Bug 6922

Steps to reproduce in nightly r12450: 1. Open http://www.united.com/. 2. Highlight "Planning travel" image in the top-left corner. 3. Right-click on page and select "Inspect Element". 4. Back on the page, click on a link (I used "Cruises"). 5. Click the "Back" button after the page loads. 6. Click on the first "<li>" element under the "<ul>" element. 7. Safari crashes. Date/Time: 2006-01-29 16:57:56.747 -0600 OS Version: 10.4.4 (Build 8G32) Report Version: 3 Command: Safari Path: /Applications/Safari.app/Contents/MacOS/Safari Parent: WindowServer [76] Version: 2.0.3 (417.8) Build Version: 1 Project Name: WebBrowser Source Version: 4170800 PID: 14853 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x000000b0 Thread 0 Crashed: 0 com.apple.WebCore 0x01183b98 Frame::jScriptEnabled() const + 0 1 com.apple.WebCore 0x011848f8 Frame::jScript() + 24 2 com.apple.WebCore 0x011ee678 -[WebScriptObject(WebScriptObjectInternal) _initializeScriptDOMNodeImp] + 140 3 com.apple.JavaScriptCore 0x0015e340 -[WebScriptObject _imp] + 60 4 com.apple.JavaScriptCore 0x0015b22c KJS::Bindings::convertObjcValueToValue(KJS::ExecState*, void*, KJS::Bindings::ObjcValueType) + 520 5 com.apple.JavaScriptCore 0x0015a554 KJS::Bindings::ObjcInstance::invokeMethod(KJS::ExecState*, KJS::Bindings::MethodList const&, KJS::List const&) + 828 6 com.apple.JavaScriptCore 0x00156520 KJS::RuntimeMethod::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 280 7 com.apple.JavaScriptCore 0x00134f8c KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 96 8 com.apple.JavaScriptCore 0x00128ec4 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 536 9 com.apple.JavaScriptCore 0x001255d4 KJS::VarDeclNode::evaluate(KJS::ExecState*) + 88 10 com.apple.JavaScriptCore 0x0012551c KJS::VarDeclListNode::evaluate(KJS::ExecState*) + 84 11 com.apple.JavaScriptCore 0x0012bea0 KJS::VarStatementNode::execute(KJS::ExecState*) + 104 12 com.apple.JavaScriptCore 0x0012f178 KJS::SourceElementsNode::execute(KJS::ExecState*) + 244 13 com.apple.JavaScriptCore 0x0012c038 KJS::BlockNode::execute(KJS::ExecState*) + 156 14 com.apple.JavaScriptCore 0x00114a58 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 56 15 com.apple.JavaScriptCore 0x00114488 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 440 16 com.apple.JavaScriptCore 0x00134f8c KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 96 17 com.apple.JavaScriptCore 0x001292b8 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 528 18 com.apple.JavaScriptCore 0x0012c0fc KJS::ExprStatementNode::execute(KJS::ExecState*) + 104 19 com.apple.JavaScriptCore 0x0012f178 KJS::SourceElementsNode::execute(KJS::ExecState*) + 244 20 com.apple.JavaScriptCore 0x0012c038 KJS::BlockNode::execute(KJS::ExecState*) + 156 21 com.apple.JavaScriptCore 0x001153fc KJS::GlobalFuncImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 756 22 com.apple.JavaScriptCore 0x00134f8c KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 96 23 com.apple.JavaScriptCore 0x001292b8 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 528 24 com.apple.JavaScriptCore 0x0012c0fc KJS::ExprStatementNode::execute(KJS::ExecState*) + 104 25 com.apple.JavaScriptCore 0x0012f264 KJS::SourceElementsNode::execute(KJS::ExecState*) + 480 26 com.apple.JavaScriptCore 0x0012c038 KJS::BlockNode::execute(KJS::ExecState*) + 156 27 com.apple.JavaScriptCore 0x00114a58 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 56 28 com.apple.JavaScriptCore 0x00114488 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 440 29 com.apple.JavaScriptCore 0x00134f8c KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 96 30 com.apple.JavaScriptCore 0x0015fc44 -[WebScriptObject callWebScriptMethod:withArguments:] + 508 31 com.apple.WebKit 0x00379258 -[WebInspector(WebInspectorPrivate) _update] + 96 32 com.apple.WebKit 0x0037774c -[WebInspector setFocusedDOMNode:] + 304 33 com.apple.WebKit 0x00379d84 -[WebInspector(WebInspectorPrivate) outlineViewSelectionDidChange:] + 136 34 com.apple.Foundation 0x928e6018 _nsnote_callback + 180 35 com.apple.CoreFoundation 0x907844c4 __CFXNotificationPost + 368 36 com.apple.CoreFoundation 0x9077c5a0 _CFXNotificationPostNotification + 684 37 com.apple.Foundation 0x928d0420 -[NSNotificationCenter postNotificationName:object:userInfo:] + 92 38 com.apple.AppKit 0x93733518 -[NSTableView _enableSelectionPostingAndPost] + 424 39 com.apple.AppKit 0x937377dc -[NSTableView _doSelectIndexes:byExtendingSelection:indexType:funnelThroughSingleIndexVersion:] + 1836 40 com.apple.AppKit 0x93749020 -[NSTableView selectRow:byExtendingSelection:] + 344 41 com.apple.AppKit 0x937fb894 -[NSTableView keyDown:] + 636 42 com.apple.AppKit 0x93a27cd8 -[NSOutlineView keyDown:] + 328 43 com.apple.AppKit 0x936e85c0 -[NSWindow sendEvent:] + 6424 44 com.apple.WebKit 0x0037ca0c -[WebInspectorPanel sendEvent:] + 768 45 com.apple.AppKit 0x93690ef4 -[NSApplication sendEvent:] + 4172 46 com.apple.Safari 0x00021c64 0x1000 + 134244 47 com.apple.AppKit 0x93688330 -[NSApplication run] + 508 48 com.apple.AppKit 0x93778e68 NSApplicationMain + 452 49 com.apple.Safari 0x0005cfdc 0x1000 + 376796 50 com.apple.Safari 0x0005ce80 0x1000 + 376448