Bug 7804

Summary: REGRESSION: Incorrect rendering then crash on refresh of nasa.gov
Product: WebKit Reporter: Jon <jon>
Component: DOMAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Major CC: alice.barraclough, ap, gavin.sharp
Priority: P1 Keywords: InRadar, NeedsReduction, Regression
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
URL: http://www.nasa.gov/home/index.html

Jon
Reported 2006-03-16 08:52:26 PST
r13334 incorrectly renders the flash version of the nasa.gov homepage the first time it's loaded. Then, when attempting a refresh, it will crash. Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x03d003db Thread 0 Crashed: 0 com.apple.WebCore 0x01abecd4 QString::QString[in-charge](QString const&) + 116 (QString.h:373) 1 com.apple.WebCore 0x0184c394 KWQValueListImpl::KWQValueListPrivate::copyList(KWQValueListNodeImpl*, KWQValueListNodeImpl*&, KWQValueListNodeImpl*&) const + 84 (KWQValueListImpl.cpp:84) 2 com.apple.WebCore 0x0184c60c KWQValueListImpl::copyOnWrite() + 108 (Shared.h:34) 3 com.apple.WebCore 0x0184c860 KWQValueListImpl::clear() + 48 (KWQValueListImpl.cpp:129) 4 com.apple.WebCore 0x019d54dc WebCore::SegmentedString::clear() + 60 (SegmentedString.cpp:81) 5 com.apple.WebCore 0x018bf8f8 WebCore::HTMLTokenizer::notifyFinished(WebCore::CachedObject*) + 568 (htmltokenizer.cpp:1745) 6 com.apple.WebCore 0x019d26c8 WebCore::CachedScript::checkNotify() + 88 (CachedScript.cpp:106) 7 com.apple.WebCore 0x019d281c WebCore::CachedScript::data(WebCore::Array<char>&, bool) + 252 (CachedScript.cpp:99) 8 com.apple.WebCore 0x019d4f3c WebCore::Loader::receivedAllData(WebCore::TransferJob*, NSData*) + 380 (loader.cpp:136) 9 com.apple.WebCore 0x018df304 -[KWQResourceLoader finishJobAndHandle:] + 116 (KWQResourceLoader.mm:98) 10 com.apple.WebKit 0x00326ef0 -[WebSubresourceLoader didFinishLoading] + 80 (WebSubresourceLoader.m:228) 11 com.apple.WebKit 0x0032ee2c -[WebLoader connectionDidFinishLoading:] + 44 (WebLoader.m:663) 12 com.apple.Foundation 0x92907a6c -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 188 13 com.apple.Foundation 0x92905cd8 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 556 14 com.apple.Foundation 0x92905a30 _sendCallbacks + 156 15 com.apple.CoreFoundation 0x9075ea68 __CFRunLoopDoSources0 + 384 16 com.apple.CoreFoundation 0x9075df98 __CFRunLoopRun + 452 17 com.apple.CoreFoundation 0x9075da18 CFRunLoopRunSpecific + 268 18 com.apple.HIToolbox 0x9317d1e0 RunCurrentEventLoopInMode + 264 19 com.apple.HIToolbox 0x9317c874 ReceiveNextEventCommon + 380 20 com.apple.HIToolbox 0x9317c6e0 BlockUntilNextEventMatchingListInMode + 96 21 com.apple.AppKit 0x9367b104 _DPSNextEvent + 384 22 com.apple.AppKit 0x9367adc8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 23 com.apple.Safari 0x00006e74 0x1000 + 24180 24 com.apple.AppKit 0x9367730c -[NSApplication run] + 472 25 com.apple.AppKit 0x93767e68 NSApplicationMain + 452 26 com.apple.Safari 0x0005cbf0 0x1000 + 375792 27 com.apple.Safari 0x0005ca94 0x1000 + 375444
Attachments
Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2006-03-16 10:57:43 PST
Must a regression from the fix in bug 4395 - the debug build crashes with an assertion ASSERTION FAILED: !inWrite (/Users/ap/WebKit/WebCore/khtml/html/htmltokenizer.cpp:1663 virtual WebCore::HTMLTokenizer::~HTMLTokenizer())
Alice Liu
Comment 2 2006-03-16 17:51:01 PST
<rdar://problem/4481578>
Eric Seidel (no email)
Comment 3 2006-03-20 22:48:47 PST
This also looks like it might have been a dup of 7818.
Eric Seidel (no email)
Comment 4 2006-03-20 23:25:37 PST
*** This bug has been marked as a duplicate of 7818 ***
Note You need to log in before you can comment on or make changes to this bug.