13514 – REGRESSION (r20997-21003): Crash in WebCore::Node::Document

Bug 13514 - REGRESSION (r20997-21003): Crash in WebCore::Node::Document

Summary: REGRESSION (r20997-21003): Crash in WebCore::Node::Document

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	DOM (show other bugs)
Version:	523.x (Safari 3)
Hardware:	Mac OS X 10.4

Importance:	P1 Major
Assignee:	Alexey Proskuryakov

URL:	http://blackplanet.com
Keywords:	InRadar, Regression

Depends on:
Blocks:

Reported:	2007-04-26 18:37 PDT by Frank Young
Modified:	2007-04-28 11:49 PDT (History)
CC List:	3 users (show)

See Also:

Attachments
proposed fix (5.06 KB, patch) 2007-04-28 08:50 PDT, Alexey Proskuryakov	darin: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Frank Young 2007-04-26 18:37:09 PDT

I just downloaded the newest version of WebKit.app, version 522+, for testing locally on my PowerBook. I am using Mac OS X 10.4.9; Previously, all versions of WebKit nightlies worked just fine on all sites that I frequent. This version however, makes WebKit.app crash as soon as you navigate to the login page of BlackPlanet (http://blackplanet.com).

I'm not sure exactly what causes WebKit.app to crash as the page never gets to fully render before the app crashes. I've searched through Bugzilla and I didn't see any other reported bugs in reference to BlackPlanet so I'm a filing a bug report now.

If one of the Devs could take a look at this, I'd really appreciate it.

Comment 1 Matt Lilek 2007-04-26 19:13:09 PDT

Confirmed with r21103 (you need to click through the browser warning thing for it to crash).
This crashlog seems familiar, though I can't seem to find a bug for it right now.

Thread 0 Crashed:
0   com.apple.WebCore        	0x015ba3e4 WebCore::Node::document() const + 156 (Node.h:282)
1   com.apple.WebCore        	0x012e6fb8 KJS::toJS(KJS::ExecState*, WTF::PassRefPtr<WebCore::Node>) + 112 (kjs_dom.cpp:964)
2   com.apple.WebCore        	0x012e8104 KJS::DOMNodeList::indexGetter(KJS::ExecState*, KJS::JSObject*, KJS::Identifier const&, KJS::PropertySlot const&) + 156 (kjs_dom.cpp:727)
3   com.apple.JavaScriptCore 	0x005e78f0 KJS::PropertySlot::getValue(KJS::ExecState*, KJS::JSObject*, unsigned) const + 120 (property_slot.h:54)
4   com.apple.JavaScriptCore 	0x0057a148 KJS::JSObject::get(KJS::ExecState*, unsigned) const + 84 (object.cpp:174)
5   com.apple.JavaScriptCore 	0x005b00d8 KJS::BracketAccessorNode::evaluate(KJS::ExecState*) + 392 (nodes.cpp:552)
6   com.apple.JavaScriptCore 	0x005aeb90 KJS::ArgumentListNode::evaluateList(KJS::ExecState*) + 112 (nodes.cpp:581)
7   com.apple.JavaScriptCore 	0x005f2e48 KJS::ArgumentsNode::evaluateList(KJS::ExecState*) + 128 (nodes.h:361)
8   com.apple.JavaScriptCore 	0x005af7c8 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 604 (nodes.cpp:682)
9   com.apple.JavaScriptCore 	0x005ab6f8 KJS::ExprStatementNode::execute(KJS::ExecState*) + 220 (nodes.cpp:1723)
10  com.apple.JavaScriptCore 	0x005a7ee8 KJS::SourceElementsNode::execute(KJS::ExecState*) + 284 (nodes.cpp:2523)
11  com.apple.JavaScriptCore 	0x00579780 KJS::BlockNode::execute(KJS::ExecState*) + 216 (nodes.cpp:1700)
12  com.apple.JavaScriptCore 	0x005aa4dc KJS::ForNode::execute(KJS::ExecState*) + 1008 (nodes.cpp:1871)
13  com.apple.JavaScriptCore 	0x005a7ee8 KJS::SourceElementsNode::execute(KJS::ExecState*) + 284 (nodes.cpp:2523)
14  com.apple.JavaScriptCore 	0x00579780 KJS::BlockNode::execute(KJS::ExecState*) + 216 (nodes.cpp:1700)
15  com.apple.JavaScriptCore 	0x005ab604 KJS::IfNode::execute(KJS::ExecState*) + 636 (nodes.cpp:1750)
16  com.apple.JavaScriptCore 	0x005a803c KJS::SourceElementsNode::execute(KJS::ExecState*) + 624 (nodes.cpp:2529)
17  com.apple.JavaScriptCore 	0x00579780 KJS::BlockNode::execute(KJS::ExecState*) + 216 (nodes.cpp:1700)
18  com.apple.JavaScriptCore 	0x005798d0 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 92 (function.cpp:319)
19  com.apple.JavaScriptCore 	0x00598e94 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 688 (function.cpp:107)
20  com.apple.JavaScriptCore 	0x0057dc54 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 288 (object.cpp:97)
21  com.apple.JavaScriptCore 	0x005af884 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 792 (nodes.cpp:694)
22  com.apple.JavaScriptCore 	0x005ab6f8 KJS::ExprStatementNode::execute(KJS::ExecState*) + 220 (nodes.cpp:1723)
23  com.apple.JavaScriptCore 	0x005a7ee8 KJS::SourceElementsNode::execute(KJS::ExecState*) + 284 (nodes.cpp:2523)
24  com.apple.JavaScriptCore 	0x00579780 KJS::BlockNode::execute(KJS::ExecState*) + 216 (nodes.cpp:1700)
25  com.apple.JavaScriptCore 	0x005aa4dc KJS::ForNode::execute(KJS::ExecState*) + 1008 (nodes.cpp:1871)
26  com.apple.JavaScriptCore 	0x005a7ee8 KJS::SourceElementsNode::execute(KJS::ExecState*) + 284 (nodes.cpp:2523)
27  com.apple.JavaScriptCore 	0x00579780 KJS::BlockNode::execute(KJS::ExecState*) + 216 (nodes.cpp:1700)
28  com.apple.JavaScriptCore 	0x005ab604 KJS::IfNode::execute(KJS::ExecState*) + 636 (nodes.cpp:1750)
29  com.apple.JavaScriptCore 	0x005a803c KJS::SourceElementsNode::execute(KJS::ExecState*) + 624 (nodes.cpp:2529)
30  com.apple.JavaScriptCore 	0x00579780 KJS::BlockNode::execute(KJS::ExecState*) + 216 (nodes.cpp:1700)
31  com.apple.JavaScriptCore 	0x005798d0 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 92 (function.cpp:319)
[snip]
158 com.apple.JavaScriptCore 	0x0057dc54 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 288 (object.cpp:97)
159 com.apple.WebCore        	0x012ebe2c KJS::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 736 (kjs_events.cpp:123)
160 com.apple.WebCore        	0x01105eb0 WebCore::Document::handleWindowEvent(WebCore::Event*, bool) + 416 (Document.cpp:2344)
161 com.apple.WebCore        	0x012ab0e4 WebCore::EventTargetNode::dispatchWindowEvent(WebCore::AtomicString const&, bool, bool) + 360 (EventTargetNode.cpp:339)
162 com.apple.WebCore        	0x01108fac WebCore::Document::implicitClose() + 796 (Document.cpp:1388)
163 com.apple.WebCore        	0x0149056c WebCore::FrameLoader::checkEmitLoadEvent() + 596 (FrameLoader.cpp:1190)
164 com.apple.WebCore        	0x0149cafc WebCore::FrameLoader::checkCompleted() + 492 (FrameLoader.cpp:1150)
165 com.apple.WebCore        	0x0149dc64 WebCore::FrameLoader::loadDone() + 80 (FrameLoader.cpp:1114)
166 com.apple.WebCore        	0x01129938 WebCore::DocLoader::setLoadInProgress(bool) + 92 (DocLoader.cpp:178)
167 com.apple.WebCore        	0x0112b7b8 WebCore::Loader::didFinishLoading(WebCore::SubresourceLoader*) + 400 (loader.cpp:109)
168 com.apple.WebCore        	0x014a9d7c WebCore::SubresourceLoader::didFinishLoading() + 204 (SubresourceLoader.cpp:194)
169 com.apple.WebCore        	0x014a7bc4 WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) + 60
170 com.apple.WebCore        	0x0147d184 -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 144 (ResourceHandleMac.mm:370)
171 com.apple.Foundation     	0x92c1389c -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 188
172 com.apple.Foundation     	0x92c11b08 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 556

Comment 2 Matt Lilek 2007-04-26 20:08:42 PDT

Regressed between r20997 and r21003.

Comment 3 Mark Rowe (bdash) 2007-04-27 02:56:35 PDT

<rdar://problem/5166133>

Comment 4 Alexey Proskuryakov 2007-04-28 08:50:22 PDT

Created attachment 14242 [details]
proposed fix

Comment 5 Darin Adler 2007-04-28 10:36:34 PDT

Comment on attachment 14242 [details]
proposed fix

r=me

Comment 6 Alexey Proskuryakov 2007-04-28 11:49:48 PDT

Committed revision 21169.