17625 [details] patch
mitz
Comment 15 2007-12-01 09:45:58 PST
Comment on attachment 17625 [details] patch + Steps to reproduce: Does that need to be in the change log? Can it be turned into a manual test? r=me
Darin Adler
Comment 16 2007-12-01 09:46:54 PST
I am worried that this might cause a storage leak. Thinking further about it.
Darin Adler
Comment 17 2007-12-01 09:47:36 PST
(In reply to comment #15) > Can it be turned into a manual test? I don't think it can be turned into a manual test without the HTTP server, since it requires a multipart-mixed-replace image, which you can't do with a file URLs.
mitz
Comment 18 2007-12-01 10:05:24 PST
Created attachment 17626 [details] Reduction (will crash), can be turned into regression test The crash scenario is very simple and does not require an http-served (or multipart) image.
mitz
Comment 19 2007-12-01 10:20:03 PST
(In reply to comment #18) > The crash scenario is very simple and does not require an http-served (or > multipart) image. ...although you need to save the test case to disk and open it from there (probably due to the timing of the load event).
Darin Adler
Comment 20 2007-12-01 10:37:26 PST
Created attachment 17627 [details] better patch, without so much leaking ;-)
Darin Adler
Comment 21 2007-12-01 10:55:02 PST
Created attachment 17629 [details] better patch, also handles case where node is moved out of the document
Darin Adler
Comment 22 2007-12-01 11:00:45 PST
Created attachment 17630 [details] patch, compiles now (oops)
mitz
Comment 23 2007-12-01 11:03:04 PST
Comment on attachment 17630 [details] patch, compiles now (oops) r=me
Darin Adler
Comment 24 2007-12-01 11:06:13 PST
Committed revision 28304.
Mark Aufflick
Comment 25 2007-12-02 15:48:46 PST
You guys rock!
Sam Stigler
Comment 26 2007-12-04 01:37:16 PST
I've confirmed the fix with the original test case on build 28383 (4 December 2007). Thanks!
Note You need to log in before you can comment on or make changes to this bug.