Bug 4344

Summary:

REGRESSION: JavaScript crash when going back from viewing a thread (NULL protoype)

Product:

WebKit

Reporter:

Jon <jon>

Component:

JavaScriptCore

Assignee:

Darin Adler <darin>

Status:

RESOLVED FIXED

Severity:

Major

CC:

darin, gblock, ggaren, mitz

Priority:

Version:

420+

Hardware:

Mac

OS:

OS X 10.4

URL:

http://episteme.arstechnica.com/eve/ubb.x/a/frm/f/8300945231

Attachments:

Description	Flags
null pointer check	darin: review-
my cut at a fix; eliminates case where prototype could be null	darin: review+

Jon

Reported 2005-08-08 18:16:30 PDT

Go to Ars' Mac Ach (link provided in the URL field) and then view the "OmniGraffle 4 inspectors" thread (partway down the page). Now hit the back button and Safari should crash. I've reproduced it twice and I though I'd file this bug before I tried to reproduce it some more. I've pasted one of the crash reports at the end of this post. Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000004 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x00469418 KJS::ValueImp::marked() const + 12 (icplusplus.c:28) 1 com.apple.JavaScriptCore 0x0043a818 KJS::ObjectImp::mark() + 40 (icplusplus.c:28) 2 com.apple.JavaScriptCore 0x0041cfc4 KJS::Collector::markStackObjectsConservatively(void*, void*) + 236 (icplusplus.c:28) 3 com.apple.JavaScriptCore 0x0041d0b0 KJS::Collector::markCurrentThreadConservatively() + 40 (icplusplus.c:28) 4 com.apple.JavaScriptCore 0x0041d0dc KJS::Collector::markStackObjectsConservatively() + 28 (icplusplus.c:28) 5 com.apple.JavaScriptCore 0x0041d170 KJS::Collector::collect() + 80 (icplusplus.c:28) 6 com.apple.JavaScriptCore 0x0041d414 KJS::Collector::allocate(unsigned long) + 60 (icplusplus.c: 28) 7 com.apple.JavaScriptCore 0x00422040 KJS::FunctionPrototypeImp::FunctionPrototypeImp[in- charge](KJS::ExecState*) + 92 (icplusplus.c:28) 8 com.apple.JavaScriptCore 0x00428924 KJS::InterpreterImp::initGlobalObject() + 88 (icplusplus.c: 28) 9 com.apple.JavaScriptCore 0x00429ffc KJS::InterpreterImp::InterpreterImp[in-charge] (KJS::Interpreter*, KJS::ObjectImp*) + 436 (icplusplus.c:28) 10 com.apple.JavaScriptCore 0x0042a3d0 KJS::Interpreter::Interpreter[not-in-charge] (KJS::ObjectImp*) + 104 (icplusplus.c:28) 11 com.apple.WebCore 0x0107bae0 KJS::ScriptInterpreter::ScriptInterpreter[in-charge] (KJS::ObjectImp*, KHTMLPart*) + 36 (icplusplus.c:28) 12 com.apple.WebCore 0x0109dd40 KJSProxyImpl::initScript() + 100 (icplusplus.c:28) 13 com.apple.WebCore 0x0109df10 KJSProxyImpl::interpreter() + 36 (icplusplus.c:28) 14 com.apple.WebCore 0x0109fc48 KJS::Window::retrieve(KHTMLPart*) + 48 (icplusplus.c:28) 15 com.apple.WebCore 0x010a145c KJS::Window::retrieveWindow(KHTMLPart*) + 16 (icplusplus.c:28) 16 com.apple.WebCore 0x0101a974 KWQKHTMLPart::windowScriptObject() + 44 (icplusplus.c: 28) 17 com.apple.WebKit 0x0031f894 -[WebBridge windowObjectCleared] + 88 (icplusplus.c:28) 18 com.apple.WebCore 0x0105b570 KHTMLPart::begin(KURL const&, int, int) + 104 (icplusplus.c:28) 19 com.apple.WebCore 0x01058984 KHTMLPart::receivedFirstData() + 124 (icplusplus.c:28) 20 com.apple.WebCore 0x0101bc78 KWQKHTMLPart::setEncoding(QString const&, bool) + 56 (icplusplus.c:28) 21 com.apple.WebCore 0x0104f8ac -[WebCoreBridge setEncoding:userChosen:] + 60 (icplusplus.c:28) 22 com.apple.WebKit 0x0031c694 -[WebBridge receivedData:textEncodingName:] + 100 (icplusplus.c:28) 23 com.apple.WebKit 0x0032eec4 -[WebDataSource(WebPrivate) _receivedData:] + 108 (icplusplus.c:28) 24 com.apple.WebKit 0x0034e080 -[WebMainResourceLoader addData:] + 88 (icplusplus.c: 28) 25 com.apple.WebKit 0x0032bb74 -[WebLoader didReceiveData:lengthReceived:] + 68 (icplusplus.c:28) 26 com.apple.WebKit 0x0034ea14 -[WebMainResourceLoader didReceiveData:lengthReceived:] + 140 (icplusplus.c:28) 27 com.apple.WebKit 0x0032c064 -[WebLoader connection:didReceiveData:lengthReceived:] + 64 (icplusplus.c:28) 28 com.apple.Foundation 0x928ed538 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564 29 com.apple.Foundation 0x928eb9ac -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 440 30 com.apple.Foundation 0x928eb778 _sendCallbacks + 156 31 com.apple.CoreFoundation 0x90758d2c __CFRunLoopDoSources0 + 384 32 com.apple.CoreFoundation 0x9075825c __CFRunLoopRun + 452 33 com.apple.CoreFoundation 0x90757cdc CFRunLoopRunSpecific + 268 34 com.apple.HIToolbox 0x93161be0 RunCurrentEventLoopInMode + 264 35 com.apple.HIToolbox 0x93161274 ReceiveNextEventCommon + 380 36 com.apple.HIToolbox 0x931610e0 BlockUntilNextEventMatchingListInMode + 96 37 com.apple.AppKit 0x9365c704 _DPSNextEvent + 384 38 com.apple.AppKit 0x9365c3c8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 39 com.apple.SafariDev 0x00006bbc 0x1000 + 23484 40 com.apple.AppKit 0x9365890c -[NSApplication run] + 472 41 com.apple.AppKit 0x93749284 NSApplicationMain + 452 42 com.apple.SafariDev 0x000021e8 0x1000 + 4584 43 com.apple.SafariDev 0x00056e28 0x1000 + 351784

Attachments
null pointer check (494 bytes, patch) 2005-08-13 03:04 PDT, mitz	darin: review-	Details Formatted Diff Diff
my cut at a fix; eliminates case where prototype could be null (3.37 KB, patch) 2005-08-14 00:48 PDT, Darin Adler	darin: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Jon

Comment 1 2005-08-08 18:27:20 PDT

I can't seem to reproduce this bug again. Perhaps it has something to do with the dynamic adds on the page. But initially, after pushing the back button it would seem to load the page and the progress bar was all the way to the end, but it didn't scroll down the page before it crashed again. Also see bug 4191 for more crash reports of a similar issue (not all of the reports on that page are for the same thing, but the ones with icplusplus.c:28 at the top seem to be the same problem). This may just be something I run into by browsing the Ars Mac Ach a lot, since I'm fairly certain that that's the only place I've seen this one. I'll try to be more specific if I run into it again.

Jon

Comment 2 2005-08-08 19:52:48 PDT

Another crash, same issue, again at Ars. I believe that to reproduce this crash you should just browse Ars' forums for a while and you'd probably see the issue. Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000004 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x00469418 KJS::ValueImp::marked() const + 12 (icplusplus.c:28) 1 com.apple.JavaScriptCore 0x0043a818 KJS::ObjectImp::mark() + 40 (icplusplus.c:28) 2 com.apple.JavaScriptCore 0x0041cfc4 KJS::Collector::markStackObjectsConservatively(void*, void*) + 236 (icplusplus.c:28) 3 com.apple.JavaScriptCore 0x0041d0b0 KJS::Collector::markCurrentThreadConservatively() + 40 (icplusplus.c:28) 4 com.apple.JavaScriptCore 0x0041d0dc KJS::Collector::markStackObjectsConservatively() + 28 (icplusplus.c:28) 5 com.apple.JavaScriptCore 0x0041d170 KJS::Collector::collect() + 80 (icplusplus.c:28) 6 com.apple.JavaScriptCore 0x0041d414 KJS::Collector::allocate(unsigned long) + 60 (icplusplus.c: 28) 7 com.apple.JavaScriptCore 0x004397e4 KJS::ObjectPrototypeImp::ObjectPrototypeImp[in-charge] (KJS::ExecState*, KJS::FunctionPrototypeImp*) + 120 (icplusplus.c:28) 8 com.apple.JavaScriptCore 0x00428954 KJS::InterpreterImp::initGlobalObject() + 136 (icplusplus.c: 28) 9 com.apple.JavaScriptCore 0x00429ffc KJS::InterpreterImp::InterpreterImp[in-charge] (KJS::Interpreter*, KJS::ObjectImp*) + 436 (icplusplus.c:28) 10 com.apple.JavaScriptCore 0x0042a3d0 KJS::Interpreter::Interpreter[not-in-charge] (KJS::ObjectImp*) + 104 (icplusplus.c:28) 11 com.apple.WebCore 0x0107bae0 KJS::ScriptInterpreter::ScriptInterpreter[in-charge] (KJS::ObjectImp*, KHTMLPart*) + 36 (icplusplus.c:28) 12 com.apple.WebCore 0x0109dd40 KJSProxyImpl::initScript() + 100 (icplusplus.c:28) 13 com.apple.WebCore 0x0109df10 KJSProxyImpl::interpreter() + 36 (icplusplus.c:28) 14 com.apple.WebCore 0x0109fc48 KJS::Window::retrieve(KHTMLPart*) + 48 (icplusplus.c:28) 15 com.apple.WebCore 0x010a145c KJS::Window::retrieveWindow(KHTMLPart*) + 16 (icplusplus.c:28) 16 com.apple.WebCore 0x0101a974 KWQKHTMLPart::windowScriptObject() + 44 (icplusplus.c: 28) 17 com.apple.WebKit 0x0031f894 -[WebBridge windowObjectCleared] + 88 (icplusplus.c:28) 18 com.apple.WebCore 0x0105b570 KHTMLPart::begin(KURL const&, int, int) + 104 (icplusplus.c:28) 19 com.apple.WebCore 0x01058984 KHTMLPart::receivedFirstData() + 124 (icplusplus.c:28) 20 com.apple.WebCore 0x0101bc78 KWQKHTMLPart::setEncoding(QString const&, bool) + 56 (icplusplus.c:28) 21 com.apple.WebCore 0x0104f8ac -[WebCoreBridge setEncoding:userChosen:] + 60 (icplusplus.c:28) 22 com.apple.WebKit 0x0031c694 -[WebBridge receivedData:textEncodingName:] + 100 (icplusplus.c:28) 23 com.apple.WebKit 0x0032eec4 -[WebDataSource(WebPrivate) _receivedData:] + 108 (icplusplus.c:28) 24 com.apple.WebKit 0x0034e080 -[WebMainResourceLoader addData:] + 88 (icplusplus.c: 28) 25 com.apple.WebKit 0x0032bb74 -[WebLoader didReceiveData:lengthReceived:] + 68 (icplusplus.c:28) 26 com.apple.WebKit 0x0034ea14 -[WebMainResourceLoader didReceiveData:lengthReceived:] + 140 (icplusplus.c:28) 27 com.apple.WebKit 0x0032c064 -[WebLoader connection:didReceiveData:lengthReceived:] + 64 (icplusplus.c:28) 28 com.apple.Foundation 0x928ed538 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564 29 com.apple.Foundation 0x928eb9ac -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 440 30 com.apple.Foundation 0x928eb778 _sendCallbacks + 156 31 com.apple.CoreFoundation 0x90758d2c __CFRunLoopDoSources0 + 384 32 com.apple.CoreFoundation 0x9075825c __CFRunLoopRun + 452 33 com.apple.CoreFoundation 0x90757cdc CFRunLoopRunSpecific + 268 34 com.apple.HIToolbox 0x93161be0 RunCurrentEventLoopInMode + 264 35 com.apple.HIToolbox 0x93161274 ReceiveNextEventCommon + 380 36 com.apple.HIToolbox 0x931610e0 BlockUntilNextEventMatchingListInMode + 96 37 com.apple.AppKit 0x9365c704 _DPSNextEvent + 384 38 com.apple.AppKit 0x9365c3c8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 39 com.apple.SafariDev 0x00006bbc 0x1000 + 23484 40 com.apple.AppKit 0x9365890c -[NSApplication run] + 472 41 com.apple.AppKit 0x93749284 NSApplicationMain + 452 42 com.apple.SafariDev 0x000021e8 0x1000 + 4584 43 com.apple.SafariDev 0x00056e28 0x1000 + 351784

Jon

Comment 3 2005-08-08 20:28:59 PDT

Same crash again, this time while browsing MacNN. Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000004 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x00469418 KJS::ValueImp::marked() const + 12 (icplusplus.c:28) 1 com.apple.JavaScriptCore 0x0043a818 KJS::ObjectImp::mark() + 40 (icplusplus.c:28) 2 com.apple.JavaScriptCore 0x0041cfc4 KJS::Collector::markStackObjectsConservatively(void*, void*) + 236 (icplusplus.c:28) 3 com.apple.JavaScriptCore 0x0041d0b0 KJS::Collector::markCurrentThreadConservatively() + 40 (icplusplus.c:28) 4 com.apple.JavaScriptCore 0x0041d0dc KJS::Collector::markStackObjectsConservatively() + 28 (icplusplus.c:28) 5 com.apple.JavaScriptCore 0x0041d170 KJS::Collector::collect() + 80 (icplusplus.c:28) 6 com.apple.JavaScriptCore 0x0041d414 KJS::Collector::allocate(unsigned long) + 60 (icplusplus.c: 28) 7 com.apple.JavaScriptCore 0x00439864 KJS::ObjectPrototypeImp::ObjectPrototypeImp[in-charge] (KJS::ExecState*, KJS::FunctionPrototypeImp*) + 248 (icplusplus.c:28) 8 com.apple.JavaScriptCore 0x00428954 KJS::InterpreterImp::initGlobalObject() + 136 (icplusplus.c: 28) 9 com.apple.JavaScriptCore 0x00429ffc KJS::InterpreterImp::InterpreterImp[in-charge] (KJS::Interpreter*, KJS::ObjectImp*) + 436 (icplusplus.c:28) 10 com.apple.JavaScriptCore 0x0042a3d0 KJS::Interpreter::Interpreter[not-in-charge] (KJS::ObjectImp*) + 104 (icplusplus.c:28) 11 com.apple.WebCore 0x0107bae0 KJS::ScriptInterpreter::ScriptInterpreter[in-charge] (KJS::ObjectImp*, KHTMLPart*) + 36 (icplusplus.c:28) 12 com.apple.WebCore 0x0109dd40 KJSProxyImpl::initScript() + 100 (icplusplus.c:28) 13 com.apple.WebCore 0x0109df10 KJSProxyImpl::interpreter() + 36 (icplusplus.c:28) 14 com.apple.WebCore 0x0109fc48 KJS::Window::retrieve(KHTMLPart*) + 48 (icplusplus.c:28) 15 com.apple.WebCore 0x010a145c KJS::Window::retrieveWindow(KHTMLPart*) + 16 (icplusplus.c:28) 16 com.apple.WebCore 0x0101a974 KWQKHTMLPart::windowScriptObject() + 44 (icplusplus.c: 28) 17 com.apple.WebKit 0x0031f894 -[WebBridge windowObjectCleared] + 88 (icplusplus.c:28) 18 com.apple.WebCore 0x0105b570 KHTMLPart::begin(KURL const&, int, int) + 104 (icplusplus.c:28) 19 com.apple.WebCore 0x01058984 KHTMLPart::receivedFirstData() + 124 (icplusplus.c:28) 20 com.apple.WebCore 0x0101bc78 KWQKHTMLPart::setEncoding(QString const&, bool) + 56 (icplusplus.c:28) 21 com.apple.WebCore 0x0104f8ac -[WebCoreBridge setEncoding:userChosen:] + 60 (icplusplus.c:28) 22 com.apple.WebKit 0x0031c694 -[WebBridge receivedData:textEncodingName:] + 100 (icplusplus.c:28) 23 com.apple.WebKit 0x0032eec4 -[WebDataSource(WebPrivate) _receivedData:] + 108 (icplusplus.c:28) 24 com.apple.WebKit 0x0034e080 -[WebMainResourceLoader addData:] + 88 (icplusplus.c: 28) 25 com.apple.WebKit 0x0032bb74 -[WebLoader didReceiveData:lengthReceived:] + 68 (icplusplus.c:28) 26 com.apple.WebKit 0x0034ea14 -[WebMainResourceLoader didReceiveData:lengthReceived:] + 140 (icplusplus.c:28) 27 com.apple.WebKit 0x0032c064 -[WebLoader connection:didReceiveData:lengthReceived:] + 64 (icplusplus.c:28) 28 com.apple.Foundation 0x928ed538 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564 29 com.apple.Foundation 0x928eb9ac -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 440 30 com.apple.Foundation 0x928eb778 _sendCallbacks + 156 31 com.apple.CoreFoundation 0x90758d2c __CFRunLoopDoSources0 + 384 32 com.apple.CoreFoundation 0x9075825c __CFRunLoopRun + 452 33 com.apple.CoreFoundation 0x90757cdc CFRunLoopRunSpecific + 268 34 com.apple.HIToolbox 0x93161be0 RunCurrentEventLoopInMode + 264 35 com.apple.HIToolbox 0x93161274 ReceiveNextEventCommon + 380 36 com.apple.HIToolbox 0x931610e0 BlockUntilNextEventMatchingListInMode + 96 37 com.apple.AppKit 0x9365c704 _DPSNextEvent + 384 38 com.apple.AppKit 0x9365c3c8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 39 com.apple.SafariDev 0x00006bbc 0x1000 + 23484 40 com.apple.AppKit 0x9365890c -[NSApplication run] + 472 41 com.apple.AppKit 0x93749284 NSApplicationMain + 452 42 com.apple.SafariDev 0x000021e8 0x1000 + 4584 43 com.apple.SafariDev 0x00056e28 0x1000 + 351784

Jon

Comment 4 2005-08-08 20:30:18 PDT

Crash, again at MacNN's forums. Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000004 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x00469418 KJS::ValueImp::marked() const + 12 (icplusplus.c:28) 1 com.apple.JavaScriptCore 0x0043a818 KJS::ObjectImp::mark() + 40 (icplusplus.c:28) 2 com.apple.JavaScriptCore 0x0041cfc4 KJS::Collector::markStackObjectsConservatively(void*, void*) + 236 (icplusplus.c:28) 3 com.apple.JavaScriptCore 0x0041d0b0 KJS::Collector::markCurrentThreadConservatively() + 40 (icplusplus.c:28) 4 com.apple.JavaScriptCore 0x0041d0dc KJS::Collector::markStackObjectsConservatively() + 28 (icplusplus.c:28) 5 com.apple.JavaScriptCore 0x0041d170 KJS::Collector::collect() + 80 (icplusplus.c:28) 6 com.apple.JavaScriptCore 0x0041d414 KJS::Collector::allocate(unsigned long) + 60 (icplusplus.c: 28) 7 com.apple.JavaScriptCore 0x00422120 KJS::FunctionPrototypeImp::FunctionPrototypeImp[in- charge](KJS::ExecState*) + 316 (icplusplus.c:28) 8 com.apple.JavaScriptCore 0x00428924 KJS::InterpreterImp::initGlobalObject() + 88 (icplusplus.c: 28) 9 com.apple.JavaScriptCore 0x00429ffc KJS::InterpreterImp::InterpreterImp[in-charge] (KJS::Interpreter*, KJS::ObjectImp*) + 436 (icplusplus.c:28) 10 com.apple.JavaScriptCore 0x0042a3d0 KJS::Interpreter::Interpreter[not-in-charge] (KJS::ObjectImp*) + 104 (icplusplus.c:28) 11 com.apple.WebCore 0x0107bae0 KJS::ScriptInterpreter::ScriptInterpreter[in-charge] (KJS::ObjectImp*, KHTMLPart*) + 36 (icplusplus.c:28) 12 com.apple.WebCore 0x0109dd40 KJSProxyImpl::initScript() + 100 (icplusplus.c:28) 13 com.apple.WebCore 0x0109df10 KJSProxyImpl::interpreter() + 36 (icplusplus.c:28) 14 com.apple.WebCore 0x0109fc48 KJS::Window::retrieve(KHTMLPart*) + 48 (icplusplus.c:28) 15 com.apple.WebCore 0x010a145c KJS::Window::retrieveWindow(KHTMLPart*) + 16 (icplusplus.c:28) 16 com.apple.WebCore 0x0101a974 KWQKHTMLPart::windowScriptObject() + 44 (icplusplus.c: 28) 17 com.apple.WebKit 0x0031f894 -[WebBridge windowObjectCleared] + 88 (icplusplus.c:28) 18 com.apple.WebCore 0x0105b570 KHTMLPart::begin(KURL const&, int, int) + 104 (icplusplus.c:28) 19 com.apple.WebCore 0x01058984 KHTMLPart::receivedFirstData() + 124 (icplusplus.c:28) 20 com.apple.WebCore 0x0101bc78 KWQKHTMLPart::setEncoding(QString const&, bool) + 56 (icplusplus.c:28) 21 com.apple.WebCore 0x0104f8ac -[WebCoreBridge setEncoding:userChosen:] + 60 (icplusplus.c:28) 22 com.apple.WebKit 0x0031c694 -[WebBridge receivedData:textEncodingName:] + 100 (icplusplus.c:28) 23 com.apple.WebKit 0x0032eec4 -[WebDataSource(WebPrivate) _receivedData:] + 108 (icplusplus.c:28) 24 com.apple.WebKit 0x0034e080 -[WebMainResourceLoader addData:] + 88 (icplusplus.c: 28) 25 com.apple.WebKit 0x0032bb74 -[WebLoader didReceiveData:lengthReceived:] + 68 (icplusplus.c:28) 26 com.apple.WebKit 0x0034ea14 -[WebMainResourceLoader didReceiveData:lengthReceived:] + 140 (icplusplus.c:28) 27 com.apple.WebKit 0x0032c064 -[WebLoader connection:didReceiveData:lengthReceived:] + 64 (icplusplus.c:28) 28 com.apple.Foundation 0x928ed538 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564 29 com.apple.Foundation 0x928eb9ac -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 440 30 com.apple.Foundation 0x928eb778 _sendCallbacks + 156 31 com.apple.CoreFoundation 0x90758d2c __CFRunLoopDoSources0 + 384 32 com.apple.CoreFoundation 0x9075825c __CFRunLoopRun + 452 33 com.apple.CoreFoundation 0x90757cdc CFRunLoopRunSpecific + 268 34 com.apple.HIToolbox 0x93161be0 RunCurrentEventLoopInMode + 264 35 com.apple.HIToolbox 0x93161274 ReceiveNextEventCommon + 380 36 com.apple.HIToolbox 0x931610e0 BlockUntilNextEventMatchingListInMode + 96 37 com.apple.AppKit 0x9365c704 _DPSNextEvent + 384 38 com.apple.AppKit 0x9365c3c8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 39 com.apple.SafariDev 0x00006bbc 0x1000 + 23484 40 com.apple.AppKit 0x9365890c -[NSApplication run] + 472 41 com.apple.AppKit 0x93749284 NSApplicationMain + 452 42 com.apple.SafariDev 0x000021e8 0x1000 + 4584 43 com.apple.SafariDev 0x00056e28 0x1000 + 351784

Jon

Comment 5 2005-08-08 20:32:15 PDT

Same problem, this time while reloading a forums at Ars. Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000004 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x00469418 KJS::ValueImp::marked() const + 12 (icplusplus.c:28) 1 com.apple.JavaScriptCore 0x0043a818 KJS::ObjectImp::mark() + 40 (icplusplus.c:28) 2 com.apple.JavaScriptCore 0x0041cfc4 KJS::Collector::markStackObjectsConservatively(void*, void*) + 236 (icplusplus.c:28) 3 com.apple.JavaScriptCore 0x0041d0b0 KJS::Collector::markCurrentThreadConservatively() + 40 (icplusplus.c:28) 4 com.apple.JavaScriptCore 0x0041d0dc KJS::Collector::markStackObjectsConservatively() + 28 (icplusplus.c:28) 5 com.apple.JavaScriptCore 0x0041d170 KJS::Collector::collect() + 80 (icplusplus.c:28) 6 com.apple.JavaScriptCore 0x0041d414 KJS::Collector::allocate(unsigned long) + 60 (icplusplus.c: 28) 7 com.apple.JavaScriptCore 0x004397e4 KJS::ObjectPrototypeImp::ObjectPrototypeImp[in-charge] (KJS::ExecState*, KJS::FunctionPrototypeImp*) + 120 (icplusplus.c:28) 8 com.apple.JavaScriptCore 0x00428954 KJS::InterpreterImp::initGlobalObject() + 136 (icplusplus.c: 28) 9 com.apple.JavaScriptCore 0x00429ffc KJS::InterpreterImp::InterpreterImp[in-charge] (KJS::Interpreter*, KJS::ObjectImp*) + 436 (icplusplus.c:28) 10 com.apple.JavaScriptCore 0x0042a3d0 KJS::Interpreter::Interpreter[not-in-charge] (KJS::ObjectImp*) + 104 (icplusplus.c:28) 11 com.apple.WebCore 0x0107bae0 KJS::ScriptInterpreter::ScriptInterpreter[in-charge] (KJS::ObjectImp*, KHTMLPart*) + 36 (icplusplus.c:28) 12 com.apple.WebCore 0x0109dd40 KJSProxyImpl::initScript() + 100 (icplusplus.c:28) 13 com.apple.WebCore 0x0109df10 KJSProxyImpl::interpreter() + 36 (icplusplus.c:28) 14 com.apple.WebCore 0x0109fc48 KJS::Window::retrieve(KHTMLPart*) + 48 (icplusplus.c:28) 15 com.apple.WebCore 0x010a145c KJS::Window::retrieveWindow(KHTMLPart*) + 16 (icplusplus.c:28) 16 com.apple.WebCore 0x0101a974 KWQKHTMLPart::windowScriptObject() + 44 (icplusplus.c: 28) 17 com.apple.WebKit 0x0031f894 -[WebBridge windowObjectCleared] + 88 (icplusplus.c:28) 18 com.apple.WebCore 0x0105b570 KHTMLPart::begin(KURL const&, int, int) + 104 (icplusplus.c:28) 19 com.apple.WebCore 0x01058984 KHTMLPart::receivedFirstData() + 124 (icplusplus.c:28) 20 com.apple.WebCore 0x0101bc78 KWQKHTMLPart::setEncoding(QString const&, bool) + 56 (icplusplus.c:28) 21 com.apple.WebCore 0x0104f8ac -[WebCoreBridge setEncoding:userChosen:] + 60 (icplusplus.c:28) 22 com.apple.WebKit 0x0031c694 -[WebBridge receivedData:textEncodingName:] + 100 (icplusplus.c:28) 23 com.apple.WebKit 0x0032eec4 -[WebDataSource(WebPrivate) _receivedData:] + 108 (icplusplus.c:28) 24 com.apple.WebKit 0x0034e080 -[WebMainResourceLoader addData:] + 88 (icplusplus.c: 28) 25 com.apple.WebKit 0x0032bb74 -[WebLoader didReceiveData:lengthReceived:] + 68 (icplusplus.c:28) 26 com.apple.WebKit 0x0034ea14 -[WebMainResourceLoader didReceiveData:lengthReceived:] + 140 (icplusplus.c:28) 27 com.apple.WebKit 0x0032c064 -[WebLoader connection:didReceiveData:lengthReceived:] + 64 (icplusplus.c:28) 28 com.apple.Foundation 0x928ed538 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564 29 com.apple.Foundation 0x928eb9ac -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 440 30 com.apple.Foundation 0x928eb778 _sendCallbacks + 156 31 com.apple.CoreFoundation 0x90758d2c __CFRunLoopDoSources0 + 384 32 com.apple.CoreFoundation 0x9075825c __CFRunLoopRun + 452 33 com.apple.CoreFoundation 0x90757cdc CFRunLoopRunSpecific + 268 34 com.apple.HIToolbox 0x93161be0 RunCurrentEventLoopInMode + 264 35 com.apple.HIToolbox 0x93161274 ReceiveNextEventCommon + 380 36 com.apple.HIToolbox 0x931610e0 BlockUntilNextEventMatchingListInMode + 96 37 com.apple.AppKit 0x9365c704 _DPSNextEvent + 384 38 com.apple.AppKit 0x9365c3c8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 39 com.apple.SafariDev 0x00006bbc 0x1000 + 23484 40 com.apple.AppKit 0x9365890c -[NSApplication run] + 472 41 com.apple.AppKit 0x93749284 NSApplicationMain + 452 42 com.apple.SafariDev 0x000021e8 0x1000 + 4584 43 com.apple.SafariDev 0x00056e28 0x1000 + 351784

Jon

Comment 6 2005-08-08 23:57:11 PDT

Another crash, this time while loading w3c.org, though Ars was open in another tab. Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000004 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x00469418 KJS::ValueImp::marked() const + 12 (icplusplus.c:28) 1 com.apple.JavaScriptCore 0x0043a818 KJS::ObjectImp::mark() + 40 (icplusplus.c:28) 2 com.apple.JavaScriptCore 0x0041cfc4 KJS::Collector::markStackObjectsConservatively(void*, void*) + 236 (icplusplus.c:28) 3 com.apple.JavaScriptCore 0x0041d0b0 KJS::Collector::markCurrentThreadConservatively() + 40 (icplusplus.c:28) 4 com.apple.JavaScriptCore 0x0041d0dc KJS::Collector::markStackObjectsConservatively() + 28 (icplusplus.c:28) 5 com.apple.JavaScriptCore 0x0041d170 KJS::Collector::collect() + 80 (icplusplus.c:28) 6 com.apple.JavaScriptCore 0x0041d414 KJS::Collector::allocate(unsigned long) + 60 (icplusplus.c: 28) 7 com.apple.JavaScriptCore 0x00422120 KJS::FunctionPrototypeImp::FunctionPrototypeImp[in- charge](KJS::ExecState*) + 316 (icplusplus.c:28) 8 com.apple.JavaScriptCore 0x00428924 KJS::InterpreterImp::initGlobalObject() + 88 (icplusplus.c: 28) 9 com.apple.JavaScriptCore 0x00429ffc KJS::InterpreterImp::InterpreterImp[in-charge] (KJS::Interpreter*, KJS::ObjectImp*) + 436 (icplusplus.c:28) 10 com.apple.JavaScriptCore 0x0042a3d0 KJS::Interpreter::Interpreter[not-in-charge] (KJS::ObjectImp*) + 104 (icplusplus.c:28) 11 com.apple.WebCore 0x0107bae0 KJS::ScriptInterpreter::ScriptInterpreter[in-charge] (KJS::ObjectImp*, KHTMLPart*) + 36 (icplusplus.c:28) 12 com.apple.WebCore 0x0109dd40 KJSProxyImpl::initScript() + 100 (icplusplus.c:28) 13 com.apple.WebCore 0x0109df10 KJSProxyImpl::interpreter() + 36 (icplusplus.c:28) 14 com.apple.WebCore 0x0109fc48 KJS::Window::retrieve(KHTMLPart*) + 48 (icplusplus.c:28) 15 com.apple.WebCore 0x010a145c KJS::Window::retrieveWindow(KHTMLPart*) + 16 (icplusplus.c:28) 16 com.apple.WebCore 0x0101a974 KWQKHTMLPart::windowScriptObject() + 44 (icplusplus.c: 28) 17 com.apple.WebKit 0x0031f894 -[WebBridge windowObjectCleared] + 88 (icplusplus.c:28) 18 com.apple.WebCore 0x0105b570 KHTMLPart::begin(KURL const&, int, int) + 104 (icplusplus.c:28) 19 com.apple.WebCore 0x01058984 KHTMLPart::receivedFirstData() + 124 (icplusplus.c:28) 20 com.apple.WebCore 0x0101bc78 KWQKHTMLPart::setEncoding(QString const&, bool) + 56 (icplusplus.c:28) 21 com.apple.WebCore 0x0104f8ac -[WebCoreBridge setEncoding:userChosen:] + 60 (icplusplus.c:28) 22 com.apple.WebKit 0x0031c694 -[WebBridge receivedData:textEncodingName:] + 100 (icplusplus.c:28) 23 com.apple.WebKit 0x0032eec4 -[WebDataSource(WebPrivate) _receivedData:] + 108 (icplusplus.c:28) 24 com.apple.WebKit 0x0034e080 -[WebMainResourceLoader addData:] + 88 (icplusplus.c: 28) 25 com.apple.WebKit 0x0032bb74 -[WebLoader didReceiveData:lengthReceived:] + 68 (icplusplus.c:28) 26 com.apple.WebKit 0x0034ea14 -[WebMainResourceLoader didReceiveData:lengthReceived:] + 140 (icplusplus.c:28) 27 com.apple.WebKit 0x0032c064 -[WebLoader connection:didReceiveData:lengthReceived:] + 64 (icplusplus.c:28) 28 com.apple.Foundation 0x928ed538 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564 29 com.apple.Foundation 0x928eb9ac -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 440 30 com.apple.Foundation 0x928eb778 _sendCallbacks + 156 31 com.apple.CoreFoundation 0x90758d2c __CFRunLoopDoSources0 + 384 32 com.apple.CoreFoundation 0x9075825c __CFRunLoopRun + 452 33 com.apple.CoreFoundation 0x90757cdc CFRunLoopRunSpecific + 268 34 com.apple.HIToolbox 0x93161be0 RunCurrentEventLoopInMode + 264 35 com.apple.HIToolbox 0x93161274 ReceiveNextEventCommon + 380 36 com.apple.HIToolbox 0x931610e0 BlockUntilNextEventMatchingListInMode + 96 37 com.apple.AppKit 0x9365c704 _DPSNextEvent + 384 38 com.apple.AppKit 0x9365c3c8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 39 com.apple.SafariDev 0x00006bbc 0x1000 + 23484 40 com.apple.AppKit 0x9365890c -[NSApplication run] + 472 41 com.apple.AppKit 0x93749284 NSApplicationMain + 452 42 com.apple.SafariDev 0x000021e8 0x1000 + 4584 43 com.apple.SafariDev 0x00056e28 0x1000 + 351784

Jon

Comment 7 2005-08-09 00:03:51 PDT

Another one, this time while loading and scrolling a page at MacNN. I'm going to reset Safari and redo my Safari copy that uses the TOT WebKit. Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000004 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x00469418 KJS::ValueImp::marked() const + 12 (icplusplus.c:28) 1 com.apple.JavaScriptCore 0x0043a818 KJS::ObjectImp::mark() + 40 (icplusplus.c:28) 2 com.apple.JavaScriptCore 0x0041cfc4 KJS::Collector::markStackObjectsConservatively(void*, void*) + 236 (icplusplus.c:28) 3 com.apple.JavaScriptCore 0x0041d0b0 KJS::Collector::markCurrentThreadConservatively() + 40 (icplusplus.c:28) 4 com.apple.JavaScriptCore 0x0041d0dc KJS::Collector::markStackObjectsConservatively() + 28 (icplusplus.c:28) 5 com.apple.JavaScriptCore 0x0041d170 KJS::Collector::collect() + 80 (icplusplus.c:28) 6 com.apple.JavaScriptCore 0x0041d414 KJS::Collector::allocate(unsigned long) + 60 (icplusplus.c: 28) 7 com.apple.JavaScriptCore 0x00428944 KJS::InterpreterImp::initGlobalObject() + 120 (icplusplus.c: 28) 8 com.apple.JavaScriptCore 0x00429ffc KJS::InterpreterImp::InterpreterImp[in-charge] (KJS::Interpreter*, KJS::ObjectImp*) + 436 (icplusplus.c:28) 9 com.apple.JavaScriptCore 0x0042a3d0 KJS::Interpreter::Interpreter[not-in-charge] (KJS::ObjectImp*) + 104 (icplusplus.c:28) 10 com.apple.WebCore 0x0107bae0 KJS::ScriptInterpreter::ScriptInterpreter[in-charge] (KJS::ObjectImp*, KHTMLPart*) + 36 (icplusplus.c:28) 11 com.apple.WebCore 0x0109dd40 KJSProxyImpl::initScript() + 100 (icplusplus.c:28) 12 com.apple.WebCore 0x0109df10 KJSProxyImpl::interpreter() + 36 (icplusplus.c:28) 13 com.apple.WebCore 0x0109fc48 KJS::Window::retrieve(KHTMLPart*) + 48 (icplusplus.c:28) 14 com.apple.WebCore 0x010a145c KJS::Window::retrieveWindow(KHTMLPart*) + 16 (icplusplus.c:28) 15 com.apple.WebCore 0x0101a974 KWQKHTMLPart::windowScriptObject() + 44 (icplusplus.c: 28) 16 com.apple.WebKit 0x0031f894 -[WebBridge windowObjectCleared] + 88 (icplusplus.c:28) 17 com.apple.WebCore 0x0105b570 KHTMLPart::begin(KURL const&, int, int) + 104 (icplusplus.c:28) 18 com.apple.WebCore 0x01058984 KHTMLPart::receivedFirstData() + 124 (icplusplus.c:28) 19 com.apple.WebCore 0x0101bc78 KWQKHTMLPart::setEncoding(QString const&, bool) + 56 (icplusplus.c:28) 20 com.apple.WebCore 0x0104f8ac -[WebCoreBridge setEncoding:userChosen:] + 60 (icplusplus.c:28) 21 com.apple.WebKit 0x0031c694 -[WebBridge receivedData:textEncodingName:] + 100 (icplusplus.c:28) 22 com.apple.WebKit 0x0032eec4 -[WebDataSource(WebPrivate) _receivedData:] + 108 (icplusplus.c:28) 23 com.apple.WebKit 0x0034e080 -[WebMainResourceLoader addData:] + 88 (icplusplus.c: 28) 24 com.apple.WebKit 0x0032bb74 -[WebLoader didReceiveData:lengthReceived:] + 68 (icplusplus.c:28) 25 com.apple.WebKit 0x0034ea14 -[WebMainResourceLoader didReceiveData:lengthReceived:] + 140 (icplusplus.c:28) 26 com.apple.WebKit 0x0032c064 -[WebLoader connection:didReceiveData:lengthReceived:] + 64 (icplusplus.c:28) 27 com.apple.Foundation 0x928ed538 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564 28 com.apple.Foundation 0x928eb9ac -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 440 29 com.apple.Foundation 0x928eb778 _sendCallbacks + 156 30 com.apple.CoreFoundation 0x90758d2c __CFRunLoopDoSources0 + 384 31 com.apple.CoreFoundation 0x9075825c __CFRunLoopRun + 452 32 com.apple.CoreFoundation 0x90757cdc CFRunLoopRunSpecific + 268 33 com.apple.HIToolbox 0x93161be0 RunCurrentEventLoopInMode + 264 34 com.apple.HIToolbox 0x93161274 ReceiveNextEventCommon + 380 35 com.apple.HIToolbox 0x931610e0 BlockUntilNextEventMatchingListInMode + 96 36 com.apple.AppKit 0x9365c704 _DPSNextEvent + 384 37 com.apple.AppKit 0x9365c3c8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 38 com.apple.SafariDev 0x00006bbc 0x1000 + 23484 39 com.apple.AppKit 0x9365890c -[NSApplication run] + 472 40 com.apple.AppKit 0x93749284 NSApplicationMain + 452 41 com.apple.SafariDev 0x000021e8 0x1000 + 4584 42 com.apple.SafariDev 0x00056e28 0x1000 + 351784

Jon

Comment 8 2005-08-09 01:57:53 PDT

Another one, this time while loading a page at MacNN. I'm including a more complete crash report this time. Date/Time: 2005-08-09 03:55:41.235 -0500 OS Version: 10.4.3 (Build 8F8) Report Version: 3 Command: SafariDev Path: /Applications/SafariDev.app/Contents/MacOS/SafariDev Parent: WindowServer [58] Version: 2.0.1+ (412.5+) Build Version: 3 Project Name: WebBrowser Source Version: 4120500+ PID: 466 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000004 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x00469418 KJS::ValueImp::marked() const + 12 (icplusplus.c:28) 1 com.apple.JavaScriptCore 0x0043a818 KJS::ObjectImp::mark() + 40 (icplusplus.c:28) 2 com.apple.JavaScriptCore 0x0041cfc4 KJS::Collector::markStackObjectsConservatively(void*, void*) + 236 (icplusplus.c:28) 3 com.apple.JavaScriptCore 0x0041d0b0 KJS::Collector::markCurrentThreadConservatively() + 40 (icplusplus.c:28) 4 com.apple.JavaScriptCore 0x0041d0dc KJS::Collector::markStackObjectsConservatively() + 28 (icplusplus.c:28) 5 com.apple.JavaScriptCore 0x0041d170 KJS::Collector::collect() + 80 (icplusplus.c:28) 6 com.apple.JavaScriptCore 0x0041d414 KJS::Collector::allocate(unsigned long) + 60 (icplusplus.c: 28) 7 com.apple.JavaScriptCore 0x00439864 KJS::ObjectPrototypeImp::ObjectPrototypeImp[in-charge] (KJS::ExecState*, KJS::FunctionPrototypeImp*) + 248 (icplusplus.c:28) 8 com.apple.JavaScriptCore 0x00428954 KJS::InterpreterImp::initGlobalObject() + 136 (icplusplus.c: 28) 9 com.apple.JavaScriptCore 0x00429ffc KJS::InterpreterImp::InterpreterImp[in-charge] (KJS::Interpreter*, KJS::ObjectImp*) + 436 (icplusplus.c:28) 10 com.apple.JavaScriptCore 0x0042a3d0 KJS::Interpreter::Interpreter[not-in-charge] (KJS::ObjectImp*) + 104 (icplusplus.c:28) 11 com.apple.WebCore 0x0107bae0 KJS::ScriptInterpreter::ScriptInterpreter[in-charge] (KJS::ObjectImp*, KHTMLPart*) + 36 (icplusplus.c:28) 12 com.apple.WebCore 0x0109dd40 KJSProxyImpl::initScript() + 100 (icplusplus.c:28) 13 com.apple.WebCore 0x0109df10 KJSProxyImpl::interpreter() + 36 (icplusplus.c:28) 14 com.apple.WebCore 0x0109fc48 KJS::Window::retrieve(KHTMLPart*) + 48 (icplusplus.c:28) 15 com.apple.WebCore 0x010a145c KJS::Window::retrieveWindow(KHTMLPart*) + 16 (icplusplus.c:28) 16 com.apple.WebCore 0x0101a974 KWQKHTMLPart::windowScriptObject() + 44 (icplusplus.c: 28) 17 com.apple.WebKit 0x0031f894 -[WebBridge windowObjectCleared] + 88 (icplusplus.c:28) 18 com.apple.WebCore 0x0105b570 KHTMLPart::begin(KURL const&, int, int) + 104 (icplusplus.c:28) 19 com.apple.WebCore 0x01058984 KHTMLPart::receivedFirstData() + 124 (icplusplus.c:28) 20 com.apple.WebCore 0x0101bc78 KWQKHTMLPart::setEncoding(QString const&, bool) + 56 (icplusplus.c:28) 21 com.apple.WebCore 0x0104f8ac -[WebCoreBridge setEncoding:userChosen:] + 60 (icplusplus.c:28) 22 com.apple.WebKit 0x0031c694 -[WebBridge receivedData:textEncodingName:] + 100 (icplusplus.c:28) 23 com.apple.WebKit 0x0032eec4 -[WebDataSource(WebPrivate) _receivedData:] + 108 (icplusplus.c:28) 24 com.apple.WebKit 0x0034e080 -[WebMainResourceLoader addData:] + 88 (icplusplus.c: 28) 25 com.apple.WebKit 0x0032bb74 -[WebLoader didReceiveData:lengthReceived:] + 68 (icplusplus.c:28) 26 com.apple.WebKit 0x0034ea14 -[WebMainResourceLoader didReceiveData:lengthReceived:] + 140 (icplusplus.c:28) 27 com.apple.WebKit 0x0032c064 -[WebLoader connection:didReceiveData:lengthReceived:] + 64 (icplusplus.c:28) 28 com.apple.Foundation 0x928ed538 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564 29 com.apple.Foundation 0x928eb9ac -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 440 30 com.apple.Foundation 0x928eb778 _sendCallbacks + 156 31 com.apple.CoreFoundation 0x90758d2c __CFRunLoopDoSources0 + 384 32 com.apple.CoreFoundation 0x9075825c __CFRunLoopRun + 452 33 com.apple.CoreFoundation 0x90757cdc CFRunLoopRunSpecific + 268 34 com.apple.HIToolbox 0x93161be0 RunCurrentEventLoopInMode + 264 35 com.apple.HIToolbox 0x93161274 ReceiveNextEventCommon + 380 36 com.apple.HIToolbox 0x931610e0 BlockUntilNextEventMatchingListInMode + 96 37 com.apple.AppKit 0x9365c704 _DPSNextEvent + 384 38 com.apple.AppKit 0x9365c3c8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 39 com.apple.Safari 0x00006ba8 0x1000 + 23464 40 com.apple.AppKit 0x9365890c -[NSApplication run] + 472 41 com.apple.AppKit 0x93749284 NSApplicationMain + 452 42 com.apple.Safari 0x000021e4 0x1000 + 4580 43 com.apple.Safari 0x00056e14 0x1000 + 351764 Thread 1: 0 libSystem.B.dylib 0x9000b3e8 mach_msg_trap + 8 1 libSystem.B.dylib 0x9000b33c mach_msg + 60 2 com.apple.CoreFoundation 0x907583d8 __CFRunLoopRun + 832 3 com.apple.CoreFoundation 0x90757cdc CFRunLoopRunSpecific + 268 4 com.apple.Foundation 0x928c9ec4 -[NSRunLoop runMode:beforeDate:] + 172 5 com.apple.Foundation 0x928c9dfc -[NSRunLoop run] + 76 6 com.apple.WebKit 0x00367730 +[WebFileDatabase _syncLoop:] + 176 (icplusplus.c:28) 7 com.apple.Foundation 0x928baf34 forkThreadForFunction + 108 8 libSystem.B.dylib 0x9002b3c0 _pthread_body + 96 Thread 2: 0 libSystem.B.dylib 0x9000b3e8 mach_msg_trap + 8 1 libSystem.B.dylib 0x9000b33c mach_msg + 60 2 com.apple.CoreFoundation 0x907583d8 __CFRunLoopRun + 832 3 com.apple.CoreFoundation 0x90757cdc CFRunLoopRunSpecific + 268 4 com.apple.Foundation 0x928e23e0 +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 264 5 com.apple.Foundation 0x928baf34 forkThreadForFunction + 108 6 libSystem.B.dylib 0x9002b3c0 _pthread_body + 96 Thread 3: 0 libSystem.B.dylib 0x9000b3e8 mach_msg_trap + 8 1 libSystem.B.dylib 0x9000b33c mach_msg + 60 2 com.apple.CoreFoundation 0x907583d8 __CFRunLoopRun + 832 3 com.apple.CoreFoundation 0x90757cdc CFRunLoopRunSpecific + 268 4 com.apple.Foundation 0x928e3520 +[NSURLCache _diskCacheSyncLoop:] + 152 5 com.apple.Foundation 0x928baf34 forkThreadForFunction + 108 6 libSystem.B.dylib 0x9002b3c0 _pthread_body + 96 Thread 4: 0 libSystem.B.dylib 0x9002ba68 semaphore_wait_signal_trap + 8 1 libSystem.B.dylib 0x900301dc pthread_cond_wait + 488 2 com.apple.Foundation 0x928c20a0 -[NSConditionLock lockWhenCondition:] + 68 3 com.apple.Syndication 0x9b212ab0 -[AsyncDB _run:] + 192 4 com.apple.Foundation 0x928baf34 forkThreadForFunction + 108 5 libSystem.B.dylib 0x9002b3c0 _pthread_body + 96 Thread 5: 0 libSystem.B.dylib 0x9001f3cc select + 12 1 com.apple.CoreFoundation 0x9076ac6c __CFSocketManager + 472 2 libSystem.B.dylib 0x9002b3c0 _pthread_body + 96 Thread 6: 0 libSystem.B.dylib 0x9000b3e8 mach_msg_trap + 8 1 libSystem.B.dylib 0x9000b33c mach_msg + 60 2 com.apple.CoreFoundation 0x907583d8 __CFRunLoopRun + 832 3 com.apple.CoreFoundation 0x90757cdc CFRunLoopRunSpecific + 268 4 com.apple.Foundation 0x928c9ec4 -[NSRunLoop runMode:beforeDate:] + 172 5 com.apple.Foundation 0x928c9dfc -[NSRunLoop run] + 76 6 com.apple.Safari 0x00035928 0x1000 + 215336 7 com.apple.Foundation 0x928baf34 forkThreadForFunction + 108 8 libSystem.B.dylib 0x9002b3c0 _pthread_body + 96 Thread 0 crashed with PPC Thread State 64: srr0: 0x0000000000469418 srr1: 0x000000000000f030 vrsave: 0x0000000000000000 cr: 0x24002248 xer: 0x0000000000000014 lr: 0x000000000043a818 ctr: 0x000000000046940c r0: 0x0000000000000000 r1: 0x00000000bfffd190 r2: 0x00000000004dab48 r3: 0x0000000000000000 r4: 0x00000000c0000000 r5: 0x000000000041d09c r6: 0x00000000bfffd2f0 r7: 0x0000000000000000 r8: 0x00000000bfffd2dc r9: 0x000000000470d0e4 r10: 0x000000000470d008 r11: 0x00000000004d95c4 r12: 0x000000000046940c r13: 0x0000000000000000 r14: 0x00000000bfffd7f4 r15: 0x00000000bfffd7f8 r16: 0x00000000bfffd7fc r17: 0x00000000bfffd800 r18: 0x0000000000006547 r19: 0x00000000bfffd804 r20: 0x00000000077cd1c4 r21: 0x00000000077cd1c0 r22: 0x00000000077cd1bc r23: 0x0000000004a66720 r24: 0x00000000077cd1d0 r25: 0x00000000077cd1c8 r26: 0x0000000004a66720 r27: 0x000000000000002c r28: 0x00000000000007f6 r29: 0x0000000000000000 r30: 0x0000000004a66720 r31: 0x000000000041cee4 Binary Images Description: 0x1000 - 0xd8fff com.apple.Safari 2.0.1+ (412.5+) /Applications/SafariDev.app/Contents/ MacOS/SafariDev 0x305000 - 0x39ffff com.apple.WebKit 412+ /Users/jshier/Programming/WebKit-Dev/ WebKitBuild/Deployment/WebKit.framework/Versions/A/WebKit 0x418000 - 0x4d5fff com.apple.JavaScriptCore 412.1 /Users/jshier/Programming/WebKit-Dev/ WebKitBuild/Deployment/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x1008000 - 0x1221fff com.apple.WebCore 413.1 /Users/jshier/Programming/WebKit-Dev/ WebKitBuild/Deployment/WebCore.framework/Versions/A/WebCore 0x14d9000 - 0x14d9fff com.apple.SpotLightCM 1.0 (121) /System/Library/Contextual Menu Items/SpotlightCM.plugin/Contents/MacOS/SpotlightCM 0x452b000 - 0x452dfff com.apple.AutomatorCMM 1.0 (48) /System/Library/Contextual Menu Items/AutomatorCMM.plugin/Contents/MacOS/AutomatorCMM 0x45d0000 - 0x45e9fff GLDriver /System/Library/Frameworks/OpenGL.framework/Versions/A/ Resources/GLDriver.bundle/GLDriver 0x4d30000 - 0x4d36fff com.apple.DictionaryServiceComponent 1.0.0 /System/Library/Components/DictionaryService.component/Contents/MacOS/DictionaryService 0x4d57000 - 0x4d5bfff com.apple.FolderActionsMenu 1.3 /System/Library/Contextual Menu Items/FolderActionsMenu.plugin/Contents/MacOS/FolderActionsMenu 0x4dc3000 - 0x4e9ffff com.divxnetworks.DivXCodec 5.1.1 /Library/QuickTime/DivX 5.component/ Contents/MacOS/DivX 5 0x553f000 - 0x55a7fff com.apple.ATIRage128GLDriver 1.4.4 (4.0.4) /System/Library/Extensions/ATIRage128GLDriver.bundle/Contents/MacOS/ATIRage128GLDriver 0x5656000 - 0x5677fff GLRendererFloat /System/Library/Frameworks/OpenGL.framework/ Versions/A/Resources/GLRendererFloat.bundle/GLRendererFloat 0x5a8c000 - 0x5cadfff com.macromedia.Flash Player.plugin 8.0.0 (1.0.1b434) /Library/Internet Plug-Ins/Flash Player.plugin/Contents/MacOS/Flash Player 0x6de6000 - 0x6ef3fff GLEngine /System/Library/Frameworks/OpenGL.framework/Resources/ GLEngine.bundle/GLEngine 0x8fe00000 - 0x8fe54fff dyld 44 /usr/lib/dyld 0x90000000 - 0x901b3fff libSystem.B.dylib /usr/lib/libSystem.B.dylib 0x9020b000 - 0x9020ffff libmathCommon.A.dylib /usr/lib/system/libmathCommon.A.dylib 0x90211000 - 0x90264fff com.apple.CoreText 1.0.0 (???) /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x90291000 - 0x90342fff ATS /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x90371000 - 0x906aafff com.apple.CoreGraphics 1.256.14 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ CoreGraphics.framework/Versions/A/CoreGraphics 0x90735000 - 0x9080efff com.apple.CoreFoundation 6.4.2 (368.11) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x90857000 - 0x90857fff com.apple.CoreServices 10.4 (???) /System/Library/Frameworks/ CoreServices.framework/Versions/A/CoreServices 0x90859000 - 0x9095bfff libicucore.A.dylib /usr/lib/libicucore.A.dylib 0x909b5000 - 0x90a39fff libobjc.A.dylib /usr/lib/libobjc.A.dylib 0x90a63000 - 0x90ad7fff com.apple.framework.IOKit 1.4.1 (???) /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x90af1000 - 0x90b03fff libauto.dylib /usr/lib/libauto.dylib 0x90b0a000 - 0x90de1fff com.apple.CoreServices.CarbonCore 10.4.3 (659) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/ CarbonCore.framework/Versions/A/CarbonCore 0x90e47000 - 0x90ec7fff com.apple.CoreServices.OSServices 4.1 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/ OSServices.framework/Versions/A/OSServices 0x90f11000 - 0x90f52fff com.apple.CFNetwork 10.4.3 (129.2) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/ CFNetwork.framework/Versions/A/CFNetwork 0x90f67000 - 0x90f7ffff com.apple.WebServices 1.1.2 (1.1.0) /System/Library/Frameworks/ CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/ WebServicesCore 0x90f8f000 - 0x9100dfff com.apple.SearchKit 1.0.3 /System/Library/Frameworks/ CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x91052000 - 0x91079fff com.apple.Metadata 1.1 (121.6) /System/Library/Frameworks/ CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x91089000 - 0x91096fff libz.1.dylib /usr/lib/libz.1.dylib 0x91099000 - 0x9125bfff com.apple.security 4.0.1 (223) /System/Library/Frameworks/ Security.framework/Versions/A/Security 0x9135d000 - 0x91366fff com.apple.DiskArbitration 2.1 /System/Library/Frameworks/ DiskArbitration.framework/Versions/A/DiskArbitration 0x9136d000 - 0x91394fff com.apple.SystemConfiguration 1.8.0 /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x913a7000 - 0x913affff libbsm.dylib /usr/lib/libbsm.dylib 0x913b3000 - 0x91431fff com.apple.audio.CoreAudio 3.0.1 /System/Library/Frameworks/ CoreAudio.framework/Versions/A/CoreAudio 0x9146f000 - 0x9146ffff com.apple.ApplicationServices 10.4 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x91471000 - 0x914a9fff com.apple.AE 1.5 (297) /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x914c4000 - 0x9158ffff com.apple.ColorSync 4.4 /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x915e4000 - 0x91677fff com.apple.print.framework.PrintCore 4.0 (172.1) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ PrintCore.framework/Versions/A/PrintCore 0x916bd000 - 0x9177afff com.apple.QD 3.8.6 (???) /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x917b8000 - 0x91816fff com.apple.HIServices 1.5.0 (???) /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x91844000 - 0x91868fff com.apple.LangAnalysis 1.6.1 /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/ LangAnalysis 0x9187c000 - 0x918a1fff com.apple.FindByContent 1.5 /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/ FindByContent 0x918b4000 - 0x918f5fff com.apple.LaunchServices 10.4.5 (160) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ LaunchServices.framework/Versions/A/LaunchServices 0x91910000 - 0x91924fff com.apple.speech.synthesis.framework 3.3 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x91932000 - 0x91964fff com.apple.ImageIO.framework 1.0.3 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ ImageIO.framework/Versions/A/ImageIO 0x91978000 - 0x91a3afff libcrypto.0.9.7.dylib /usr/lib/libcrypto.0.9.7.dylib 0x91a86000 - 0x91a9bfff libcups.2.dylib /usr/lib/libcups.2.dylib 0x91aa0000 - 0x91abcfff libJPEG.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x91ac1000 - 0x91b30fff libJP2.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib 0x91b47000 - 0x91b4bfff libGIF.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x91b4d000 - 0x91b75fff libRaw.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib 0x91b79000 - 0x91bbcfff libTIFF.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x91bc3000 - 0x91bdcfff libPng.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x91be1000 - 0x91be4fff libRadiance.dylib /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/ libRadiance.dylib 0x91be6000 - 0x91be6fff com.apple.Accelerate 1.1.1 (Accelerate 1.1.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x91be8000 - 0x91cd2fff com.apple.vImage 2.0 /System/Library/Frameworks/ Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x91cda000 - 0x91cf9fff com.apple.Accelerate.vecLib 3.1.1 (vecLib 3.1.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/ Versions/A/vecLib 0x91d65000 - 0x91d6dfff libgcc_s.1.dylib /usr/lib/libgcc_s.1.dylib 0x91d72000 - 0x91d92fff libmx.A.dylib /usr/lib/libmx.A.dylib 0x91d98000 - 0x91dfdfff libvMisc.dylib /System/Library/Frameworks/Accelerate.framework/ Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x91e07000 - 0x91e99fff libvDSP.dylib /System/Library/Frameworks/Accelerate.framework/ Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x91eb3000 - 0x92443fff libBLAS.dylib /System/Library/Frameworks/Accelerate.framework/ Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x9248b000 - 0x9279bfff libLAPACK.dylib /System/Library/Frameworks/Accelerate.framework/ Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x927c8000 - 0x92853fff com.apple.DesktopServices 1.3.1 /System/Library/PrivateFrameworks/ DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x92895000 - 0x92abefff com.apple.Foundation 6.4.1 (567.12) /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x92bdc000 - 0x92cbafff libxml2.2.dylib /usr/lib/libxml2.2.dylib 0x92cda000 - 0x92dc8fff libiconv.2.dylib /usr/lib/libiconv.2.dylib 0x92dda000 - 0x92df8fff libGL.dylib /System/Library/Frameworks/OpenGL.framework/Versions/ A/Libraries/libGL.dylib 0x92e03000 - 0x92e5dfff libGLU.dylib /System/Library/Frameworks/OpenGL.framework/Versions/ A/Libraries/libGLU.dylib 0x92e7b000 - 0x92e7bfff com.apple.Carbon 10.4 (???) /System/Library/Frameworks/ Carbon.framework/Versions/A/Carbon 0x92e7d000 - 0x92e91fff com.apple.ImageCapture 3.0 /System/Library/Frameworks/ Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x92ea9000 - 0x92eb9fff com.apple.speech.recognition.framework 3.4 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ SpeechRecognition.framework/Versions/A/SpeechRecognition 0x92ec5000 - 0x92edafff com.apple.securityhi 2.0 (203) /System/Library/Frameworks/ Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x92eec000 - 0x92f73fff com.apple.ink.framework 101.2 (69) /System/Library/Frameworks/ Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x92f87000 - 0x92f92fff com.apple.help 1.0.3 (32) /System/Library/Frameworks/Carbon.framework/ Versions/A/Frameworks/Help.framework/Versions/A/Help 0x92f9c000 - 0x92fc9fff com.apple.openscripting 1.2.2 (???) /System/Library/Frameworks/ Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x92fe3000 - 0x92ff3fff com.apple.print.framework.Print 4.0 (187) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/ Versions/A/Print 0x92fff000 - 0x93065fff com.apple.htmlrendering 1.1.2 /System/Library/Frameworks/ Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x93096000 - 0x930e8fff com.apple.NavigationServices 3.4.1 (3.4) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ NavigationServices.framework/Versions/A/NavigationServices 0x93114000 - 0x93131fff com.apple.audio.SoundManager 3.9 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ CarbonSound.framework/Versions/A/CarbonSound 0x93143000 - 0x93150fff com.apple.CommonPanels 1.2.2 (73) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ CommonPanels.framework/Versions/A/CommonPanels 0x93159000 - 0x93469fff com.apple.HIToolbox 1.4.2 (???) /System/Library/Frameworks/ Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x935b4000 - 0x935c0fff com.apple.opengl 1.4.3 /System/Library/Frameworks/OpenGL.framework/ Versions/A/OpenGL 0x935c5000 - 0x935e6fff com.apple.DirectoryService.Framework 2.0.1 /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x93652000 - 0x93652fff com.apple.Cocoa 6.4 (???) /System/Library/Frameworks/ Cocoa.framework/Versions/A/Cocoa 0x93654000 - 0x93c86fff com.apple.AppKit 6.4.3 (824.12) /System/Library/Frameworks/ AppKit.framework/Versions/C/AppKit 0x94012000 - 0x94080fff com.apple.CoreData 50 (52) /System/Library/Frameworks/ CoreData.framework/Versions/A/CoreData 0x940b9000 - 0x94183fff com.apple.audio.toolbox.AudioToolbox 1.4.1 /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x941d7000 - 0x941d7fff com.apple.audio.units.AudioUnit 1.4 /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x941d9000 - 0x9434cfff com.apple.QuartzCore 1.4.1 /System/Library/Frameworks/ QuartzCore.framework/Versions/A/QuartzCore 0x94395000 - 0x943d2fff libsqlite3.0.dylib /usr/lib/libsqlite3.0.dylib 0x943da000 - 0x94429fff libGLImage.dylib /System/Library/Frameworks/OpenGL.framework/ Versions/A/Libraries/libGLImage.dylib 0x944b8000 - 0x944f0fff com.apple.vmutils 4.0.0 (85) /System/Library/PrivateFrameworks/ vmutils.framework/Versions/A/vmutils 0x94533000 - 0x9454ffff com.apple.securityfoundation 2.0 (262) /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x94563000 - 0x945a6fff com.apple.securityinterface 2.0 (256) /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x945ca000 - 0x945d9fff libCGATS.A.dylib /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/ Resources/libCGATS.A.dylib 0x945e1000 - 0x945edfff libCSync.A.dylib /System/Library/Frameworks/ ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/ Resources/libCSync.A.dylib 0x94632000 - 0x94646fff libRIP.A.dylib /System/Library/Frameworks/ApplicationServices.framework/ Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x9464c000 - 0x948aefff com.apple.QuickTime 7.0.1 /System/Library/Frameworks/ QuickTime.framework/Versions/A/QuickTime 0x94981000 - 0x949a0fff com.apple.vecLib 3.1.1 (vecLib 3.1.1) /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x94b0e000 - 0x94c3bfff com.apple.AddressBook.framework 4.0.2 (475) /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x94ccc000 - 0x94cdbfff com.apple.DSObjCWrappers.Framework 1.1 /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x94ce3000 - 0x94d10fff com.apple.LDAPFramework 1.4.1 (68.0.1) /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x94d17000 - 0x94d27fff libsasl2.2.dylib /usr/lib/libsasl2.2.dylib 0x94d2b000 - 0x94d59fff libssl.0.9.7.dylib /usr/lib/libssl.0.9.7.dylib 0x94d69000 - 0x94d86fff libresolv.9.dylib /usr/lib/libresolv.9.dylib 0x95493000 - 0x95516fff libstdc++.6.dylib /usr/lib/libstdc++.6.dylib 0x9609e000 - 0x960c7fff libxslt.1.dylib /usr/lib/libxslt.1.dylib 0x96939000 - 0x9694ffff libJapaneseConverter.dylib /System/Library/CoreServices/Encodings/ libJapaneseConverter.dylib 0x97a87000 - 0x97b9efff libGLProgrammability.dylib /System/Library/Frameworks/ OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib 0x97c17000 - 0x97c18fff libGLSystem.dylib /System/Library/Frameworks/OpenGL.framework/ Versions/A/Libraries/libGLSystem.dylib 0x97c1a000 - 0x97c27fff com.apple.agl 2.5.6 (AGL-2.5.6) /System/Library/Frameworks/ AGL.framework/Versions/A/AGL 0x99724000 - 0x99eb6fff com.apple.QuickTimeComponents.component 7.0.1 /System/Library/QuickTime/QuickTimeComponents.component/Contents/MacOS/ QuickTimeComponents 0x9b210000 - 0x9b243fff com.apple.Syndication 1.0.1 (38) /System/Library/PrivateFrameworks/ Syndication.framework/Versions/A/Syndication 0x9b25e000 - 0x9b26efff com.apple.SyndicationUI 1.0.1 (38) /System/Library/PrivateFrameworks/ SyndicationUI.framework/Versions/A/SyndicationUI Model: PowerBook4,1, BootROM 4.2.0f4, 1 processors, PowerPC 750 (33.11), 500 MHz, 384 MB Graphics: ATY,RageM3, ATY,RageM3, AGP, 8 MB Memory Module: DIMM0/BUILT-IN, 128 MB, built-in, built-in Memory Module: DIMM1/J12, 256 MB, SDRAM, PC100-222S AirPort: AirPort, 9.52 Modem: MiniSpring-DCP, UCJ, V.90, 1.0F, APPLE VERSION 0010DCP, 6/10/2001 Network Service: Built-in Ethernet, Ethernet, en0 Parallel ATA Device: TOSHIBA MK1017GAP, 9.37 GB Parallel ATA Device: TOSHIBA DVD-ROM SD-R2002, USB Device: USB-PS/2 Optical Mouse, Logitech, Up to 1.5 Mb/sec, 500 mA

Jon

Comment 9 2005-08-09 06:46:23 PDT

Another crash, this time while loading and scrolling MacNN's main page. Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000004 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x00469418 KJS::ValueImp::marked() const + 12 (icplusplus.c:28) 1 com.apple.JavaScriptCore 0x0043a818 KJS::ObjectImp::mark() + 40 (icplusplus.c:28) 2 com.apple.JavaScriptCore 0x0041cfc4 KJS::Collector::markStackObjectsConservatively(void*, void*) + 236 (icplusplus.c:28) 3 com.apple.JavaScriptCore 0x0041d0b0 KJS::Collector::markCurrentThreadConservatively() + 40 (icplusplus.c:28) 4 com.apple.JavaScriptCore 0x0041d0dc KJS::Collector::markStackObjectsConservatively() + 28 (icplusplus.c:28) 5 com.apple.JavaScriptCore 0x0041d170 KJS::Collector::collect() + 80 (icplusplus.c:28) 6 com.apple.JavaScriptCore 0x0041d414 KJS::Collector::allocate(unsigned long) + 60 (icplusplus.c: 28) 7 com.apple.JavaScriptCore 0x00422040 KJS::FunctionPrototypeImp::FunctionPrototypeImp[in- charge](KJS::ExecState*) + 92 (icplusplus.c:28) 8 com.apple.JavaScriptCore 0x00428924 KJS::InterpreterImp::initGlobalObject() + 88 (icplusplus.c: 28) 9 com.apple.JavaScriptCore 0x00429ffc KJS::InterpreterImp::InterpreterImp[in-charge] (KJS::Interpreter*, KJS::ObjectImp*) + 436 (icplusplus.c:28) 10 com.apple.JavaScriptCore 0x0042a3d0 KJS::Interpreter::Interpreter[not-in-charge] (KJS::ObjectImp*) + 104 (icplusplus.c:28) 11 com.apple.WebCore 0x0107bae0 KJS::ScriptInterpreter::ScriptInterpreter[in-charge] (KJS::ObjectImp*, KHTMLPart*) + 36 (icplusplus.c:28) 12 com.apple.WebCore 0x0109dd40 KJSProxyImpl::initScript() + 100 (icplusplus.c:28) 13 com.apple.WebCore 0x0109df10 KJSProxyImpl::interpreter() + 36 (icplusplus.c:28) 14 com.apple.WebCore 0x0109fc48 KJS::Window::retrieve(KHTMLPart*) + 48 (icplusplus.c:28) 15 com.apple.WebCore 0x010a145c KJS::Window::retrieveWindow(KHTMLPart*) + 16 (icplusplus.c:28) 16 com.apple.WebCore 0x0101a974 KWQKHTMLPart::windowScriptObject() + 44 (icplusplus.c: 28) 17 com.apple.WebKit 0x0031f894 -[WebBridge windowObjectCleared] + 88 (icplusplus.c:28) 18 com.apple.WebCore 0x0105b570 KHTMLPart::begin(KURL const&, int, int) + 104 (icplusplus.c:28) 19 com.apple.WebCore 0x01058984 KHTMLPart::receivedFirstData() + 124 (icplusplus.c:28) 20 com.apple.WebCore 0x0101bc78 KWQKHTMLPart::setEncoding(QString const&, bool) + 56 (icplusplus.c:28) 21 com.apple.WebCore 0x0104f8ac -[WebCoreBridge setEncoding:userChosen:] + 60 (icplusplus.c:28) 22 com.apple.WebKit 0x0031c694 -[WebBridge receivedData:textEncodingName:] + 100 (icplusplus.c:28) 23 com.apple.WebKit 0x0032eec4 -[WebDataSource(WebPrivate) _receivedData:] + 108 (icplusplus.c:28) 24 com.apple.WebKit 0x0034e080 -[WebMainResourceLoader addData:] + 88 (icplusplus.c: 28) 25 com.apple.WebKit 0x0032bb74 -[WebLoader didReceiveData:lengthReceived:] + 68 (icplusplus.c:28) 26 com.apple.WebKit 0x0034ea14 -[WebMainResourceLoader didReceiveData:lengthReceived:] + 140 (icplusplus.c:28) 27 com.apple.WebKit 0x0032c064 -[WebLoader connection:didReceiveData:lengthReceived:] + 64 (icplusplus.c:28) 28 com.apple.Foundation 0x928ed538 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564 29 com.apple.Foundation 0x928eb9ac -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 440 30 com.apple.Foundation 0x928eb778 _sendCallbacks + 156 31 com.apple.CoreFoundation 0x90758d2c __CFRunLoopDoSources0 + 384 32 com.apple.CoreFoundation 0x9075825c __CFRunLoopRun + 452 33 com.apple.CoreFoundation 0x90757cdc CFRunLoopRunSpecific + 268 34 com.apple.HIToolbox 0x93161be0 RunCurrentEventLoopInMode + 264 35 com.apple.HIToolbox 0x93161274 ReceiveNextEventCommon + 380 36 com.apple.HIToolbox 0x931610e0 BlockUntilNextEventMatchingListInMode + 96 37 com.apple.AppKit 0x9365c704 _DPSNextEvent + 384 38 com.apple.AppKit 0x9365c3c8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 39 com.apple.Safari 0x00006ba8 0x1000 + 23464 40 com.apple.AppKit 0x9365890c -[NSApplication run] + 472 41 com.apple.AppKit 0x93749284 NSApplicationMain + 452 42 com.apple.Safari 0x000021e4 0x1000 + 4580 43 com.apple.Safari 0x00056e14 0x1000 + 351764

Darin Adler

Comment 10 2005-08-11 12:07:10 PDT

Mitz says this is happening often enough on TOT that he's finding it unlivable.

mitz

Comment 11 2005-08-13 02:55:55 PDT

The problem seems to be that _proto is null in ObjectImp::mark(). There was another crash due to null _proto, <rdar://problem/4207220>, which ggaren patched by adding a check in ObjectImp::hasProperty (which was later removed). According to ggaren, the long-term plan is to avoid null checks by using JS Null() instead of null pointers. I'm not sure if that's been implemented already (if so, obviously there's a bug in the implementation). Meanwhile, adding a null check in ObjectImp::mark() should fix this crash. I'll submit a patch.

mitz

Comment 12 2005-08-13 03:04:04 PDT

Created attachment 3358 [details] null pointer check

Eric Seidel (no email)

Comment 13 2005-08-13 03:16:42 PDT

*** Bug 4402 has been marked as a duplicate of this bug. ***

Darin Adler

Comment 14 2005-08-13 23:18:46 PDT

Comment on attachment 3358 [details] null pointer check This is not how we want to fix this. Prototypes should never be NULL, and it helps performance to not have the NULL check. We want to figure out why the prototype is NULL at this point and fix that instead.

Darin Adler

Comment 15 2005-08-13 23:24:20 PDT

Maciej's check-in on 2005-08-06 was supposed to fix this. Are we still seeing this in cases where we built after 08-06? If so, then what object had a NULL for its prototype pointer after that change?

mitz

Comment 16 2005-08-13 23:38:29 PDT

(In reply to comment #15) > Are we still seeing this in cases where we built > after 08-06? Definitely. Actually, this only started happening on 08-08. > If so, then what object had a NULL for its prototype pointer after that change? I'll catch one and see.

Darin Adler

Comment 17 2005-08-13 23:58:23 PDT

I'm working on a patch.

Darin Adler

Comment 18 2005-08-14 00:48:56 PDT

Created attachment 3374 [details] my cut at a fix; eliminates case where prototype could be null Mitz reproduced the bug and the object was a FunctionPrototypeImp. That led me to this code setting prototype to 0/NULL. I added asserts that prototypes are never 0/NULL. I changed FunctionPrototypeImp to use a prototype of jsNull rather than 0/NULL. And I simplified some other confusing code that set another variable named "proto" to 0, only to set it to another value one line later.

Darin Adler

Comment 19 2005-08-14 08:51:27 PDT

Mitz said he tested this and it worked for him. I'm going to land it even without review.

Darin Adler

Comment 20 2005-08-14 09:02:45 PDT

Comment on attachment 3374 [details] my cut at a fix; eliminates case where prototype could be null Since this fix is quite straightforward, and it's blocking a lot of people from using TOT WebKit, I'm going to land this without review.

Geoffrey Garen

Comment 21 2005-08-15 09:45:35 PDT

rr (retroactive reviewer)=me.

Note You need to log in before you can comment on or make changes to this bug.