Bug 6382

Summary: REGRESSION: Repro crash when clicking link with target="_blank"
Product: WebKit Reporter: mitz
Component: FramesAssignee: Nobody <webkit-unassigned>
Status: VERIFIED FIXED    
Severity: Critical CC: sullivan
Priority: P1 Keywords: InRadar
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
testcase
none
Proposed patch darin: review+

Description mitz 2006-01-05 06:49:24 PST 
TOT crashes when you click a link with target "_blank".

To reproduce: open the testcase and click "test".

Crash backtrace:

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x000000dc

Thread 0 Crashed:
0   com.apple.WebCore        	0x016d6e04 KWQKHTMLPart::generateFrameName() + 248 
(KWQKHTMLPart.mm:205)
1   com.apple.WebCore        	0x0175864c KHTMLPart::requestFrameName() + 56 (khtml_part.cpp:
1743)
2   com.apple.WebCore        	0x016ddc70 KWQKHTMLPart::setName(QString const&) + 224 
(KWQKHTMLPart.mm:3830)
3   com.apple.WebCore        	0x0174c754 -[WebCoreBridge setName:] + 92 (WebCoreBridge.mm:
1627)
4   com.apple.WebKit         	0x003666a4 -[WebFrame(WebPrivate) 
_continueLoadRequestAfterNewWindowPolicy:frameName:formState:] + 432 (WebFrame.m:1827)
5   com.apple.WebKit         	0x0035d4b8 -[NSObject(WebExtraPerformMethod) 
performSelector:withObject:withObject:withObject:] + 72 (WebFrame.m:125)
6   com.apple.WebKit         	0x00365794 -[WebFrame(WebPrivate) _continueAfterNewWindowPolicy:] 
+ 712 (WebFrame.m:1661)
7   com.apple.WebKit         	0x003bdc80 -[WebPolicyDecisionListener _usePolicy:] + 120 
(WebPolicyDelegate.m:92)
8   com.apple.WebKit         	0x003bdd84 -[WebPolicyDecisionListener use] + 68 
(WebPolicyDelegate.m:107)
9   libobjc.A.dylib          	0x909c4214 objc_msgSendv + 180
10  com.apple.Foundation     	0x928e21c8 -[NSInvocation invoke] + 944
11  com.apple.Foundation     	0x928e2778 -[NSInvocation invokeWithTarget:] + 64
12  com.apple.WebKit         	0x003afd6c -[_WebSafeForwarder forwardInvocation:] + 624 
(WebView.m:1459)
13  com.apple.Foundation     	0x928da574 -[NSObject(NSForwardInvocation) forward::] + 408
14  libobjc.A.dylib          	0x909c40d0 _objc_msgForward + 176
15  com.apple.WebKit         	0x0036549c -[WebFrame(WebPrivate) 
_checkNewWindowPolicyForRequest:action:frameName:formState:andCall:withSelector:] + 580 
(WebFrame.m:1630)
16  com.apple.WebKit         	0x00366a9c -[WebFrame(WebPrivate) 
_loadURL:referrer:loadType:target:triggeringEvent:form:formValues:] + 792 (WebFrame.m:1868)
17  com.apple.WebKit         	0x00335538 -[WebBridge 
loadURL:referrer:reload:userGesture:target:triggeringEvent:form:formValues:] + 436 (WebBridge.m:726)
18  com.apple.WebCore        	0x016e5058 KWQKHTMLPart::urlSelected(KURL const&, int, int, 
KParts::URLArgs const&) + 548 (KWQKHTMLPart.mm:719)
19  com.apple.WebCore        	0x01764834 KHTMLPart::urlSelected(QString const&, int, int, QString 
const&, KParts::URLArgs) + 820 (khtml_part.cpp:1707)
20  com.apple.WebCore        	0x0181f4a0 DOM::HTMLAnchorElementImpl::defaultEventHandler
(DOM::EventImpl*) + 2080 (html_inlineimpl.cpp:208)
21  com.apple.WebCore        	0x018d3f40 DOM::NodeImpl::dispatchGenericEvent(DOM::EventImpl*, 
int&) + 1072 (dom_nodeimpl.cpp:624)
22  com.apple.WebCore        	0x018d41ec DOM::NodeImpl::dispatchEvent(DOM::EventImpl*, int&, 
bool) + 364 (dom_nodeimpl.cpp:533)
23  com.apple.WebCore        	0x018d4a48 DOM::NodeImpl::dispatchMouseEvent(DOM::AtomicString 
const&, int, int, int, int, int, int, bool, bool, bool, bool) + 492 (dom_nodeimpl.cpp:779)
24  com.apple.WebCore        	0x018da5e4 DOM::NodeImpl::dispatchMouseEvent(QMouseEvent*, 
DOM::AtomicString const&, int) + 804 (dom_nodeimpl.cpp:741)
25  com.apple.WebCore        	0x01768f1c KHTMLView::dispatchMouseEvent(DOM::AtomicString 
const&, DOM::NodeImpl*, bool, int, QMouseEvent*, bool, int) + 1064 (khtmlview.cpp:1079)
26  com.apple.WebCore        	0x0176a4d0 KHTMLView::viewportMouseReleaseEvent(QMouseEvent*) + 
632 (khtmlview.cpp:725)
27  com.apple.WebCore        	0x016e6694 KWQKHTMLPart::mouseUp(NSEvent*) + 584 
(KWQKHTMLPart.mm:2706)
28  com.apple.WebCore        	0x0174ae6c -[WebCoreBridge mouseUp:] + 52 (WebCoreBridge.mm:
1187)
29  com.apple.WebKit         	0x0037f92c -[WebHTMLView mouseUp:] + 292 (WebHTMLView.m:2911)
30  com.apple.AppKit         	0x936e7f18 -[NSWindow sendEvent:] + 4728
31  com.apple.Safari         	0x00022180 0x1000 + 135552
32  com.apple.AppKit         	0x93690ef4 -[NSApplication sendEvent:] + 4172
33  com.apple.Safari         	0x00021c84 0x1000 + 134276
34  com.apple.AppKit         	0x93688330 -[NSApplication run] + 508
35  com.apple.AppKit         	0x93778e60 NSApplicationMain + 452
36  com.apple.Safari         	0x0005d028 0x1000 + 376872
37  com.apple.Safari         	0x0005cecc 0x1000 + 376524
Comment 1 mitz 2006-01-05 06:49:51 PST 
Created attachment 5494 [details]
testcase
Comment 2 Alice Liu 2006-01-05 14:39:09 PST 
<rdar://problem/4400293>
Comment 3 Gustaaf Groenendaal (MysteryQuest) 2006-01-05 15:56:27 PST 
Not sure about this but this could be a result of the implementation of the following patch:
http://bugzilla.opendarwin.org/show_bug.cgi?id=6357
Comment 4 mitz 2006-01-06 06:45:59 PST 
Created attachment 5512 [details]
Proposed patch
Comment 5 Darin Adler 2006-01-06 06:54:56 PST 
Comment on attachment 5512 [details]
Proposed patch

r=me
Comment 6 Geoffrey Garen 2006-01-06 11:22:52 PST 
Landed.
Comment 7 mitz 2006-01-07 05:44:27 PST 
*** Bug 6398 has been marked as a duplicate of this bug. ***
Comment 8 Joost de Valk (AlthA) 2006-01-22 04:57:25 PST 
Removing keyword(s) since bug is fixed.