RESOLVED FIXED 10852
REGRESSION: Reproducible crash in XMLHttpRequest::abort() 
https://bugs.webkit.org/show_bug.cgi?id=10852
Summary REGRESSION: Reproducible crash in XMLHttpRequest::abort()
Eric Seidel (no email)
Reported 2006-09-14 01:44:53 PDT
Date/Time: 2006-09-14 00:20:48.521 -0700 OS Version: 10.4.7 (Build 8J2135) Report Version: 4 Command: Safari Path: /Applications/Safari.app/Contents/MacOS/Safari Parent: zsh [5181] Version: 2.0.4 (419.3) Build Version: 2 Project Name: WebBrowser Source Version: 4190300 PID: 9526 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0xbbadbeef Thread 0 Crashed: 0 com.apple.WebCore 0x01a63378 WebCore::DeprecatedString::~DeprecatedString [in-charge]() + 68 (DeprecatedString.cpp:592) 1 com.apple.WebCore 0x01ac425e WebCore::ResourceLoaderInternal::~ResourceLoaderInternal [in-charge]() + 50 (ResourceLoaderMac.mm:48) 2 com.apple.WebCore 0x01ac439f WebCore::ResourceLoader::~ResourceLoader [in-charge]() + 263 (ResourceLoaderMac.mm:56) 3 com.apple.WebCore 0x01ac3caf WebCore::ResourceLoader::kill() + 23 (ResourceLoader.cpp:88) 4 com.apple.WebCore 0x01a581cc WebCore::XMLHttpRequest::abort() + 46 (xmlhttprequest.cpp:359) 5 com.apple.WebCore 0x01a58969 WebCore::XMLHttpRequest::cancelRequests(WebCore::Document*) + 189 (xmlhttprequest.cpp:578) 6 com.apple.WebCore 0x01975f16 WebCore::Frame::stopLoading(bool) + 814 (Frame.cpp:320) 7 com.apple.WebCore 0x01975fb3 WebCore::Frame::closeURL() + 45 (Frame.cpp:3114) 8 com.apple.WebCore 0x019a4494 -[WebCoreFrameBridge closeURL] + 30 (WebCoreFrameBridge.mm:589) 9 com.apple.WebKit 0x0032e5b9 -[WebFrameBridge closeURL] + 81 (WebFrameBridge.m:1701) 10 com.apple.WebKit 0x0033884a -[WebFrame(WebPrivate) _transitionToCommitted:] + 720 (WebFrame.m:575) 11 com.apple.WebKit 0x003392c7 -[WebFrame(WebPrivate) _commitProvisionalLoad:] + 319 (WebFrame.m:742) 12 com.apple.WebKit 0x0033022d -[WebDataSource(WebFileInternal) _commitIfReady] + 103 (WebDataSource.m:292) 13 com.apple.WebKit 0x0033026d -[WebDataSource(WebFileInternal) _commitLoadWithData:] + 58 (WebDataSource.m:300) 14 com.apple.WebKit 0x003310bc -[WebDataSource(WebInternal) _receivedData:] + 131 (WebDataSource.m:482) 15 com.apple.WebKit 0x0039c7e7 -[WebFrameLoader _receivedData:] + 64 (WebFrameLoader.m:457) 16 com.apple.WebKit 0x003a06d5 -[WebMainResourceLoader addData:allAtOnce:] + 110 (WebMainResourceLoader.m:152) 17 com.apple.WebKit 0x0039f4c0 -[WebLoader didReceiveData:lengthReceived:allAtOnce:] + 93 (WebLoader.m:366) 18 com.apple.WebKit 0x003a1404 -[WebMainResourceLoader didReceiveData:lengthReceived:allAtOnce:] + 428 (WebMainResourceLoader.m:351) 19 com.apple.WebKit 0x0039fb4f -[WebLoader connection:didReceiveData:lengthReceived:] + 160 (WebLoader.m:466) 20 com.apple.Foundation 0x9278f7f2 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 641 21 com.apple.Foundation 0x9278dad7 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 686 22 com.apple.Foundation 0x9278d7b3 _sendCallbacks + 201 23 com.apple.CoreFoundation 0x90823379 CFRunLoopRunSpecific + 1213 24 com.apple.CoreFoundation 0x90822eb5 CFRunLoopRunInMode + 61 25 com.apple.HIToolbox 0x92f02b90 RunCurrentEventLoopInMode + 285 26 com.apple.HIToolbox 0x92f02297 ReceiveNextEventCommon + 385 27 com.apple.HIToolbox 0x92f020ee BlockUntilNextEventMatchingListInMode + 81 28 com.apple.AppKit 0x933a3771 _DPSNextEvent + 576 29 com.apple.AppKit 0x933a335e -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 137 30 com.apple.Safari 0x00006f96 0x1000 + 24470 31 com.apple.AppKit 0x9339d0e3 -[NSApplication run] + 512 32 com.apple.AppKit 0x93391037 NSApplicationMain + 573 33 com.apple.Safari 0x0005f7de 0x1000 + 387038 34 com.apple.Safari 0x0005f6f9 0x1000 + 386809 Thread 1: 0 libSystem.B.dylib 0x9000a5c7 mach_msg_trap + 7 1 com.unsanity.ape 0xc0001db2 __ape_agent + 307 2 libSystem.B.dylib 0x90024b07 _pthread_body + 84 Thread 2: 0 libSystem.B.dylib 0x9001aafc select + 12 1 libSystem.B.dylib 0x90024b07 _pthread_body + 84 Thread 3: 0 libSystem.B.dylib 0x900251a7 semaphore_wait_signal_trap + 7 1 com.apple.Foundation 0x9277f008 -[NSConditionLock lockWhenCondition:] + 39 2 com.apple.Syndication 0x9a57e052 -[AsyncDB _run:] + 181 3 com.apple.Foundation 0x927291b0 forkThreadForFunction + 123 4 libSystem.B.dylib 0x90024b07 _pthread_body + 84 Thread 4: 0 libSystem.B.dylib 0x9000a5c7 mach_msg_trap + 7 1 com.apple.CoreFoundation 0x9082369a CFRunLoopRunSpecific + 2014 2 com.apple.CoreFoundation 0x90822eb5 CFRunLoopRunInMode + 61 3 com.apple.Foundation 0x9275e861 +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 259 4 com.apple.Foundation 0x927291b0 forkThreadForFunction + 123 5 libSystem.B.dylib 0x90024b07 _pthread_body + 84 Thread 5: 0 libSystem.B.dylib 0x9000a5c7 mach_msg_trap + 7 1 com.apple.CoreFoundation 0x9082369a CFRunLoopRunSpecific + 2014 2 com.apple.CoreFoundation 0x90822eb5 CFRunLoopRunInMode + 61 3 com.apple.Foundation 0x9278595a +[NSURLCache _diskCacheSyncLoop:] + 206 4 com.apple.Foundation 0x927291b0 forkThreadForFunction + 123 5 libSystem.B.dylib 0x90024b07 _pthread_body + 84 Thread 6: 0 libSystem.B.dylib 0x9002763c kevent + 12 1 ...ple.CoreServices.CarbonCore 0x90ca9ae4 PrivateMPEntryPoint + 51 2 libSystem.B.dylib 0x90024b07 _pthread_body + 84 Thread 7: 0 libSystem.B.dylib 0x900251a7 semaphore_wait_signal_trap + 7 1 ...ple.CoreServices.CarbonCore 0x90ca9c8a MPWaitOnQueue + 198 2 com.apple.DesktopServices 0x9264ef3f TNodeSyncTask::SyncTaskProc(void*) + 143 3 ...ple.CoreServices.CarbonCore 0x90ca9ae4 PrivateMPEntryPoint + 51 4 libSystem.B.dylib 0x90024b07 _pthread_body + 84 Thread 8: 0 libSystem.B.dylib 0x900251a7 semaphore_wait_signal_trap + 7 1 com.apple.Foundation 0x9277f008 -[NSConditionLock lockWhenCondition:] + 39 2 com.apple.AppKit 0x9347a374 -[NSUIHeartBeat _heartBeatThread:] + 377 3 com.apple.Foundation 0x927291b0 forkThreadForFunction + 123 4 libSystem.B.dylib 0x90024b07 _pthread_body + 84 Thread 0 crashed with i386 Thread State: eax: 0xbbadbeef ebx: 0x01a63340 ecx:0xa0001e60 edx: 0x00000000 edi: 0x30cd65d0 esi: 0x31c83560 ebp:0xbfffe478 esp: 0xbfffe440 ss: 0x0000002f efl: 0x00010282 eip:0x01a63378 cs: 0x00000027 ds: 0x0000002f es: 0x0000002f fs:0x00000000 gs: 0x00000037 Binary Images Description: 0x1000 - 0xdefff com.apple.Safari 2.0.4 (419.3) /Applications/Safari.app/Contents/MacOS/Safari 0x305000 - 0x3cffff com.apple.WebKit 420+ /Users/eseidel/Projects/build/Debug/WebKit.framework/Versions/A/WebKit 0x1008000 - 0x10b1fff com.apple.JavaScriptCore 420+ /Users/eseidel/Projects/build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x1887000 - 0x1d7ffff com.apple.WebCore 420+ /Users/eseidel/Projects/build/Debug/WebCore.framework/Versions/A/WebCore 0x2b237000 - 0x2b250fff com.apple.AppleIntermediateCodec 1.1 (141) /Library/QuickTime/AppleIntermediateCodec.component/Contents/MacOS/AppleIntermediateCodec 0x2b255000 - 0x2b26efff com.apple.applepixletvideo 1.2.9 (1.2d9) /System/Library/QuickTime/ApplePixletVideo.component/Contents/MacOS/ApplePixletVideo 0x2f5dc000 - 0x2f618fff com.apple.QuickTimeFireWireDV.component 7.1.3 /System/Library/QuickTime/QuickTimeFireWireDV.component/Contents/MacOS/QuickTimeFireWireDV 0x31d05000 - 0x31f34fff com.macromedia.Flash Player.plugin 8.0.27 (1.0.2f27) /Library/Internet Plug-Ins/Flash Player.plugin/Contents/MacOS/Flash Player 0x8fe00000 - 0x8fe4cfff dyld 45.3 /usr/lib/dyld 0x90000000 - 0x9016efff libSystem.B.dylib /usr/lib/libSystem.B.dylib 0x901be000 - 0x901c0fff libmathCommon.A.dylib /usr/lib/system/libmathCommon.A.dylib 0x901c2000 - 0x901fefff com.apple.CoreText 1.1.1 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x90225000 - 0x902fafff ATS /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x9031a000 - 0x9076afff com.apple.CoreGraphics 1.258.33 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x90801000 - 0x908c9fff com.apple.CoreFoundation 6.4.6 (368.27) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x90907000 - 0x90907fff com.apple.CoreServices 10.4 (???) /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x90909000 - 0x909fcfff libicucore.A.dylib /usr/lib/libicucore.A.dylib 0x90a4c000 - 0x90acbfff libobjc.A.dylib /usr/lib/libobjc.A.dylib 0x90af4000 - 0x90b57fff libstdc++.6.dylib /usr/lib/libstdc++.6.dylib 0x90bc6000 - 0x90bcdfff libgcc_s.1.dylib /usr/lib/libgcc_s.1.dylib 0x90bd2000 - 0x90c42fff com.apple.framework.IOKit 1.4.4 (???) /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x90c57000 - 0x90c69fff libauto.dylib /usr/lib/libauto.dylib 0x90c6f000 - 0x90f14fff com.apple.CoreServices.CarbonCore 682.12 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x90f57000 - 0x90fbffff com.apple.CoreServices.OSServices 4.1 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x90ff7000 - 0x91035fff com.apple.CFNetwork 129.16 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x91047000 - 0x91057fff com.apple.WebServices 1.1.3 (1.1.0) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/WebServicesCore 0x91062000 - 0x910e0fff com.apple.SearchKit 1.0.5 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x91115000 - 0x91133fff com.apple.Metadata 10.4.4 (121.36) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x9113f000 - 0x9114dfff libz.1.dylib /usr/lib/libz.1.dylib 0x91150000 - 0x91306fff com.apple.security 4.4.1 (27569) /System/Library/Frameworks/Security.framework/Versions/A/Security 0x913f5000 - 0x913fdfff com.apple.DiskArbitration 2.1 /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x91404000 - 0x9142afff com.apple.SystemConfiguration 1.8.6 /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x9143c000 - 0x91443fff libbsm.dylib /usr/lib/libbsm.dylib 0x91447000 - 0x914c0fff com.apple.audio.CoreAudio 3.0.4 /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x9150e000 - 0x9150efff com.apple.ApplicationServices 10.4 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x91510000 - 0x9153bfff com.apple.AE 314 (313) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x9154e000 - 0x91622fff com.apple.ColorSync 4.4.6 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x9165b000 - 0x916d8fff com.apple.print.framework.PrintCore 4.6 (177.13) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x91705000 - 0x917affff com.apple.QD 3.10.20 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x917d5000 - 0x91820fff com.apple.HIServices 1.5.2 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x9183f000 - 0x91855fff com.apple.LangAnalysis 1.6.3 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x91861000 - 0x9187bfff com.apple.FindByContent 1.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/FindByContent 0x91885000 - 0x918c2fff com.apple.LaunchServices 181 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x918d6000 - 0x918e1fff com.apple.speech.synthesis.framework 3.4 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x918e8000 - 0x91920fff com.apple.ImageIO.framework 1.4.8 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x91932000 - 0x919e4fff libcrypto.0.9.7.dylib /usr/lib/libcrypto.0.9.7.dylib 0x91a2a000 - 0x91a40fff libcups.2.dylib /usr/lib/libcups.2.dylib 0x91a45000 - 0x91a61fff libJPEG.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x91a66000 - 0x91ac4fff libJP2.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib 0x91ad4000 - 0x91ad8fff libGIF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x91ada000 - 0x91b35fff libRaw.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib 0x91b39000 - 0x91b76fff libTIFF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x91b7c000 - 0x91b96fff libPng.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x91b9b000 - 0x91b9dfff libRadiance.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x91b9f000 - 0x91b9ffff com.apple.Accelerate 1.2.2 (Accelerate 1.2.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x91ba1000 - 0x91c2bfff com.apple.vImage 2.4 /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x91c32000 - 0x91c32fff com.apple.Accelerate.vecLib 3.2.2 (vecLib 3.2.2) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x91c34000 - 0x91c79fff libvMisc.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x91c81000 - 0x91ca6fff libvDSP.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x91cad000 - 0x92230fff libBLAS.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x9226d000 - 0x9261ffff libLAPACK.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x9264c000 - 0x926d0fff com.apple.DesktopServices 1.3.4 /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x9270c000 - 0x9293efff com.apple.Foundation 6.4.6 (567.27) /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x92a4a000 - 0x92b28fff libxml2.2.dylib /usr/lib/libxml2.2.dylib 0x92b45000 - 0x92c32fff libiconv.2.dylib /usr/lib/libiconv.2.dylib 0x92c42000 - 0x92c59fff libGL.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x92c64000 - 0x92cbbfff libGLU.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x92ccf000 - 0x92ccffff com.apple.Carbon 10.4 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x92cd1000 - 0x92ce1fff com.apple.ImageCapture 3.0.4 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x92cef000 - 0x92cf7fff com.apple.speech.recognition.framework 3.5 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x92cfd000 - 0x92d02fff com.apple.securityhi 2.0.1 (24742) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x92d08000 - 0x92d99fff com.apple.ink.framework 101.2.1 (71) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x92dad000 - 0x92db0fff com.apple.help 1.0.3 (32.1) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x92db3000 - 0x92dd0fff com.apple.openscripting 1.2.5 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x92de0000 - 0x92de6fff com.apple.print.framework.Print 5.2 (192.4) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x92dec000 - 0x92e4ffff com.apple.htmlrendering 66.1 (1.1.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x92e73000 - 0x92eb4fff com.apple.NavigationServices 3.4.4 (3.4.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x92edb000 - 0x92ee8fff com.apple.audio.SoundManager 3.9.1 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x92eef000 - 0x92ef4fff com.apple.CommonPanels 1.2.3 (73) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x92ef9000 - 0x931ebfff com.apple.HIToolbox 1.4.8 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x932f0000 - 0x932fbfff com.apple.opengl 1.4.10 /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x93300000 - 0x9331bfff com.apple.DirectoryService.Framework 3.1 /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x9338a000 - 0x9338afff com.apple.Cocoa 6.4 (???) /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x9338c000 - 0x93a45fff com.apple.AppKit 6.4.7 (824.41) /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x93dc6000 - 0x93e40fff com.apple.CoreData 90 /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x93e79000 - 0x93f3afff com.apple.audio.toolbox.AudioToolbox 1.4.3 /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x93f7a000 - 0x93f7afff com.apple.audio.units.AudioUnit 1.4.2 /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x93f7c000 - 0x9412afff com.apple.QuartzCore 1.4.8 /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x94178000 - 0x941b9fff libsqlite3.0.dylib /usr/lib/libsqlite3.0.dylib 0x941c1000 - 0x941fbfff libGLImage.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x94289000 - 0x942c7fff com.apple.vmutils 4.0.2 (93.1) /System/Library/PrivateFrameworks/vmutils.framework/Versions/A/vmutils 0x9430b000 - 0x9431bfff com.apple.securityfoundation 2.2.1 (28150) /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x94328000 - 0x94365fff com.apple.securityinterface 2.2.1 (27695) /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x94381000 - 0x94390fff libCGATS.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x94397000 - 0x943a2fff libCSync.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x943ee000 - 0x94408fff libRIP.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x9440e000 - 0x946c7fff com.apple.QuickTime 7.1.3 /System/Library/Frameworks/QuickTime.framework/QuickTime 0x94828000 - 0x94971fff com.apple.AddressBook.framework 4.0.4 (485.1) /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x949fd000 - 0x94a0cfff com.apple.DSObjCWrappers.Framework 1.1 /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x94a13000 - 0x94a3cfff com.apple.LDAPFramework 1.4.1 (69.0.1) /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x94a42000 - 0x94a51fff libsasl2.2.dylib /usr/lib/libsasl2.2.dylib 0x94a55000 - 0x94a79fff libssl.0.9.7.dylib /usr/lib/libssl.0.9.7.dylib 0x94a85000 - 0x94aa2fff libresolv.9.dylib /usr/lib/libresolv.9.dylib 0x95830000 - 0x95853fff libxslt.1.dylib /usr/lib/libxslt.1.dylib 0x960f5000 - 0x9610bfff libJapaneseConverter.dylib /System/Library/CoreServices/Encodings/libJapaneseConverter.dylib 0x96b07000 - 0x96b07fff com.apple.vecLib 3.2.2 (vecLib 3.2.2) /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x9714f000 - 0x97154fff com.apple.agl 2.5.9 (AGL-2.5.9) /System/Library/Frameworks/AGL.framework/Versions/A/AGL 0x98bd9000 - 0x996c3fff com.apple.QuickTimeComponents.component 7.1.3 /System/Library/QuickTime/QuickTimeComponents.component/Contents/MacOS/QuickTimeComponents 0x998d2000 - 0x998d4fff com.apple.QuickTimeH264.component 7.1.3 /System/Library/QuickTime/QuickTimeH264.component/Contents/MacOS/QuickTimeH264 0x998d6000 - 0x99a7efff QuickTimeH264.scalar /System/Library/QuickTime/QuickTimeH264.component/Contents/Resources/QuickTimeH264.scalar 0x99aee000 - 0x99babfff com.apple.QuickTimeMPEG4.component 7.1.3 /System/Library/QuickTime/QuickTimeMPEG4.component/Contents/MacOS/QuickTimeMPEG4 0x9a57b000 - 0x9a5b2fff com.apple.Syndication 1.0.6 (54) /System/Library/PrivateFrameworks/Syndication.framework/Versions/A/Syndication 0x9a5ce000 - 0x9a5e0fff com.apple.SyndicationUI 1.0.6 (54) /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI 0xc0000000 - 0xc000efff com.unsanity.ape 2.0 /Library/Frameworks/ApplicationEnhancer.framework/Versions/A/ApplicationEnhancer
Attachments
test case (will crash!) (847 bytes, text/html)
2006-09-16 12:40 PDT, Alexey Proskuryakov 		no flags
Details
just fix the crash (4.52 KB, patch)
2006-09-17 02:12 PDT, Alexey Proskuryakov 		beidson: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2006-09-14 03:04:42 PDT
The stack trace is from an assertion failure (which would cause a crash in debug build): DeprecatedString::~DeprecatedString() { ASSERT(dataHandle);
mitz
Comment 2 2006-09-16 03:37:47 PDT
I can reproduce an identical - or very similar - crash by going to the URL and while the video is still playing, clicking a link or just going to about:blank. No assert in my case (maybe due to different contents of freed memory): 0 <<00000000>> 0xfffeff18 objc_msgSend_rtp + 24 1 com.apple.WebCore 0x01bb8754 WebCore::ResourceLoader::~ResourceLoader [in-charge]() + 276 (ResourceLoaderMac.mm:55) 2 com.apple.WebCore 0x01bb7d28 WebCore::ResourceLoader::kill() + 44 (ResourceLoader.cpp:88) 3 com.apple.WebCore 0x01b2c874 WebCore::XMLHttpRequest::abort() + 84 (xmlhttprequest.cpp:359) 4 com.apple.WebCore 0x01b2d0f4 WebCore::XMLHttpRequest::cancelRequests(WebCore::Document*) + 216 (xmlhttprequest.cpp:578) 5 com.apple.WebCore 0x01a010cc WebCore::Frame::stopLoading(bool) + 1256 (Frame.cpp:349) 6 com.apple.WebCore 0x01a01194 WebCore::Frame::closeURL() + 68 (Frame.cpp:3188)
Alexey Proskuryakov
Comment 3 2006-09-16 11:32:33 PDT
The problem here is that XMLHttpRequest::send() assumes that ResourceLoader::start() never fails. Google makes an XMLHttpRequest from an onunload handler (apparently, to collect usage statistics), and in this case start() fails. It's pretty easy to fix this crash by checking for the return value of start(), but it doesn't seem right for requests made from onunload to fail.
Alexey Proskuryakov
Comment 4 2006-09-16 12:40:20 PDT
Created attachment 10592 [details] test case (will crash!)
Alexey Proskuryakov
Comment 5 2006-09-17 02:12:32 PDT
Created attachment 10599 [details] just fix the crash I'll file a new bug for XHR not working in onunload.
Brady Eidson
Comment 6 2006-09-17 12:58:17 PDT
Comment on attachment 10599 [details] just fix the crash As the writer of the IconLoader.cpp code, my bad - didn't know resourceloaders delete themselves. r+
Alexey Proskuryakov
Comment 7 2006-09-17 13:12:15 PDT
Committed revision 16408. Filed bug 10904 for requests not being sent.
David Kilzer (:ddkilzer)
Comment 8 2006-09-17 22:17:42 PDT
Comment on attachment 10599 [details] just fix the crash >+ * loader/icon/IconLoader.cpp: >+ (IconLoader::startLoading): Fix a similar latent bug here. Nice! I just saw that bug logging out of Hotmail with Private Browsing on (using a local build WITHOUT this fix yet). Console output: ================= ERROR: Failed to start load for icon at url http://loginnet.passport.com/favicon.ico?_lang=EN&lc=1033&id=2&ru=http%3a%2f%2fsignout%2emsn%2ecom&dontall= (/Users/ddkilzer/Projects/Cocoa/WebKit/WebCore/loader/icon/IconLoader.cpp:69 void WebCore::IconLoader::startLoading()) ================= Segmentation fault Stack trace: Date/Time: 2006-09-18 00:02:05.300 -0500 OS Version: 10.4.7 (Build 8J135) Report Version: 4 Command: Safari Path: /Applications/Safari.app/Contents/MacOS/Safari Parent: bash [303] Version: 2.0.4 (419.3) Build Version: 1 Project Name: WebBrowser Source Version: 4190300 PID: 6905 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0x75726365 Thread 0 Crashed: 0 com.apple.WebCore 0x01b3c990 WebCore::DeprecatedString::~DeprecatedString [in-charge]() + 104 (DeprecatedString.cpp:593) 1 com.apple.WebCore 0x01bb8a3c WebCore::ResourceLoaderInternal::~ResourceLoaderInternal [in-charge]() + 72 (ResourceLoaderMac.mm:48) 2 com.apple.WebCore 0x01bb8bf4 WebCore::ResourceLoader::~ResourceLoader [in-charge]() + 356 (ResourceLoaderMac.mm:56) 3 com.apple.WebCore 0x01d0fc68 WebCore::IconLoader::startLoading() + 480 (IconLoader.cpp:70) 4 com.apple.WebCore 0x01a0179c WebCore::Frame::endIfNotLoading() + 808 (Frame.cpp:787) 5 com.apple.WebCore 0x01a017fc WebCore::Frame::end() + 52 (Frame.cpp:732) 6 com.apple.WebCore 0x01a3d960 -[WebCoreFrameBridge end] + 72 (WebCoreFrameBridge.mm:729) 7 com.apple.WebKit 0x00340318 -[WebDataSource(WebInternal) _finishedLoading] + 220 (WebDataSource.m:370) 8 com.apple.WebKit 0x003d86cc -[WebFrameLoader _finishedLoading] + 128 (WebFrameLoader.m:474) 9 com.apple.WebKit 0x003ded7c -[WebMainResourceLoader didFinishLoading] + 404 (WebMainResourceLoader.m:365) 10 com.apple.WebKit 0x003dcad8 -[WebLoader connectionDidFinishLoading:] + 184 (WebLoader.m:484) 11 com.apple.Foundation 0x9297684c -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 188 12 com.apple.Foundation 0x92974ab8 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 556 13 com.apple.Foundation 0x92974810 _sendCallbacks + 156 14 com.apple.CoreFoundation 0x907dc4cc __CFRunLoopDoSources0 + 384 15 com.apple.CoreFoundation 0x907db9fc __CFRunLoopRun + 452 16 com.apple.CoreFoundation 0x907db47c CFRunLoopRunSpecific + 268 17 com.apple.HIToolbox 0x931eb740 RunCurrentEventLoopInMode + 264 18 com.apple.HIToolbox 0x931eadd4 ReceiveNextEventCommon + 380 19 com.apple.HIToolbox 0x931eac40 BlockUntilNextEventMatchingListInMode + 96 20 com.apple.AppKit 0x936eeae4 _DPSNextEvent + 384 21 com.apple.AppKit 0x936ee7a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 22 com.apple.Safari 0x00006740 0x1000 + 22336 23 com.apple.AppKit 0x936eacec -[NSApplication run] + 472 24 com.apple.AppKit 0x937db87c NSApplicationMain + 452 25 com.apple.Safari 0x0005c77c 0x1000 + 374652 26 com.apple.Safari 0x0005c624 0x1000 + 374308
Alexey Proskuryakov
Comment 9 2006-09-18 11:59:04 PDT
*** Bug 10597 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.