10852 – REGRESSION: Reproducible crash in XMLHttpRequest::abort()

Bug 10852 - REGRESSION: Reproducible crash in XMLHttpRequest::abort()

Summary: REGRESSION: Reproducible crash in XMLHttpRequest::abort()

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	XML (show other bugs)
Version:	420+
Hardware:	Mac OS X 10.4

Importance:	P1 Normal
Assignee:	Alexey Proskuryakov

URL:	http://video.google.com/videoplay?doc...
Keywords:	Regression

Duplicates (1):	10597 (view as bug list)
Depends on:
Blocks:

Reported:	2006-09-14 01:44 PDT by Eric Seidel (no email)
Modified:	2006-09-18 11:59 PDT (History)
CC List:	5 users (show)

See Also:

Attachments
test case (will crash!) (847 bytes, text/html) 2006-09-16 12:40 PDT, Alexey Proskuryakov	no flags	Details
just fix the crash (4.52 KB, patch) 2006-09-17 02:12 PDT, Alexey Proskuryakov	beidson: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Eric Seidel (no email) 2006-09-14 01:44:53 PDT

Date/Time:      2006-09-14 00:20:48.521 -0700
OS Version:     10.4.7 (Build 8J2135)
Report Version: 4

Command: Safari
Path:    /Applications/Safari.app/Contents/MacOS/Safari
Parent:  zsh [5181]

Version:        2.0.4 (419.3)
Build Version:  2
Project Name:   WebBrowser
Source Version: 4190300

PID:    9526
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0xbbadbeef

Thread 0 Crashed:
0   com.apple.WebCore              	0x01a63378 WebCore::DeprecatedString::~DeprecatedString [in-charge]() + 68 (DeprecatedString.cpp:592)
1   com.apple.WebCore              	0x01ac425e WebCore::ResourceLoaderInternal::~ResourceLoaderInternal [in-charge]() + 50 (ResourceLoaderMac.mm:48)
2   com.apple.WebCore              	0x01ac439f WebCore::ResourceLoader::~ResourceLoader [in-charge]() + 263 (ResourceLoaderMac.mm:56)
3   com.apple.WebCore              	0x01ac3caf WebCore::ResourceLoader::kill() + 23 (ResourceLoader.cpp:88)
4   com.apple.WebCore              	0x01a581cc WebCore::XMLHttpRequest::abort() + 46 (xmlhttprequest.cpp:359)
5   com.apple.WebCore              	0x01a58969 WebCore::XMLHttpRequest::cancelRequests(WebCore::Document*) + 189 (xmlhttprequest.cpp:578)
6   com.apple.WebCore              	0x01975f16 WebCore::Frame::stopLoading(bool) + 814 (Frame.cpp:320)
7   com.apple.WebCore              	0x01975fb3 WebCore::Frame::closeURL() + 45 (Frame.cpp:3114)
8   com.apple.WebCore              	0x019a4494 -[WebCoreFrameBridge closeURL] + 30 (WebCoreFrameBridge.mm:589)
9   com.apple.WebKit               	0x0032e5b9 -[WebFrameBridge closeURL] + 81 (WebFrameBridge.m:1701)
10  com.apple.WebKit               	0x0033884a -[WebFrame(WebPrivate) _transitionToCommitted:] + 720 (WebFrame.m:575)
11  com.apple.WebKit               	0x003392c7 -[WebFrame(WebPrivate) _commitProvisionalLoad:] + 319 (WebFrame.m:742)
12  com.apple.WebKit               	0x0033022d -[WebDataSource(WebFileInternal) _commitIfReady] + 103 (WebDataSource.m:292)
13  com.apple.WebKit               	0x0033026d -[WebDataSource(WebFileInternal) _commitLoadWithData:] + 58 (WebDataSource.m:300)
14  com.apple.WebKit               	0x003310bc -[WebDataSource(WebInternal) _receivedData:] + 131 (WebDataSource.m:482)
15  com.apple.WebKit               	0x0039c7e7 -[WebFrameLoader _receivedData:] + 64 (WebFrameLoader.m:457)
16  com.apple.WebKit               	0x003a06d5 -[WebMainResourceLoader addData:allAtOnce:] + 110 (WebMainResourceLoader.m:152)
17  com.apple.WebKit               	0x0039f4c0 -[WebLoader didReceiveData:lengthReceived:allAtOnce:] + 93 (WebLoader.m:366)
18  com.apple.WebKit               	0x003a1404 -[WebMainResourceLoader didReceiveData:lengthReceived:allAtOnce:] + 428 (WebMainResourceLoader.m:351)
19  com.apple.WebKit               	0x0039fb4f -[WebLoader connection:didReceiveData:lengthReceived:] + 160 (WebLoader.m:466)
20  com.apple.Foundation           	0x9278f7f2 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 641
21  com.apple.Foundation           	0x9278dad7 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 686
22  com.apple.Foundation           	0x9278d7b3 _sendCallbacks + 201
23  com.apple.CoreFoundation       	0x90823379 CFRunLoopRunSpecific + 1213
24  com.apple.CoreFoundation       	0x90822eb5 CFRunLoopRunInMode + 61
25  com.apple.HIToolbox            	0x92f02b90 RunCurrentEventLoopInMode + 285
26  com.apple.HIToolbox            	0x92f02297 ReceiveNextEventCommon + 385
27  com.apple.HIToolbox            	0x92f020ee BlockUntilNextEventMatchingListInMode + 81
28  com.apple.AppKit               	0x933a3771 _DPSNextEvent + 576
29  com.apple.AppKit               	0x933a335e -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 137
30  com.apple.Safari               	0x00006f96 0x1000 + 24470
31  com.apple.AppKit               	0x9339d0e3 -[NSApplication run] + 512
32  com.apple.AppKit               	0x93391037 NSApplicationMain + 573
33  com.apple.Safari               	0x0005f7de 0x1000 + 387038
34  com.apple.Safari               	0x0005f6f9 0x1000 + 386809

Thread 1:
0   libSystem.B.dylib              	0x9000a5c7 mach_msg_trap + 7
1   com.unsanity.ape               	0xc0001db2 __ape_agent + 307
2   libSystem.B.dylib              	0x90024b07 _pthread_body + 84

Thread 2:
0   libSystem.B.dylib              	0x9001aafc select + 12
1   libSystem.B.dylib              	0x90024b07 _pthread_body + 84

Thread 3:
0   libSystem.B.dylib              	0x900251a7 semaphore_wait_signal_trap + 7
1   com.apple.Foundation           	0x9277f008 -[NSConditionLock lockWhenCondition:] + 39
2   com.apple.Syndication          	0x9a57e052 -[AsyncDB _run:] + 181
3   com.apple.Foundation           	0x927291b0 forkThreadForFunction + 123
4   libSystem.B.dylib              	0x90024b07 _pthread_body + 84

Thread 4:
0   libSystem.B.dylib              	0x9000a5c7 mach_msg_trap + 7
1   com.apple.CoreFoundation       	0x9082369a CFRunLoopRunSpecific + 2014
2   com.apple.CoreFoundation       	0x90822eb5 CFRunLoopRunInMode + 61
3   com.apple.Foundation           	0x9275e861 +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 259
4   com.apple.Foundation           	0x927291b0 forkThreadForFunction + 123
5   libSystem.B.dylib              	0x90024b07 _pthread_body + 84

Thread 5:
0   libSystem.B.dylib              	0x9000a5c7 mach_msg_trap + 7
1   com.apple.CoreFoundation       	0x9082369a CFRunLoopRunSpecific + 2014
2   com.apple.CoreFoundation       	0x90822eb5 CFRunLoopRunInMode + 61
3   com.apple.Foundation           	0x9278595a +[NSURLCache _diskCacheSyncLoop:] + 206
4   com.apple.Foundation           	0x927291b0 forkThreadForFunction + 123
5   libSystem.B.dylib              	0x90024b07 _pthread_body + 84

Thread 6:
0   libSystem.B.dylib              	0x9002763c kevent + 12
1   ...ple.CoreServices.CarbonCore 	0x90ca9ae4 PrivateMPEntryPoint + 51
2   libSystem.B.dylib              	0x90024b07 _pthread_body + 84

Thread 7:
0   libSystem.B.dylib              	0x900251a7 semaphore_wait_signal_trap + 7
1   ...ple.CoreServices.CarbonCore 	0x90ca9c8a MPWaitOnQueue + 198
2   com.apple.DesktopServices      	0x9264ef3f TNodeSyncTask::SyncTaskProc(void*) + 143
3   ...ple.CoreServices.CarbonCore 	0x90ca9ae4 PrivateMPEntryPoint + 51
4   libSystem.B.dylib              	0x90024b07 _pthread_body + 84

Thread 8:
0   libSystem.B.dylib              	0x900251a7 semaphore_wait_signal_trap + 7
1   com.apple.Foundation           	0x9277f008 -[NSConditionLock lockWhenCondition:] + 39
2   com.apple.AppKit               	0x9347a374 -[NSUIHeartBeat _heartBeatThread:] + 377
3   com.apple.Foundation           	0x927291b0 forkThreadForFunction + 123
4   libSystem.B.dylib              	0x90024b07 _pthread_body + 84

Thread 0 crashed with i386 Thread State:
eax: 0xbbadbeef    ebx: 0x01a63340 ecx:0xa0001e60 edx: 0x00000000
edi: 0x30cd65d0    esi: 0x31c83560 ebp:0xbfffe478 esp: 0xbfffe440
 ss: 0x0000002f    efl: 0x00010282 eip:0x01a63378  cs: 0x00000027
 ds: 0x0000002f     es: 0x0000002f  fs:0x00000000  gs: 0x00000037

Binary Images Description:
    0x1000 -    0xdefff com.apple.Safari 2.0.4 (419.3)	/Applications/Safari.app/Contents/MacOS/Safari
  0x305000 -   0x3cffff com.apple.WebKit 420+	/Users/eseidel/Projects/build/Debug/WebKit.framework/Versions/A/WebKit
 0x1008000 -  0x10b1fff com.apple.JavaScriptCore 420+	/Users/eseidel/Projects/build/Debug/JavaScriptCore.framework/Versions/A/JavaScriptCore
 0x1887000 -  0x1d7ffff com.apple.WebCore 420+	/Users/eseidel/Projects/build/Debug/WebCore.framework/Versions/A/WebCore
0x2b237000 - 0x2b250fff com.apple.AppleIntermediateCodec 1.1 (141)	/Library/QuickTime/AppleIntermediateCodec.component/Contents/MacOS/AppleIntermediateCodec
0x2b255000 - 0x2b26efff com.apple.applepixletvideo 1.2.9 (1.2d9)	/System/Library/QuickTime/ApplePixletVideo.component/Contents/MacOS/ApplePixletVideo
0x2f5dc000 - 0x2f618fff com.apple.QuickTimeFireWireDV.component 7.1.3	/System/Library/QuickTime/QuickTimeFireWireDV.component/Contents/MacOS/QuickTimeFireWireDV
0x31d05000 - 0x31f34fff com.macromedia.Flash Player.plugin 8.0.27 (1.0.2f27)	/Library/Internet Plug-Ins/Flash Player.plugin/Contents/MacOS/Flash Player
0x8fe00000 - 0x8fe4cfff dyld 45.3	/usr/lib/dyld
0x90000000 - 0x9016efff libSystem.B.dylib 	/usr/lib/libSystem.B.dylib
0x901be000 - 0x901c0fff libmathCommon.A.dylib 	/usr/lib/system/libmathCommon.A.dylib
0x901c2000 - 0x901fefff com.apple.CoreText 1.1.1 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText
0x90225000 - 0x902fafff ATS 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS
0x9031a000 - 0x9076afff com.apple.CoreGraphics 1.258.33 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
0x90801000 - 0x908c9fff com.apple.CoreFoundation 6.4.6 (368.27)	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x90907000 - 0x90907fff com.apple.CoreServices 10.4 (???)	/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
0x90909000 - 0x909fcfff libicucore.A.dylib 	/usr/lib/libicucore.A.dylib
0x90a4c000 - 0x90acbfff libobjc.A.dylib 	/usr/lib/libobjc.A.dylib
0x90af4000 - 0x90b57fff libstdc++.6.dylib 	/usr/lib/libstdc++.6.dylib
0x90bc6000 - 0x90bcdfff libgcc_s.1.dylib 	/usr/lib/libgcc_s.1.dylib
0x90bd2000 - 0x90c42fff com.apple.framework.IOKit 1.4.4 (???)	/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x90c57000 - 0x90c69fff libauto.dylib 	/usr/lib/libauto.dylib
0x90c6f000 - 0x90f14fff com.apple.CoreServices.CarbonCore 682.12	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore
0x90f57000 - 0x90fbffff com.apple.CoreServices.OSServices 4.1	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices
0x90ff7000 - 0x91035fff com.apple.CFNetwork 129.16	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
0x91047000 - 0x91057fff com.apple.WebServices 1.1.3 (1.1.0)	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/WebServicesCore
0x91062000 - 0x910e0fff com.apple.SearchKit 1.0.5	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit
0x91115000 - 0x91133fff com.apple.Metadata 10.4.4 (121.36)	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata
0x9113f000 - 0x9114dfff libz.1.dylib 	/usr/lib/libz.1.dylib
0x91150000 - 0x91306fff com.apple.security 4.4.1 (27569)	/System/Library/Frameworks/Security.framework/Versions/A/Security
0x913f5000 - 0x913fdfff com.apple.DiskArbitration 2.1	/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
0x91404000 - 0x9142afff com.apple.SystemConfiguration 1.8.6	/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
0x9143c000 - 0x91443fff libbsm.dylib 	/usr/lib/libbsm.dylib
0x91447000 - 0x914c0fff com.apple.audio.CoreAudio 3.0.4	/System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
0x9150e000 - 0x9150efff com.apple.ApplicationServices 10.4 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
0x91510000 - 0x9153bfff com.apple.AE 314 (313)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE
0x9154e000 - 0x91622fff com.apple.ColorSync 4.4.6	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync
0x9165b000 - 0x916d8fff com.apple.print.framework.PrintCore 4.6 (177.13)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore
0x91705000 - 0x917affff com.apple.QD 3.10.20 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD
0x917d5000 - 0x91820fff com.apple.HIServices 1.5.2 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices
0x9183f000 - 0x91855fff com.apple.LangAnalysis 1.6.3	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis
0x91861000 - 0x9187bfff com.apple.FindByContent 1.5	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/FindByContent
0x91885000 - 0x918c2fff com.apple.LaunchServices 181	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices
0x918d6000 - 0x918e1fff com.apple.speech.synthesis.framework 3.4	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis
0x918e8000 - 0x91920fff com.apple.ImageIO.framework 1.4.8	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO
0x91932000 - 0x919e4fff libcrypto.0.9.7.dylib 	/usr/lib/libcrypto.0.9.7.dylib
0x91a2a000 - 0x91a40fff libcups.2.dylib 	/usr/lib/libcups.2.dylib
0x91a45000 - 0x91a61fff libJPEG.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib
0x91a66000 - 0x91ac4fff libJP2.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib
0x91ad4000 - 0x91ad8fff libGIF.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib
0x91ada000 - 0x91b35fff libRaw.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib
0x91b39000 - 0x91b76fff libTIFF.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib
0x91b7c000 - 0x91b96fff libPng.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
0x91b9b000 - 0x91b9dfff libRadiance.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib
0x91b9f000 - 0x91b9ffff com.apple.Accelerate 1.2.2 (Accelerate 1.2.2)	/System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
0x91ba1000 - 0x91c2bfff com.apple.vImage 2.4	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage
0x91c32000 - 0x91c32fff com.apple.Accelerate.vecLib 3.2.2 (vecLib 3.2.2)	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib
0x91c34000 - 0x91c79fff libvMisc.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib
0x91c81000 - 0x91ca6fff libvDSP.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib
0x91cad000 - 0x92230fff libBLAS.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
0x9226d000 - 0x9261ffff libLAPACK.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib
0x9264c000 - 0x926d0fff com.apple.DesktopServices 1.3.4	/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv
0x9270c000 - 0x9293efff com.apple.Foundation 6.4.6 (567.27)	/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x92a4a000 - 0x92b28fff libxml2.2.dylib 	/usr/lib/libxml2.2.dylib
0x92b45000 - 0x92c32fff libiconv.2.dylib 	/usr/lib/libiconv.2.dylib
0x92c42000 - 0x92c59fff libGL.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
0x92c64000 - 0x92cbbfff libGLU.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
0x92ccf000 - 0x92ccffff com.apple.Carbon 10.4 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
0x92cd1000 - 0x92ce1fff com.apple.ImageCapture 3.0.4	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture
0x92cef000 - 0x92cf7fff com.apple.speech.recognition.framework 3.5	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition
0x92cfd000 - 0x92d02fff com.apple.securityhi 2.0.1 (24742)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI
0x92d08000 - 0x92d99fff com.apple.ink.framework 101.2.1 (71)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink
0x92dad000 - 0x92db0fff com.apple.help 1.0.3 (32.1)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help
0x92db3000 - 0x92dd0fff com.apple.openscripting 1.2.5 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting
0x92de0000 - 0x92de6fff com.apple.print.framework.Print 5.2 (192.4)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print
0x92dec000 - 0x92e4ffff com.apple.htmlrendering 66.1 (1.1.3)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering
0x92e73000 - 0x92eb4fff com.apple.NavigationServices 3.4.4 (3.4.3)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices
0x92edb000 - 0x92ee8fff com.apple.audio.SoundManager 3.9.1	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound
0x92eef000 - 0x92ef4fff com.apple.CommonPanels 1.2.3 (73)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels
0x92ef9000 - 0x931ebfff com.apple.HIToolbox 1.4.8 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox
0x932f0000 - 0x932fbfff com.apple.opengl 1.4.10	/System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
0x93300000 - 0x9331bfff com.apple.DirectoryService.Framework 3.1	/System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService
0x9338a000 - 0x9338afff com.apple.Cocoa 6.4 (???)	/System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa
0x9338c000 - 0x93a45fff com.apple.AppKit 6.4.7 (824.41)	/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
0x93dc6000 - 0x93e40fff com.apple.CoreData 90	/System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
0x93e79000 - 0x93f3afff com.apple.audio.toolbox.AudioToolbox 1.4.3	/System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
0x93f7a000 - 0x93f7afff com.apple.audio.units.AudioUnit 1.4.2	/System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
0x93f7c000 - 0x9412afff com.apple.QuartzCore 1.4.8	/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
0x94178000 - 0x941b9fff libsqlite3.0.dylib 	/usr/lib/libsqlite3.0.dylib
0x941c1000 - 0x941fbfff libGLImage.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib
0x94289000 - 0x942c7fff com.apple.vmutils 4.0.2 (93.1)	/System/Library/PrivateFrameworks/vmutils.framework/Versions/A/vmutils
0x9430b000 - 0x9431bfff com.apple.securityfoundation 2.2.1 (28150)	/System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation
0x94328000 - 0x94365fff com.apple.securityinterface 2.2.1 (27695)	/System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface
0x94381000 - 0x94390fff libCGATS.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib
0x94397000 - 0x943a2fff libCSync.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib
0x943ee000 - 0x94408fff libRIP.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib
0x9440e000 - 0x946c7fff com.apple.QuickTime 7.1.3	/System/Library/Frameworks/QuickTime.framework/QuickTime
0x94828000 - 0x94971fff com.apple.AddressBook.framework 4.0.4 (485.1)	/System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook
0x949fd000 - 0x94a0cfff com.apple.DSObjCWrappers.Framework 1.1	/System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers
0x94a13000 - 0x94a3cfff com.apple.LDAPFramework 1.4.1 (69.0.1)	/System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
0x94a42000 - 0x94a51fff libsasl2.2.dylib 	/usr/lib/libsasl2.2.dylib
0x94a55000 - 0x94a79fff libssl.0.9.7.dylib 	/usr/lib/libssl.0.9.7.dylib
0x94a85000 - 0x94aa2fff libresolv.9.dylib 	/usr/lib/libresolv.9.dylib
0x95830000 - 0x95853fff libxslt.1.dylib 	/usr/lib/libxslt.1.dylib
0x960f5000 - 0x9610bfff libJapaneseConverter.dylib 	/System/Library/CoreServices/Encodings/libJapaneseConverter.dylib
0x96b07000 - 0x96b07fff com.apple.vecLib 3.2.2 (vecLib 3.2.2)	/System/Library/Frameworks/vecLib.framework/Versions/A/vecLib
0x9714f000 - 0x97154fff com.apple.agl 2.5.9 (AGL-2.5.9)	/System/Library/Frameworks/AGL.framework/Versions/A/AGL
0x98bd9000 - 0x996c3fff com.apple.QuickTimeComponents.component 7.1.3	/System/Library/QuickTime/QuickTimeComponents.component/Contents/MacOS/QuickTimeComponents
0x998d2000 - 0x998d4fff com.apple.QuickTimeH264.component 7.1.3	/System/Library/QuickTime/QuickTimeH264.component/Contents/MacOS/QuickTimeH264
0x998d6000 - 0x99a7efff QuickTimeH264.scalar 	/System/Library/QuickTime/QuickTimeH264.component/Contents/Resources/QuickTimeH264.scalar
0x99aee000 - 0x99babfff com.apple.QuickTimeMPEG4.component 7.1.3	/System/Library/QuickTime/QuickTimeMPEG4.component/Contents/MacOS/QuickTimeMPEG4
0x9a57b000 - 0x9a5b2fff com.apple.Syndication 1.0.6 (54)	/System/Library/PrivateFrameworks/Syndication.framework/Versions/A/Syndication
0x9a5ce000 - 0x9a5e0fff com.apple.SyndicationUI 1.0.6 (54)	/System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI
0xc0000000 - 0xc000efff com.unsanity.ape 2.0	/Library/Frameworks/ApplicationEnhancer.framework/Versions/A/ApplicationEnhancer

Comment 1 Alexey Proskuryakov 2006-09-14 03:04:42 PDT

The stack trace is from an assertion failure (which would cause a crash in debug build):

DeprecatedString::~DeprecatedString()
{
    ASSERT(dataHandle);

Comment 2 mitz 2006-09-16 03:37:47 PDT

I can reproduce an identical - or very similar - crash by going to the URL and while the video is still playing, clicking a link or just going to about:blank. No assert in my case (maybe due to different contents of freed memory):

0   <<00000000>> 	0xfffeff18 objc_msgSend_rtp + 24
1   com.apple.WebCore         	0x01bb8754 WebCore::ResourceLoader::~ResourceLoader [in-charge]() + 276 (ResourceLoaderMac.mm:55)
2   com.apple.WebCore         	0x01bb7d28 WebCore::ResourceLoader::kill() + 44 (ResourceLoader.cpp:88)
3   com.apple.WebCore         	0x01b2c874 WebCore::XMLHttpRequest::abort() + 84 (xmlhttprequest.cpp:359)
4   com.apple.WebCore         	0x01b2d0f4 WebCore::XMLHttpRequest::cancelRequests(WebCore::Document*) + 216 (xmlhttprequest.cpp:578)
5   com.apple.WebCore         	0x01a010cc WebCore::Frame::stopLoading(bool) + 1256 (Frame.cpp:349)
6   com.apple.WebCore         	0x01a01194 WebCore::Frame::closeURL() + 68 (Frame.cpp:3188)

Comment 3 Alexey Proskuryakov 2006-09-16 11:32:33 PDT

The problem here is that XMLHttpRequest::send() assumes that ResourceLoader::start() never fails. Google makes an XMLHttpRequest from an onunload handler (apparently, to collect usage statistics), and in this case start() fails.

It's pretty easy to fix this crash by checking for the return value of start(), but it doesn't seem right for requests made from onunload to fail.

Comment 4 Alexey Proskuryakov 2006-09-16 12:40:20 PDT

Created attachment 10592 [details]
test case (will crash!)

Comment 5 Alexey Proskuryakov 2006-09-17 02:12:32 PDT

Created attachment 10599 [details]
just fix the crash

I'll file a new bug for XHR not working in onunload.

Comment 6 Brady Eidson 2006-09-17 12:58:17 PDT

Comment on attachment 10599 [details]
just fix the crash

As the writer of the IconLoader.cpp code, my bad - didn't know resourceloaders delete themselves.

r+

Comment 7 Alexey Proskuryakov 2006-09-17 13:12:15 PDT

Committed revision 16408.

Filed bug 10904 for requests not being sent.

Comment 8 David Kilzer (:ddkilzer) 2006-09-17 22:17:42 PDT

Comment on attachment 10599 [details]
just fix the crash

>+        * loader/icon/IconLoader.cpp:
>+        (IconLoader::startLoading): Fix a similar latent bug here.

Nice!  I just saw that bug logging out of Hotmail with Private Browsing on (using a local build WITHOUT this fix yet).  Console output:

=================
ERROR: Failed to start load for icon at url http://loginnet.passport.com/favicon.ico?_lang=EN&lc=1033&id=2&ru=http%3a%2f%2fsignout%2emsn%2ecom&dontall=
(/Users/ddkilzer/Projects/Cocoa/WebKit/WebCore/loader/icon/IconLoader.cpp:69 void WebCore::IconLoader::startLoading())
=================
Segmentation fault

Stack trace:

Date/Time:      2006-09-18 00:02:05.300 -0500
OS Version:     10.4.7 (Build 8J135)
Report Version: 4

Command: Safari
Path:    /Applications/Safari.app/Contents/MacOS/Safari
Parent:  bash [303]

Version:        2.0.4 (419.3)
Build Version:  1
Project Name:   WebBrowser
Source Version: 4190300

PID:    6905
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0x75726365

Thread 0 Crashed:
0   com.apple.WebCore           0x01b3c990 WebCore::DeprecatedString::~DeprecatedString [in-charge]() + 104 (DeprecatedString.cpp:593)
1   com.apple.WebCore           0x01bb8a3c WebCore::ResourceLoaderInternal::~ResourceLoaderInternal [in-charge]() + 72 (ResourceLoaderMac.mm:48)
2   com.apple.WebCore           0x01bb8bf4 WebCore::ResourceLoader::~ResourceLoader [in-charge]() + 356 (ResourceLoaderMac.mm:56)
3   com.apple.WebCore           0x01d0fc68 WebCore::IconLoader::startLoading() + 480 (IconLoader.cpp:70)
4   com.apple.WebCore           0x01a0179c WebCore::Frame::endIfNotLoading() + 808 (Frame.cpp:787)
5   com.apple.WebCore           0x01a017fc WebCore::Frame::end() + 52 (Frame.cpp:732)
6   com.apple.WebCore           0x01a3d960 -[WebCoreFrameBridge end] + 72 (WebCoreFrameBridge.mm:729)
7   com.apple.WebKit            0x00340318 -[WebDataSource(WebInternal) _finishedLoading] + 220 (WebDataSource.m:370)
8   com.apple.WebKit            0x003d86cc -[WebFrameLoader _finishedLoading] + 128 (WebFrameLoader.m:474)
9   com.apple.WebKit            0x003ded7c -[WebMainResourceLoader didFinishLoading] + 404 (WebMainResourceLoader.m:365)
10  com.apple.WebKit            0x003dcad8 -[WebLoader connectionDidFinishLoading:] + 184 (WebLoader.m:484)
11  com.apple.Foundation        0x9297684c -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 188
12  com.apple.Foundation        0x92974ab8 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 556
13  com.apple.Foundation        0x92974810 _sendCallbacks + 156
14  com.apple.CoreFoundation    0x907dc4cc __CFRunLoopDoSources0 + 384
15  com.apple.CoreFoundation    0x907db9fc __CFRunLoopRun + 452
16  com.apple.CoreFoundation    0x907db47c CFRunLoopRunSpecific + 268
17  com.apple.HIToolbox         0x931eb740 RunCurrentEventLoopInMode + 264
18  com.apple.HIToolbox         0x931eadd4 ReceiveNextEventCommon + 380
19  com.apple.HIToolbox         0x931eac40 BlockUntilNextEventMatchingListInMode + 96
20  com.apple.AppKit            0x936eeae4 _DPSNextEvent + 384
21  com.apple.AppKit            0x936ee7a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
22  com.apple.Safari            0x00006740 0x1000 + 22336
23  com.apple.AppKit            0x936eacec -[NSApplication run] + 472
24  com.apple.AppKit            0x937db87c NSApplicationMain + 452
25  com.apple.Safari            0x0005c77c 0x1000 + 374652
26  com.apple.Safari            0x0005c624 0x1000 + 374308

Comment 9 Alexey Proskuryakov 2006-09-18 11:59:04 PDT

*** Bug 10597 has been marked as a duplicate of this bug. ***