Bug 6382

Summary: REGRESSION: Repro crash when clicking link with target="_blank"
Product: WebKit Reporter: mitz
Component: FramesAssignee: Nobody <webkit-unassigned>
Status: VERIFIED FIXED    
Severity: Critical CC: sullivan
Priority: P1 Keywords: InRadar
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
testcase
none
Proposed patch darin: review+

mitz
Reported 2006-01-05 06:49:24 PST
TOT crashes when you click a link with target "_blank". To reproduce: open the testcase and click "test". Crash backtrace: Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x000000dc Thread 0 Crashed: 0 com.apple.WebCore 0x016d6e04 KWQKHTMLPart::generateFrameName() + 248 (KWQKHTMLPart.mm:205) 1 com.apple.WebCore 0x0175864c KHTMLPart::requestFrameName() + 56 (khtml_part.cpp: 1743) 2 com.apple.WebCore 0x016ddc70 KWQKHTMLPart::setName(QString const&) + 224 (KWQKHTMLPart.mm:3830) 3 com.apple.WebCore 0x0174c754 -[WebCoreBridge setName:] + 92 (WebCoreBridge.mm: 1627) 4 com.apple.WebKit 0x003666a4 -[WebFrame(WebPrivate) _continueLoadRequestAfterNewWindowPolicy:frameName:formState:] + 432 (WebFrame.m:1827) 5 com.apple.WebKit 0x0035d4b8 -[NSObject(WebExtraPerformMethod) performSelector:withObject:withObject:withObject:] + 72 (WebFrame.m:125) 6 com.apple.WebKit 0x00365794 -[WebFrame(WebPrivate) _continueAfterNewWindowPolicy:] + 712 (WebFrame.m:1661) 7 com.apple.WebKit 0x003bdc80 -[WebPolicyDecisionListener _usePolicy:] + 120 (WebPolicyDelegate.m:92) 8 com.apple.WebKit 0x003bdd84 -[WebPolicyDecisionListener use] + 68 (WebPolicyDelegate.m:107) 9 libobjc.A.dylib 0x909c4214 objc_msgSendv + 180 10 com.apple.Foundation 0x928e21c8 -[NSInvocation invoke] + 944 11 com.apple.Foundation 0x928e2778 -[NSInvocation invokeWithTarget:] + 64 12 com.apple.WebKit 0x003afd6c -[_WebSafeForwarder forwardInvocation:] + 624 (WebView.m:1459) 13 com.apple.Foundation 0x928da574 -[NSObject(NSForwardInvocation) forward::] + 408 14 libobjc.A.dylib 0x909c40d0 _objc_msgForward + 176 15 com.apple.WebKit 0x0036549c -[WebFrame(WebPrivate) _checkNewWindowPolicyForRequest:action:frameName:formState:andCall:withSelector:] + 580 (WebFrame.m:1630) 16 com.apple.WebKit 0x00366a9c -[WebFrame(WebPrivate) _loadURL:referrer:loadType:target:triggeringEvent:form:formValues:] + 792 (WebFrame.m:1868) 17 com.apple.WebKit 0x00335538 -[WebBridge loadURL:referrer:reload:userGesture:target:triggeringEvent:form:formValues:] + 436 (WebBridge.m:726) 18 com.apple.WebCore 0x016e5058 KWQKHTMLPart::urlSelected(KURL const&, int, int, KParts::URLArgs const&) + 548 (KWQKHTMLPart.mm:719) 19 com.apple.WebCore 0x01764834 KHTMLPart::urlSelected(QString const&, int, int, QString const&, KParts::URLArgs) + 820 (khtml_part.cpp:1707) 20 com.apple.WebCore 0x0181f4a0 DOM::HTMLAnchorElementImpl::defaultEventHandler (DOM::EventImpl*) + 2080 (html_inlineimpl.cpp:208) 21 com.apple.WebCore 0x018d3f40 DOM::NodeImpl::dispatchGenericEvent(DOM::EventImpl*, int&) + 1072 (dom_nodeimpl.cpp:624) 22 com.apple.WebCore 0x018d41ec DOM::NodeImpl::dispatchEvent(DOM::EventImpl*, int&, bool) + 364 (dom_nodeimpl.cpp:533) 23 com.apple.WebCore 0x018d4a48 DOM::NodeImpl::dispatchMouseEvent(DOM::AtomicString const&, int, int, int, int, int, int, bool, bool, bool, bool) + 492 (dom_nodeimpl.cpp:779) 24 com.apple.WebCore 0x018da5e4 DOM::NodeImpl::dispatchMouseEvent(QMouseEvent*, DOM::AtomicString const&, int) + 804 (dom_nodeimpl.cpp:741) 25 com.apple.WebCore 0x01768f1c KHTMLView::dispatchMouseEvent(DOM::AtomicString const&, DOM::NodeImpl*, bool, int, QMouseEvent*, bool, int) + 1064 (khtmlview.cpp:1079) 26 com.apple.WebCore 0x0176a4d0 KHTMLView::viewportMouseReleaseEvent(QMouseEvent*) + 632 (khtmlview.cpp:725) 27 com.apple.WebCore 0x016e6694 KWQKHTMLPart::mouseUp(NSEvent*) + 584 (KWQKHTMLPart.mm:2706) 28 com.apple.WebCore 0x0174ae6c -[WebCoreBridge mouseUp:] + 52 (WebCoreBridge.mm: 1187) 29 com.apple.WebKit 0x0037f92c -[WebHTMLView mouseUp:] + 292 (WebHTMLView.m:2911) 30 com.apple.AppKit 0x936e7f18 -[NSWindow sendEvent:] + 4728 31 com.apple.Safari 0x00022180 0x1000 + 135552 32 com.apple.AppKit 0x93690ef4 -[NSApplication sendEvent:] + 4172 33 com.apple.Safari 0x00021c84 0x1000 + 134276 34 com.apple.AppKit 0x93688330 -[NSApplication run] + 508 35 com.apple.AppKit 0x93778e60 NSApplicationMain + 452 36 com.apple.Safari 0x0005d028 0x1000 + 376872 37 com.apple.Safari 0x0005cecc 0x1000 + 376524
Attachments
testcase (107 bytes, text/html)
2006-01-05 06:49 PST, mitz 		no flags
Details
Proposed patch (747 bytes, patch)
2006-01-06 06:45 PST, mitz 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
mitz
Comment 1 2006-01-05 06:49:51 PST
Created attachment 5494 [details] testcase
Alice Liu
Comment 2 2006-01-05 14:39:09 PST
<rdar://problem/4400293>
Gustaaf Groenendaal (MysteryQuest)
Comment 3 2006-01-05 15:56:27 PST
Not sure about this but this could be a result of the implementation of the following patch: http://bugzilla.opendarwin.org/show_bug.cgi?id=6357
mitz
Comment 4 2006-01-06 06:45:59 PST
Created attachment 5512 [details] Proposed patch
Darin Adler
Comment 5 2006-01-06 06:54:56 PST
Comment on attachment 5512 [details] Proposed patch r=me
Geoffrey Garen
Comment 6 2006-01-06 11:22:52 PST
Landed.
mitz
Comment 7 2006-01-07 05:44:27 PST
*** Bug 6398 has been marked as a duplicate of this bug. ***
Joost de Valk (AlthA)
Comment 8 2006-01-22 04:57:25 PST
Removing keyword(s) since bug is fixed.
Note You need to log in before you can comment on or make changes to this bug.