2006-11-28 23:02:04 CrashTracer System: PLEASE NOTE: This crash was automatically generated based on user crash reports. Go here to learn how to deal with it: http://howto.apple.com/db.cgi?CrashTracer * APPLICATION: Safari * CRASH: com.apple.WebCore: WebCore::Element::setAttribute + 58 * MORE INFORMATION: http://crashtracer.apple.com/detail.php?crash_id=5616952&app=Safari&build=9A288 (may not immediately have data) This crash was escalated to Radar by the CrashTracer System because an internal user explicitly requested it. The user provided the following comments: Was browsing audible.com and tried to view a preview Possible third-party binary images occurring in over 75% in processes that crashed here: 100.00% (2 of 2) GLEngine ??? (???) /System/Library/Frameworks/OpenGL.framework/Resources/GLEngine.bundle/GLEngine 100.00% (2 of 2) GLRendererFloat ??? (???) /System/Library/Frameworks/OpenGL.framework/Resources/GLRendererFloat.bundle/GLRendererFloat 100.00% (2 of 2) com.macromedia.Flash Player.plugin 8.0.27 (1.0.2f27) /Library/Internet Plug-Ins/Flash Player.plugin/Contents/MacOS/Flash Player Summary of a selection of backtraces attributed to this bug. The stack frame considered to be the unique "crash point" is highlighted ==> like this <==. This frame is used for aggregation when filing these bugs and does not necessarily imply fault. 1 page zero: ==> 2 com.apple.WebCore: WebCore::Element::setAttribute + 58 <== 2 com.apple.WebCore: WebCore::Element::setAttribute + 47 2 com.apple.WebCore: WebCore::HTMLImageElement::setHeight + 64 2 com.apple.WebCore: KJS::ImageConstructorImp::construct + 287 2 com.apple.JavaScriptCore: KJS::NewExprNode::evaluate + 540 2 com.apple.JavaScriptCore: KJS::VarDeclNode::evaluate + 62 2 com.apple.JavaScriptCore: KJS::VarDeclListNode::evaluate + 47 2 com.apple.JavaScriptCore: KJS::VarStatementNode::execute + 130 2 com.apple.JavaScriptCore: KJS::SourceElementsNode::execute + 177 2 com.apple.JavaScriptCore: KJS::BlockNode::execute + 74 2 com.apple.JavaScriptCore: KJS::DeclaredFunctionImp::execute + 52 2 com.apple.JavaScriptCore: KJS::FunctionImp::callAsFunction + 343 2 com.apple.JavaScriptCore: KJS::JSObject::call + 135 2 com.apple.JavaScriptCore: KJS::FunctionCallResolveNode::evaluate + 606 2 com.apple.JavaScriptCore: KJS::ExprStatementNode::execute + 130 2 com.apple.JavaScriptCore: KJS::SourceElementsNode::execute + 177 2 com.apple.JavaScriptCore: KJS::BlockNode::execute + 74 2 com.apple.JavaScriptCore: KJS::DeclaredFunctionImp::execute + 52 2 com.apple.JavaScriptCore: KJS::FunctionImp::callAsFunction + 343 2 com.apple.JavaScriptCore: KJS::JSObject::call + 135 1 com.apple.WebCore: KJS::JSAbstractEventListener::handleEvent + 1107 +-1 com.apple.WebCore: WebCore::EventTargetNode::handleLocalEvents + 182 +---1 com.apple.WebCore: WebCore::EventTargetNode::dispatchGenericEvent + 978 +-----1 com.apple.WebCore: WebCore::EventTargetNode::dispatchEvent + 179 +-------1 com.apple.WebCore: WebCore::EventTargetNode::dispatchMouseEvent + 466 +---------1 com.apple.WebCore: WebCore::EventTargetNode::dispatchMouseEvent + 142 +-----------1 com.apple.WebCore: WebCore::FrameView::dispatchMouseEvent + 361 +-------------1 com.apple.WebCore: WebCore::FrameView::handleMouseReleaseEvent + 614 +---------------1 com.apple.WebCore: WebCore::FrameMac::mouseUp + 217 +-----------------1 com.apple.WebKit: -[WebHTMLView mouseUp:] + 210 +-------------------1 com.apple.AppKit: -[NSWindow sendEvent:] + 5516 +---------------------1 com.apple.Safari: -[Window sendEvent:] +-----------------------1 com.apple.AppKit: -[NSApplication sendEvent:] + 2837 +-------------------------1 com.apple.Safari: -[BrowserApplication sendEvent:] +---------------------------1 com.apple.AppKit: -[NSApplication run] + 847 +-----------------------------1 com.apple.AppKit: NSApplicationMain + 663 +-------------------------------1 com.apple.Safari: __start +---------------------------------1 com.apple.Safari: start +-----------------------------------1 page zero: 0x2 +-------------------------------------1 Main thread pruning: 1 com.apple.WebCore: KJS::JSAbstractEventListener::handleEvent + 1202 Some of the most recent comments: * 7044219: Clicking on NetFlix preview. Overall this crash was reported 2 times in OS builds 9A270 to 9A288, Safari versions 521.26.2 to 521.28.2. Of these crashes, 1 was in the latest OS build, 9A288, and 1 was in the latest Safari version, 521.28.2. 2006-12-07 14:35:20 Stephanie Lewis: Looks like 4662801 but that was supposed to be fixed in Leopard 9A268 and these were later. 2006-12-08 13:06:52 David Harrison: Deferring crashtracers with fewer than 100 instances. 2007-01-05 13:16:20 Stephanie Lewis: 4910230 is a reproducible duplicate * STEPS TO REPRODUCE 1. Go to the site: http://diane.zaadz.com/blog/tags/macdougalls+pride 2007-01-08 13:50:37 Stephanie Lewis: Safari BRB Reviewed 2007-01-15 13:50:47 Alice Liu: Safari blocker reviewed 2007-01-15 13:51:16 John Sullivan: Can still repro with tip of tree on Tiger. 2007-01-22 13:32:58 Beth Dakin: I cannot reproduce with today's Tip of Tree on Tiger. John is pulling fresh sources so that he can try again too. Moving to Verify. 2007-01-22 14:38:30 John Sullivan: Unfortunately the crash still happens for me at the same spot with the very latest sources on Tiger. 2007-01-22 14:49:33 John Sullivan: My Tiger machine is a G5. I can also repro on Leopard 9A347 on my MacBook Pro. 2007-01-27 18:42:06 Beth Dakin: I was able to get this to crash after a long, long time with Guard Malloc enabled, but it crashed in a different place. Very mysterious. I think I am going to have to reduce this one on a machine where it is more easily reproducible. <rdar://problem/4853984>