Bug 5665

Summary: REGRESSION: Crash in deleteTimer
Product: WebKit Reporter: Jon <jon>
Component: New BugsAssignee: Darin Adler <darin>
Status: RESOLVED FIXED    
Severity: Major    
Priority: P1    
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
patch that changes how deletion works with deferral, should fix crash none

Jon
Reported 2005-11-08 15:36:39 PST
Similar to bug 5661, after general browsing for a period of time (longer than required for 5661 but still inevitable), Safari running TOT WebKit will crash with the following: Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000000 Thread 0 Crashed: 0 com.apple.CoreFoundation 0x90771be0 CFArraySetValueAtIndex + 56 1 com.apple.WebCore 0x015d4738 deleteTimer(KWQObjectTimer*) + 72 (KWQObject.mm:201) 2 com.apple.WebCore 0x015d47a8 QObject::killTimer(int) + 88 (KWQObject.mm:215) 3 com.apple.WebCore 0x016baf88 DOM::DocumentImpl::dispatchImageLoadEventsNow() + 60 (dom_docimpl.cpp:2550) 4 com.apple.WebCore 0x015d4cac sendDeferredTimerEvent(void const*, void*) + 64 (KWQObject.mm:239) 5 com.apple.CoreFoundation 0x9076c954 CFArrayApplyFunction + 416 6 com.apple.WebCore 0x015d48d0 sendDeferredTimerEvents(__CFRunLoopTimer*, void*) + 112 (KWQObject.mm:254) 7 com.apple.CoreFoundation 0x90770ae0 __CFRunLoopDoTimer + 184 8 com.apple.CoreFoundation 0x9075d458 __CFRunLoopRun + 1680 9 com.apple.CoreFoundation 0x9075ca0c CFRunLoopRunSpecific + 268 10 com.apple.HIToolbox 0x931831e0 RunCurrentEventLoopInMode + 264 11 com.apple.HIToolbox 0x93182874 ReceiveNextEventCommon + 380 12 com.apple.HIToolbox 0x931826e0 BlockUntilNextEventMatchingListInMode + 96 13 com.apple.AppKit 0x93681904 _DPSNextEvent + 384 14 com.apple.AppKit 0x936815c8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 15 com.apple.Safari 0x00006ef0 0x1000 + 24304 16 com.apple.AppKit 0x9367db0c -[NSApplication run] + 472 17 com.apple.AppKit 0x9376e618 NSApplicationMain + 452 18 com.apple.Safari 0x0000265c 0x1000 + 5724 19 com.apple.Safari 0x00056d1c 0x1000 + 351516
Attachments
patch that changes how deletion works with deferral, should fix crash (2.53 KB, patch)
2005-11-08 16:48 PST, Darin Adler 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Darin Adler
Comment 1 2005-11-08 16:48:51 PST
Created attachment 4633 [details] patch that changes how deletion works with deferral, should fix crash Needs a little testing.
Tim Omernick
Comment 2 2005-11-08 18:05:00 PST
I am rolling back Darin's original patch, the one that caused this crash. We are going to get this code in better shape before we commit.
Note You need to log in before you can comment on or make changes to this bug.