Bug 11863 - REGRESSION: Reproducible crash in GMail after composing new message, clicking in body, then closing window
Summary: REGRESSION: Reproducible crash in GMail after composing new message, clicking...
Status: RESOLVED DUPLICATE of bug 11729
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: 420+
Hardware: Mac OS X 10.4
: P1 Normal
Assignee: Nobody
URL: http://mail.google.com/mail/
Keywords: GoogleBug, Regression
Depends on:
Blocks:
 
Reported: 2006-12-17 16:27 PST by David Kilzer (:ddkilzer)
Modified: 2006-12-17 18:04 PST (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David Kilzer (:ddkilzer) 2006-12-17 16:27:54 PST 
Summary:

Logging into GMail, composing a new message, clicking in the body textarea, then immediately closing the window causes a crash a few seconds after the window closes.

Steps to reproduce (taken from Bug 11859 Comment #2):

1. Start WebKit nightly r18244 or r18260.
2. Log into GMail.
3. Click "Compose Mail" link.
4. Click once in the message body textarea.
5. Close the window immediately after clicking.
6. Wait about 5 seconds.
7. WebKit crashes.

Expected results:

WebKit should not crash.

Actual results:

WebKit crashes.

Regression:

Regression from earlier WebKit builds that worked with GMail's wysiwyg editor.

Notes:

The "top" of the stack trace appears to varie (e.g. where the crash occurs), but it always occurs.  Here's a stack trace from a locally-built debug build of WebKit r18269 with Safari 2.0.4 (419.3) on Mac OS X 10.4.8 (8L127).


Date/Time:      2006-12-17 18:07:12.628 -0600
OS Version:     10.4.8 (Build 8L127)
Report Version: 4

Command: Safari
Path:    /Applications/Safari.app/Contents/MacOS/Safari
Parent:  bash [16966]

Version:        2.0.4 (419.3)
Build Version:  1
Project Name:   WebBrowser
Source Version: 4190300

PID:    27003
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0x0fad7723

Thread 0 Crashed:
0   com.apple.WebCore        	0x0149b690 WebCore::Editor::isContinuousSpellCheckingEnabled() + 88 (Editor.cpp:1131)
1   com.apple.WebCore        	0x0112e0d4 WebCore::FrameMac::respondToChangedSelection(WebCore::Selection const&, bool) + 108 (FrameMac.mm:839)
2   com.apple.WebCore        	0x01296aac WebCore::SelectionController::setSelection(WebCore::Selection const&, bool, bool, bool) + 1612 (SelectionController.cpp:139)
3   com.apple.WebCore        	0x01297270 WebCore::SelectionController::clear() + 56 (SelectionController.cpp:667)
4   com.apple.WebCore        	0x014b9520 WebCore::FrameLoader::clear(bool) + 360 (FrameLoader.cpp:736)
5   com.apple.WebCore        	0x014bc410 WebCore::FrameLoader::cancelAndClear() + 76 (FrameLoader.cpp:705)
6   com.apple.WebCore        	0x0112f760 WebCore::FrameMac::~FrameMac [in-charge deleting]() + 184 (FrameMac.mm:151)
7   com.apple.WebCore        	0x015c7914 WebCore::Shared<WebCore::Frame>::deref() + 228 (Shared.h:52)
8   com.apple.WebCore        	0x0164b394 WTF::RefPtr<WebCore::Frame>::operator=(WebCore::Frame*) + 108 (RefPtr.h:107)
9   com.apple.WebCore        	0x014e88e0 WebCore::EventHandler::clear() + 112 (EventHandler.cpp:117)
10  com.apple.WebCore        	0x014b953c WebCore::FrameLoader::clear(bool) + 388 (FrameLoader.cpp:737)
11  com.apple.WebCore        	0x014bc410 WebCore::FrameLoader::cancelAndClear() + 76 (FrameLoader.cpp:705)
12  com.apple.WebCore        	0x0112f760 WebCore::FrameMac::~FrameMac [in-charge deleting]() + 184 (FrameMac.mm:151)
13  com.apple.WebCore        	0x015c7914 WebCore::Shared<WebCore::Frame>::deref() + 228 (Shared.h:52)
14  com.apple.WebCore        	0x01128120 WebCore::Frame::lifeSupportTimerFired(WebCore::Timer<WebCore::Frame>*) + 76 (Frame.cpp:904)
15  com.apple.WebCore        	0x0164dd3c WebCore::Timer<WebCore::Frame>::fired() + 152 (Timer.h:96)
16  com.apple.WebCore        	0x012aa820 WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*, (unsigned long)0> const&) + 236 (Timer.cpp:322)
17  com.apple.WebCore        	0x012aa8ec WebCore::TimerBase::sharedTimerFired() + 132 (Timer.cpp:355)
18  com.apple.WebCore        	0x012a9c98 WebCore::timerFired(__CFRunLoopTimer*, void*) + 60 (SharedTimerMac.cpp:47)
19  com.apple.CoreFoundation 	0x907f0550 __CFRunLoopDoTimer + 184
20  com.apple.CoreFoundation 	0x907dcec8 __CFRunLoopRun + 1680
21  com.apple.CoreFoundation 	0x907dc47c CFRunLoopRunSpecific + 268
22  com.apple.HIToolbox      	0x93208740 RunCurrentEventLoopInMode + 264
23  com.apple.HIToolbox      	0x93207d4c ReceiveNextEventCommon + 244
24  com.apple.HIToolbox      	0x93207c40 BlockUntilNextEventMatchingListInMode + 96
25  com.apple.AppKit         	0x9370bae4 _DPSNextEvent + 384
26  com.apple.AppKit         	0x9370b7a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
27  com.apple.Safari         	0x00006740 0x1000 + 22336
28  com.apple.AppKit         	0x93707cec -[NSApplication run] + 472
29  com.apple.AppKit         	0x937f887c NSApplicationMain + 452
30  com.apple.Safari         	0x0005c77c 0x1000 + 374652
31  com.apple.Safari         	0x0005c624 0x1000 + 374308
Comment 1 Matt Lilek 2006-12-17 17:42:46 PST 
I'm pretty sure this is a dupe of bug 11729.  The new message "textarea" is actually a contenteditable iframe which would explain why it crashes and the backtrace is nearly identical (the one attached to 11729 is from a nightly which is why its shorter).
Comment 2 David Kilzer (:ddkilzer) 2006-12-17 18:04:48 PST 
Thanks, Matt!



*** This bug has been marked as a duplicate of 11729 ***