RESOLVED FIXED 11202
REGRESSION: Crash using javascript and iframe (iExploder) 
https://bugs.webkit.org/show_bug.cgi?id=11202
Summary REGRESSION: Crash using javascript and iframe (iExploder)
jonathanjohnsson
Reported 2006-10-07 05:52:48 PDT
This crasher comes from iExploder test 701. Tested using r16871. The markup is: <script language="javascript">setTimeout('window.location="test"', 0);</script> <iframe>
Attachments
Test case (will crash when opened from disk) (88 bytes, text/html)
2006-10-07 05:54 PDT, jonathanjohnsson 		no flags
Details
Crash log (18.63 KB, text/plain)
2006-10-07 06:01 PDT, jonathanjohnsson 		no flags
Details
Original iExploder page (should crash) (110.25 KB, text/html)
2006-10-07 15:16 PDT, jonathanjohnsson 		no flags
Details
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
jonathanjohnsson
Comment 1 2006-10-07 05:54:09 PDT
Created attachment 10963 [details] Test case (will crash when opened from disk) You might need to restart WebKit and clear the cache for the bug to appear.
jonathanjohnsson
Comment 2 2006-10-07 06:01:11 PDT
Created attachment 10964 [details] Crash log
jonathanjohnsson
Comment 3 2006-10-07 06:10:51 PDT
It seems like the test case won't crash if you just click on it on this page. You'll need to download it and open it locally. I find this a bit strange, as the bug was found using iExploder, which uses a web server.
mitz
Comment 4 2006-10-07 06:17:10 PDT
Loading the test from disk, I don't get the crash, but afterwards I can't load any other pages. Safari just appears to be waiting for the server indefinitely.
jonathanjohnsson
Comment 5 2006-10-07 15:13:53 PDT
My reduction won't crash the newer nightly I downloaded, but the original iExploder page does. I'll attach the original page and make a better reduction later on.
jonathanjohnsson
Comment 6 2006-10-07 15:16:14 PDT
Created attachment 10969 [details] Original iExploder page (should crash)
jonathanjohnsson
Comment 7 2006-10-08 09:34:10 PDT
I will add another bug for the original iExploder crasher, The backtrace for that is different from my reduced test case, and mitzpettel sees the crasher for that one too. In this bug we'll just trace the test case reduction bug. It crashes for me in nightly r16878, reproducible almost every time. For mitzpettel it doesn't crash, but further surfing, without restarting WebKit, is not possible after visiting the test case.
jonathanjohnsson
Comment 8 2006-10-08 09:49:13 PDT
The test case for this bug is a reduction from the test case at bug 11221, but the two bugs don't show the exact same behaviour.
jonathanjohnsson
Comment 9 2006-10-17 10:32:16 PDT
I can't reproduce this bug in the next nightly available after r16871, r16878. So the bug seems to have been fixed somewhere in between.
Note You need to log in before you can comment on or make changes to this bug.