Bug 11859 - REGRESSION: Gmail>Compose with signature: reproducible crash with right click
Summary: REGRESSION: Gmail>Compose with signature: reproducible crash with right click
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Forms (show other bugs)
Version: 420+
Hardware: Mac OS X 10.4
: P1 Critical
Assignee: Nobody
URL: http://mail.google.com/mail/
Keywords: GoogleBug, InRadar, Regression
Depends on:
Blocks:
 
Reported: 2006-12-17 10:02 PST by Stephen Harbage
Modified: 2006-12-20 20:05 PST (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stephen Harbage 2006-12-17 10:02:45 PST
Go to www.gmail.com > settings, add a signature

Go to compose and right click/ctrl click above the signature, Safari crashes

Crash log:

**********

Host Name:      Stephen-Harbages-Computer
Date/Time:      2006-12-17 17:39:29.835 +0000
OS Version:     10.4.8 (Build 8L127)
Report Version: 4

Command: Safari
Path:    /Applications/Safari.app/Contents/MacOS/Safari
Parent:  WindowServer [219]

Version: ??? (18260)

PID:    2316
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000014

Thread 0 Crashed:
0   com.apple.WebCore        	0x011062b8 -[WebCoreFrameBridge fontForSelection:] + 56
1   com.apple.WebKit         	0x003382cc -[WebHTMLView(WebInternal) _updateFontPanel] + 156
2   com.apple.WebKit         	0x00333820 -[WebHTMLView becomeFirstResponder] + 304
3   com.apple.AppKit         	0x937b5e48 -[NSWindow makeFirstResponder:] + 200
4   com.apple.Safari         	0x000128e8 0x1000 + 71912
5   libobjc.A.dylib          	0x90a441f4 objc_msgSendv + 180
6   com.apple.Foundation     	0x9295cc88 -[NSInvocation invoke] + 944
7   com.apple.Foundation     	0x9295d238 -[NSInvocation invokeWithTarget:] + 64
8   com.apple.Foundation     	0x92955034 -[NSObject(NSForwardInvocation) forward::] + 408
9   libobjc.A.dylib          	0x90a440b0 _objc_msgForward + 176
10  com.apple.WebKit         	0x0031e6c8 -[WebFrameBridge makeFirstResponder:] + 88
11  com.apple.WebCore        	0x01224674 WebCore::Widget::setFocus() + 372
12  com.apple.WebCore        	0x010f96cc WebCore::Document::setFocusedNode(WTF::PassRefPtr<WebCore::Node>) + 1756
13  com.apple.WebCore        	0x0140b610 WebCore::EventHandler::dispatchMouseEvent(WebCore::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 880
14  com.apple.WebCore        	0x0140e040 WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 640
15  com.apple.WebCore        	0x01408d6c WebCore::EventHandler::mouseDown(NSEvent*) + 620
16  com.apple.WebKit         	0x00332e78 -[WebHTMLView mouseDown:] + 280
17  com.apple.WebCore        	0x01406f48 WebCore::EventHandler::passMouseDownEventToWidget(WebCore::Widget*) + 856
18  com.apple.WebCore        	0x01407364 WebCore::EventHandler::passSubframeEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*) + 452
19  com.apple.WebCore        	0x0140df14 WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 340
20  com.apple.WebCore        	0x01408d6c WebCore::EventHandler::mouseDown(NSEvent*) + 620
21  com.apple.WebKit         	0x00332e78 -[WebHTMLView mouseDown:] + 280
22  com.apple.WebCore        	0x01406f48 WebCore::EventHandler::passMouseDownEventToWidget(WebCore::Widget*) + 856
23  com.apple.WebCore        	0x01407364 WebCore::EventHandler::passSubframeEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*) + 452
24  com.apple.WebCore        	0x0140df14 WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 340
25  com.apple.WebCore        	0x01408d6c WebCore::EventHandler::mouseDown(NSEvent*) + 620
26  com.apple.WebKit         	0x00332e78 -[WebHTMLView mouseDown:] + 280
27  com.apple.WebCore        	0x01406f48 WebCore::EventHandler::passMouseDownEventToWidget(WebCore::Widget*) + 856
28  com.apple.WebCore        	0x01407364 WebCore::EventHandler::passSubframeEventToSubframe(WebCore::MouseEventWithHitTestResults&, WebCore::Frame*) + 452
29  com.apple.WebCore        	0x0140df14 WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 340
30  com.apple.WebCore        	0x01408d6c WebCore::EventHandler::mouseDown(NSEvent*) + 620
31  com.apple.WebKit         	0x00332e78 -[WebHTMLView mouseDown:] + 280
32  com.apple.AppKit         	0x93767890 -[NSWindow sendEvent:] + 4616
33  com.apple.Safari         	0x00021734 0x1000 + 132916
34  com.apple.AppKit         	0x937108d4 -[NSApplication sendEvent:] + 4172
35  com.apple.Safari         	0x00021238 0x1000 + 131640
36  com.apple.AppKit         	0x93707d10 -[NSApplication run] + 508
37  com.apple.AppKit         	0x937f887c NSApplicationMain + 452
38  com.apple.Safari         	0x0005c77c 0x1000 + 374652
39  com.apple.Safari         	0x0005c624 0x1000 + 374308

Thread 1:
0   libSystem.B.dylib        	0x9002bbc8 semaphore_wait_signal_trap + 8
1   libSystem.B.dylib        	0x900306ac pthread_cond_wait + 480
2   com.apple.Foundation     	0x92968300 -[NSConditionLock lockWhenCondition:] + 68
3   com.apple.AppKit         	0x937a8708 -[NSUIHeartBeat _heartBeatThread:] + 324
4   com.apple.Foundation     	0x92961194 forkThreadForFunction + 108
5   libSystem.B.dylib        	0x9002b508 _pthread_body + 96

Thread 2:
0   libSystem.B.dylib        	0x9000ab48 mach_msg_trap + 8
1   libSystem.B.dylib        	0x9000aa9c mach_msg + 60
2   com.apple.CoreFoundation 	0x907dcb78 __CFRunLoopRun + 832
3   com.apple.CoreFoundation 	0x907dc47c CFRunLoopRunSpecific + 268
4   com.apple.Foundation     	0x9298869c +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 264
5   com.apple.Foundation     	0x92961194 forkThreadForFunction + 108
6   libSystem.B.dylib        	0x9002b508 _pthread_body + 96

Thread 3:
0   libSystem.B.dylib        	0x9000ab48 mach_msg_trap + 8
1   libSystem.B.dylib        	0x9000aa9c mach_msg + 60
2   com.apple.CoreFoundation 	0x907dcb78 __CFRunLoopRun + 832
3   com.apple.CoreFoundation 	0x907dc47c CFRunLoopRunSpecific + 268
4   com.apple.Foundation     	0x929897dc +[NSURLCache _diskCacheSyncLoop:] + 152
5   com.apple.Foundation     	0x92961194 forkThreadForFunction + 108
6   libSystem.B.dylib        	0x9002b508 _pthread_body + 96

Thread 4:
0   libSystem.B.dylib        	0x9002bbc8 semaphore_wait_signal_trap + 8
1   libSystem.B.dylib        	0x900306ac pthread_cond_wait + 480
2   com.apple.Foundation     	0x92968300 -[NSConditionLock lockWhenCondition:] + 68
3   com.apple.Syndication    	0x9b23642c -[AsyncDB _run:] + 192
4   com.apple.Foundation     	0x92961194 forkThreadForFunction + 108
5   libSystem.B.dylib        	0x9002b508 _pthread_body + 96

Thread 5:
0   libSystem.B.dylib        	0x9001f08c select + 12
1   com.apple.CoreFoundation 	0x907ef40c __CFSocketManager + 472
2   libSystem.B.dylib        	0x9002b508 _pthread_body + 96

Thread 0 crashed with PPC Thread State 64:
  srr0: 0x00000000011062b8 srr1: 0x000000000200f030                        vrsave: 0x0000000000000000
    cr: 0x44002248          xer: 0x0000000000000004   lr: 0x00000000011062b8  ctr: 0x0000000000174ee0
    r0: 0x00000000011062b8   r1: 0x00000000bfffb710   r2: 0x0000000000200000   r3: 0x0000000000000000
    r4: 0x0000000006b51960   r5: 0x0000000000000004   r6: 0x0000000000000000   r7: 0x0000000000000001
    r8: 0x0000000006098a48   r9: 0x0000000000444020  r10: 0x0000000000173a5c  r11: 0x000000000044402c
   r12: 0x0000000000174ee0  r13: 0x00000000a3736688  r14: 0x0000000000000100  r15: 0x0000000000000000
   r16: 0x00000000a3736688  r17: 0x00000000a3746688  r18: 0x00000000a3736688  r19: 0x00000000a3736688
   r20: 0x0000000000000000  r21: 0x00000000a3706688  r22: 0x00000000a373ea0c  r23: 0x00000000a3706688
   r24: 0x00000000059c0100  r25: 0x00000000bfffbeb8  r26: 0x00000000059c0100  r27: 0x0000000000000000
   r28: 0x00000000a3745d80  r29: 0x00000000097fa6f0  r30: 0x00000000bfffb7a8  r31: 0x0000000000338230

Binary Images Description:
    0x1000 -    0xdcfff com.apple.Safari 2.0.4 (419.3)	/Applications/Safari.app/Contents/MacOS/Safari
  0x109000 -   0x10afff WebKitNightlyEnabler.dylib 	/Applications/WebKit.app/Contents/Resources/WebKitNightlyEnabler.dylib
  0x10e000 -   0x19cfff com.apple.JavaScriptCore 420+	/Applications/WebKit.app/Contents/Resources/JavaScriptCore.framework/Versions/A/JavaScriptCore
  0x305000 -   0x3aefff com.apple.WebKit 420+	/Applications/WebKit.app/Contents/Resources/WebKit.framework/Versions/A/WebKit
  0x7fb000 -   0x7fbfff com.aladdinsys.mmenabler 7.1.0 (129)	/Library/InputManagers/MagicMenuEnabler/MagicMenuEnabler.bundle/Contents/MacOS/MagicMenuEnabler
 0x1008000 -  0x1533fff com.apple.WebCore 420+	/Applications/WebKit.app/Contents/Resources/WebCore.framework/Versions/A/WebCore
 0x520d000 -  0x520dfff com.apple.SpotLightCM 1.0 (121.20.2)	/System/Library/Contextual Menu Items/SpotlightCM.plugin/Contents/MacOS/SpotlightCM
 0x52ca000 -  0x52ccfff com.apple.AutomatorCMM 1.0 (48)	/System/Library/Contextual Menu Items/AutomatorCMM.plugin/Contents/MacOS/AutomatorCMM
 0x52e6000 -  0x52eafff com.apple.FolderActionsMenu 1.3	/System/Library/Contextual Menu Items/FolderActionsMenu.plugin/Contents/MacOS/FolderActionsMenu
0x8fe00000 - 0x8fe51fff dyld 45.3	/usr/lib/dyld
0x90000000 - 0x901bcfff libSystem.B.dylib 	/usr/lib/libSystem.B.dylib
0x90214000 - 0x90219fff libmathCommon.A.dylib 	/usr/lib/system/libmathCommon.A.dylib
0x9021b000 - 0x90268fff com.apple.CoreText 1.0.2 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText
0x90293000 - 0x90344fff ATS 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS
0x90373000 - 0x9072dfff com.apple.CoreGraphics 1.258.38 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
0x907ba000 - 0x90893fff com.apple.CoreFoundation 6.4.6 (368.27)	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x908dc000 - 0x908dcfff com.apple.CoreServices 10.4 (???)	/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
0x908de000 - 0x909e0fff libicucore.A.dylib 	/usr/lib/libicucore.A.dylib
0x90a3a000 - 0x90abefff libobjc.A.dylib 	/usr/lib/libobjc.A.dylib
0x90ae8000 - 0x90b58fff com.apple.framework.IOKit 1.4 (???)	/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x90b6e000 - 0x90b80fff libauto.dylib 	/usr/lib/libauto.dylib
0x90b87000 - 0x90e5efff com.apple.CoreServices.CarbonCore 681.7	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore
0x90ec4000 - 0x90f44fff com.apple.CoreServices.OSServices 4.1	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices
0x90f8e000 - 0x90fcffff com.apple.CFNetwork 129.19	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
0x90fe4000 - 0x90ffcfff com.apple.WebServices 1.1.2 (1.1.0)	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/WebServicesCore
0x9100c000 - 0x9108dfff com.apple.SearchKit 1.0.5	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit
0x910d3000 - 0x910fdfff com.apple.Metadata 10.4.4 (121.36)	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata
0x9110e000 - 0x9111cfff libz.1.dylib 	/usr/lib/libz.1.dylib
0x9111f000 - 0x912dafff com.apple.security 4.6 (29770)	/System/Library/Frameworks/Security.framework/Versions/A/Security
0x913d9000 - 0x913e2fff com.apple.DiskArbitration 2.1	/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
0x913e9000 - 0x91411fff com.apple.SystemConfiguration 1.8.3	/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
0x91424000 - 0x9142ffff libgcc_s.1.dylib 	/usr/lib/libgcc_s.1.dylib
0x91434000 - 0x9143cfff libbsm.dylib 	/usr/lib/libbsm.dylib
0x91440000 - 0x914bbfff com.apple.audio.CoreAudio 3.0.4	/System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
0x914f8000 - 0x914f8fff com.apple.ApplicationServices 10.4 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
0x914fa000 - 0x91532fff com.apple.AE 1.5 (297)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE
0x9154d000 - 0x9161afff com.apple.ColorSync 4.4.4	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync
0x9166f000 - 0x91700fff com.apple.print.framework.PrintCore 4.6 (177.13)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore
0x91747000 - 0x917fefff com.apple.QD 3.10.21 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD
0x9183b000 - 0x91899fff com.apple.HIServices 1.5.3 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices
0x918c8000 - 0x918ecfff com.apple.LangAnalysis 1.6.1	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis
0x91900000 - 0x91925fff com.apple.FindByContent 1.5	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/FindByContent
0x91938000 - 0x9197afff com.apple.LaunchServices 181	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices
0x91996000 - 0x919aafff com.apple.speech.synthesis.framework 3.3	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis
0x919b8000 - 0x919fafff com.apple.ImageIO.framework 1.5.0	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO
0x91a10000 - 0x91ad7fff libcrypto.0.9.7.dylib 	/usr/lib/libcrypto.0.9.7.dylib
0x91b25000 - 0x91b3afff libcups.2.dylib 	/usr/lib/libcups.2.dylib
0x91b3f000 - 0x91b5dfff libJPEG.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib
0x91b63000 - 0x91bd2fff libJP2.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib
0x91be9000 - 0x91bedfff libGIF.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib
0x91bef000 - 0x91c4efff libRaw.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib
0x91c53000 - 0x91c90fff libTIFF.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib
0x91c97000 - 0x91cb0fff libPng.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
0x91cb5000 - 0x91cb8fff libRadiance.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib
0x91cba000 - 0x91cbafff com.apple.Accelerate 1.2.2 (Accelerate 1.2.2)	/System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
0x91cbc000 - 0x91da1fff com.apple.vImage 2.4	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage
0x91da9000 - 0x91dc8fff com.apple.Accelerate.vecLib 3.2.2 (vecLib 3.2.2)	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib
0x91e34000 - 0x91ea2fff libvMisc.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib
0x91ead000 - 0x91f42fff libvDSP.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib
0x91f5c000 - 0x924e4fff libBLAS.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
0x92517000 - 0x92842fff libLAPACK.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib
0x92872000 - 0x928fafff com.apple.DesktopServices 1.3.5	/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv
0x9293b000 - 0x92b66fff com.apple.Foundation 6.4.6 (567.27)	/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x92c84000 - 0x92d62fff libxml2.2.dylib 	/usr/lib/libxml2.2.dylib
0x92d82000 - 0x92e70fff libiconv.2.dylib 	/usr/lib/libiconv.2.dylib
0x92e82000 - 0x92ea0fff libGL.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
0x92eab000 - 0x92f05fff libGLU.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
0x92f23000 - 0x92f23fff com.apple.Carbon 10.4 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
0x92f25000 - 0x92f39fff com.apple.ImageCapture 3.0	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture
0x92f51000 - 0x92f61fff com.apple.speech.recognition.framework 3.4	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition
0x92f6d000 - 0x92f82fff com.apple.securityhi 2.0 (203)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI
0x92f94000 - 0x9301bfff com.apple.ink.framework 101.2 (69)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink
0x9302f000 - 0x9303afff com.apple.help 1.0.3 (32)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help
0x93044000 - 0x93071fff com.apple.openscripting 1.2.5 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting
0x9308b000 - 0x9309bfff com.apple.print.framework.Print 5.0 (190.1)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print
0x930a7000 - 0x9310dfff com.apple.htmlrendering 1.1.2	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering
0x9313e000 - 0x9318dfff com.apple.NavigationServices 3.4.4 (3.4.3)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices
0x931bb000 - 0x931d8fff com.apple.audio.SoundManager 3.9	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound
0x931ea000 - 0x931f7fff com.apple.CommonPanels 1.2.2 (73)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels
0x93200000 - 0x9350dfff com.apple.HIToolbox 1.4.8 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox
0x9365c000 - 0x93668fff com.apple.opengl 1.4.7	/System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
0x9366d000 - 0x9368dfff com.apple.DirectoryService.Framework 3.1	/System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService
0x93701000 - 0x93701fff com.apple.Cocoa 6.4 (???)	/System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa
0x93703000 - 0x93d36fff com.apple.AppKit 6.4.7 (824.41)	/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
0x940c3000 - 0x94133fff com.apple.CoreData 80	/System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
0x9416c000 - 0x9422ffff com.apple.audio.toolbox.AudioToolbox 1.4.3	/System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
0x94281000 - 0x94281fff com.apple.audio.units.AudioUnit 1.4	/System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
0x94283000 - 0x94456fff com.apple.QuartzCore 1.4.9	/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
0x944ac000 - 0x944e9fff libsqlite3.0.dylib 	/usr/lib/libsqlite3.0.dylib
0x944f1000 - 0x94541fff libGLImage.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib
0x945d2000 - 0x94614fff com.apple.vmutils 4.0.2 (93.1)	/System/Library/PrivateFrameworks/vmutils.framework/Versions/A/vmutils
0x94658000 - 0x94674fff com.apple.securityfoundation 2.2 (27710)	/System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation
0x94688000 - 0x946ccfff com.apple.securityinterface 2.2 (27692)	/System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface
0x946f0000 - 0x946fffff libCGATS.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib
0x94707000 - 0x94713fff libCSync.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib
0x94759000 - 0x94771fff libRIP.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib
0x94b0a000 - 0x94b7bfff libstdc++.6.dylib 	/usr/lib/libstdc++.6.dylib
0x94d16000 - 0x94e46fff com.apple.AddressBook.framework 4.0.4 (485.1)	/System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook
0x94ed8000 - 0x94ee7fff com.apple.DSObjCWrappers.Framework 1.1	/System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers
0x94eef000 - 0x94f1cfff com.apple.LDAPFramework 1.4.1 (69.0.1)	/System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
0x94f23000 - 0x94f33fff libsasl2.2.dylib 	/usr/lib/libsasl2.2.dylib
0x94f37000 - 0x94f66fff libssl.0.9.7.dylib 	/usr/lib/libssl.0.9.7.dylib
0x94f76000 - 0x94f93fff libresolv.9.dylib 	/usr/lib/libresolv.9.dylib
0x9616c000 - 0x96195fff libxslt.1.dylib 	/usr/lib/libxslt.1.dylib
0x97ce1000 - 0x97ceefff com.apple.agl 2.5.6 (AGL-2.5.6)	/System/Library/Frameworks/AGL.framework/Versions/A/AGL
0x9b233000 - 0x9b269fff com.apple.Syndication 1.0.6 (54)	/System/Library/PrivateFrameworks/Syndication.framework/Versions/A/Syndication
0x9b286000 - 0x9b298fff com.apple.SyndicationUI 1.0.6 (54)	/System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI
Comment 1 David Kilzer (:ddkilzer) 2006-12-17 11:48:08 PST
Confirmed with WebKit nightly r18260.  Will post a debug stack trace when my r18269 debug build finishes.  Note that I had to follow these steps to reproduce:

1. Log into GMail.
2. Create signature text.
3. Compose new message.
4. Left-click on top line (blank) of message body.
5. Right-click (or control-click) in the same place.

I was also able to reverse Steps 4 and 5 to reproduce the error.  Note that only right-clicking or control-clicking doesn't cause a crash.
Comment 2 David Kilzer (:ddkilzer) 2006-12-17 14:15:18 PST
The steps in Comment #1 do NOT work for WebKit nightly r18244, but the following still causes a crash (in both WebKit nightlies r18244 and r18260).  Note that this may be a separate bug.

1. Start WebKit nightly r18244 or r18260.
2. Log into GMail.
3. Click "Compose Mail" link.
4. Click once in the message body textarea.
5. Close the window.
6. Wait about 5 seconds.
7. WebKit crashes.

Comment 3 David Kilzer (:ddkilzer) 2006-12-17 14:27:42 PST
Stack trace resulting from following steps in Comment #1 on a locally-built debug build of WebKit r18269 with Safari 2.0.4 (419.3) on Mac OS X 10.4.8 (8L127):

Date/Time:      2006-12-17 16:12:37.349 -0600
OS Version:     10.4.8 (Build 8L127)
Report Version: 4

Command: Safari
Path:    /Applications/Safari.app/Contents/MacOS/Safari
Parent:  bash [16966]

Version:        2.0.4 (419.3)
Build Version:  1
Project Name:   WebBrowser
Source Version: 4190300

PID:    26878
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000014

Thread 0 Crashed:
0   com.apple.WebCore        	0x015d3eac WebCore::FontData::getNSFont() const + 20 (FontData.h:74)
1   com.apple.WebCore        	0x011533cc -[WebCoreFrameBridge fontForSelection:] + 112 (WebCoreFrameBridge.mm:1428)
2   com.apple.WebKit         	0x003630c4 -[WebHTMLView(WebInternal) _updateFontPanel] + 324 (WebHTMLView.m:5075)
3   com.apple.WebKit         	0x00362e38 -[WebHTMLView(WebInternal) _selectionChanged] + 88 (WebHTMLView.m:5038)
4   com.apple.WebKit         	0x0033896c -[WebFrameBridge respondToChangedSelection] + 236 (WebFrameBridge.mm:1001)
5   com.apple.WebCore        	0x0112e478 WebCore::FrameMac::respondToChangedSelection(WebCore::Selection const&, bool) + 1040 (FrameMac.mm:868)
6   com.apple.WebCore        	0x01296aac WebCore::SelectionController::setSelection(WebCore::Selection const&, bool, bool, bool) + 1612 (SelectionController.cpp:139)
7   com.apple.WebCore        	0x014e4218 WebCore::EventHandler::selectClosestWordFromMouseEvent(WebCore::PlatformMouseEvent const&, WebCore::Node*) + 504 (EventHandler.cpp:147)
8   com.apple.WebCore        	0x014e7c18 WebCore::EventHandler::sendContextMenuEvent(WebCore::PlatformMouseEvent) + 624 (EventHandler.cpp:1155)
9   com.apple.WebKit         	0x00357fc4 -[WebHTMLView menuForEvent:] + 256 (WebHTMLView.m:2663)
10  com.apple.AppKit         	0x93b51c5c -[NSView rightMouseDown:] + 68
11  com.apple.AppKit         	0x93a23404 -[NSControl _rightMouseUpOrDown:] + 440
12  com.apple.AppKit         	0x93767fa0 -[NSWindow sendEvent:] + 6424
13  com.apple.Safari         	0x00021734 0x1000 + 132916
14  com.apple.AppKit         	0x937108d4 -[NSApplication sendEvent:] + 4172
15  com.apple.Safari         	0x00021238 0x1000 + 131640
16  com.apple.AppKit         	0x93707d10 -[NSApplication run] + 508
17  com.apple.AppKit         	0x937f887c NSApplicationMain + 452
18  com.apple.Safari         	0x0005c77c 0x1000 + 374652
19  com.apple.Safari         	0x0005c624 0x1000 + 374308

Comment 4 David Kilzer (:ddkilzer) 2006-12-17 16:28:20 PST
(In reply to comment #2)
> The steps in Comment #1 do NOT work for WebKit nightly r18244, but the
> following still causes a crash (in both WebKit nightlies r18244 and r18260). 
> Note that this may be a separate bug.
> 
> 1. Start WebKit nightly r18244 or r18260.
> 2. Log into GMail.
> 3. Click "Compose Mail" link.
> 4. Click once in the message body textarea.
> 5. Close the window.
> 6. Wait about 5 seconds.
> 7. WebKit crashes.

Filed Bug 11863 for this issue.

Comment 5 David Kilzer (:ddkilzer) 2006-12-20 19:16:06 PST
This may have been fixed in r18369:

http://trac.webkit.org/projects/webkit/changeset/18369

Comment 6 David Kilzer (:ddkilzer) 2006-12-20 20:00:36 PST
(In reply to comment #5)
> This may have been fixed in r18369:
> http://trac.webkit.org/projects/webkit/changeset/18369

Not so much, but the error stack is different now in a locally-built debug build of WebKit r18370 with Safari 2.0.4 (419.3) on Mac OS X 10.4.8 (8L127).  Here's the error printed to the console:

[23734] http://mail.google.com/mail/ line 9: TypeError: Null value
(timer):Value undefined (result of expression GC) is not object.
Segmentation fault

And the stack trace:

Date/Time:      2006-12-20 21:49:30.945 -0600
OS Version:     10.4.8 (Build 8L127)
Report Version: 4

Command: Safari
Path:    /Applications/Safari.app/Contents/MacOS/Safari
Parent:  bash [412]

Version:        2.0.4 (419.3)
Build Version:  1
Project Name:   WebBrowser
Source Version: 4190300

PID:    23734
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0x742f8000

Thread 0 Crashed:
0   <<00000000>> 	0x742f8000 0 + 1949270016
1   com.apple.WebCore        	0x0132aca0 KJS::ScheduledAction::execute(KJS::Window*) + 892 (kjs_window.cpp:1845)
2   com.apple.WebCore        	0x0132d700 KJS::Window::timerFired(KJS::DOMWindowTimer*) + 468 (kjs_window.cpp:1970)
3   com.apple.WebCore        	0x0132d784 KJS::DOMWindowTimer::fired() + 72 (kjs_window.cpp:2528)
4   com.apple.WebCore        	0x012ac894 WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*, (unsigned long)0> const&) + 236 (Timer.cpp:322)
5   com.apple.WebCore        	0x012ac960 WebCore::TimerBase::sharedTimerFired() + 132 (Timer.cpp:355)
6   com.apple.WebCore        	0x012abd0c WebCore::timerFired(__CFRunLoopTimer*, void*) + 60 (SharedTimerMac.cpp:47)
7   com.apple.CoreFoundation 	0x907f0550 __CFRunLoopDoTimer + 184
8   com.apple.CoreFoundation 	0x907dcec8 __CFRunLoopRun + 1680
9   com.apple.CoreFoundation 	0x907dc47c CFRunLoopRunSpecific + 268
10  com.apple.HIToolbox      	0x93208740 RunCurrentEventLoopInMode + 264
11  com.apple.HIToolbox      	0x93207d4c ReceiveNextEventCommon + 244
12  com.apple.HIToolbox      	0x93207c40 BlockUntilNextEventMatchingListInMode + 96
13  com.apple.AppKit         	0x9370bae4 _DPSNextEvent + 384
14  com.apple.AppKit         	0x9370b7a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
15  com.apple.Safari         	0x00006740 0x1000 + 22336
16  com.apple.AppKit         	0x93707cec -[NSApplication run] + 472
17  com.apple.AppKit         	0x937f887c NSApplicationMain + 452
18  com.apple.Safari         	0x0005c77c 0x1000 + 374652
19  com.apple.Safari         	0x0005c624 0x1000 + 374308

Comment 7 David Kilzer (:ddkilzer) 2006-12-20 20:05:52 PST
(In reply to comment #6)
> (In reply to comment #5)
> > This may have been fixed in r18369:
> > http://trac.webkit.org/projects/webkit/changeset/18369
> 
> Not so much, but the error stack is different now in a locally-built debug
> build of WebKit r18370 with Safari 2.0.4 (419.3) on Mac OS X 10.4.8 (8L127). 
> Here's the error printed to the console:

Sorry, I followed the steps in Comment #4 instead of Comment #2.  This issue has been fixed, and it was most likely r18369 that fixed it:

<rdar://problem/4893376> REGRESSION: Crash occurs at WebCoreFrameBridge fontForSelection: when drag selecting from a line break