Bug 21182
| Summary: | REGRESSION(r36982): Reproducible crash running fast/loader/frame-creation-removal.html | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Mark Rowe (bdash) <mrowe> |
| Component: | New Bugs | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | hyatt |
| Priority: | P1 | Keywords: | NeedsReduction, Regression |
| Version: | 528+ (Nightly build) | ||
| Hardware: | Mac | ||
| OS: | OS X 10.5 | ||
Mark Rowe (bdash)
This was introduced by <http://trac.webkit.org/changeset/36982>. See the second crash log entry in <http://build.webkit.org/results/trunk-mac-ppc-release/14838/DumpRenderTree.crash.log>:
Exception: EXC_BAD_ACCESS (0x0001)
Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000000
Thread 0 Crashed:
0 com.apple.WebKit 0x003d8db4 WebFrameLoaderClient::createFrame(WebCore::KURL const&, WebCore::String const&, WebCore::HTMLFrameOwnerElement*, WebCore::String const&, bool, int, int) + 372 (WebFrameLoaderClient.mm:1090)
1 com.apple.WebCore 0x0119a97c WebCore::FrameLoader::loadSubframe(WebCore::HTMLFrameOwnerElement*, WebCore::KURL const&, WebCore::String const&, WebCore::String const&) + 396 (RefPtr.h:50)
2 com.apple.WebCore 0x0119c31c WebCore::FrameLoader::requestFrame(WebCore::HTMLFrameOwnerElement*, WebCore::String const&, WebCore::AtomicString const&) + 876 (FrameLoader.cpp:445)
3 com.apple.WebCore 0x011c7a54 WebCore::HTMLFrameElementBase::openURL() + 260 (HTMLFrameElementBase.cpp:106)
4 com.apple.WebCore 0x011c7c48 WebCore::HTMLFrameElementBase::setNameAndOpenURL() + 440 (HTMLFrameElementBase.cpp:162)
5 com.apple.WebCore 0x010a8374 WebCore::ContainerNode::dispatchPostAttachCallbacks() + 84 (ContainerNode.cpp:568)
6 com.apple.WebCore 0x010a845c WebCore::ContainerNode::attach() + 140 (ContainerNode.cpp:588)
7 com.apple.WebCore 0x01156a48 WebCore::Element::attach() + 40 (Element.cpp:662)
8 com.apple.WebCore 0x011c7138 WebCore::HTMLFrameElementBase::attach() + 72 (Node.h:367)
9 com.apple.WebCore 0x011cb948 WebCore::HTMLIFrameElement::attach() + 24 (Node.h:367)
10 com.apple.WebCore 0x010a76c4 WebCore::ContainerNode::appendChild(WTF::PassRefPtr<WebCore::Node>, int&, bool) + 564 (ContainerNode.cpp:506)
11 com.apple.WebCore 0x013038d0 WebCore::JSNode::appendChild(JSC::ExecState*, JSC::ArgList const&) + 128 (JSNodeCustom.cpp:102)
12 com.apple.JavaScriptCore 0x002b7074 JSC::Machine::privateExecute(JSC::Machine::ExecutionFlag, JSC::ExecState*, JSC::RegisterFile*, JSC::Register*, JSC::ScopeChainNode*, JSC::JSValue**) + 39732 (Machine.cpp:3326)
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Dave Hyatt
Fixed in r37011.