Bug 13545 - Crash closing page on www.stevepavlina.com
Summary: Crash closing page on www.stevepavlina.com
Status: RESOLVED WORKSFORME
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 523.x (Safari 3)
Hardware: Mac OS X 10.4
: P1 Normal
Assignee: Nobody
URL: http://www.stevepavlina.com/blog/2006...
Keywords: InRadar, NeedsReduction
Depends on:
Blocks:
 
Reported: 2007-04-29 18:25 PDT by David Kilzer (:ddkilzer)
Modified: 2007-06-07 10:47 PDT (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David Kilzer (:ddkilzer) 2007-04-29 18:25:47 PDT 
* SUMMARY
A local debug build of WebKit r21184 crashed when I closed the URL in a tab.  I can't reproduce this, though.

* STEPS TO REPRODUCE
1. Open Safari/WebKit.
2. Search for "site:stevepavlina.com how to get up right away" in Google in the first tab.
3. Open http://www.stevepavlina.com/ in the second tab.
4. Open third tab with URL:  http://www.stevepavlina.com/blog/2006/04/how-to-get-up-right-away-when-your-alarm-goes-off/
5. Read article in Step 4.
6. Use Cmd-W to close third tab.

* EXPECTED RESULTS
Tab should close without crash.

* ACTUAL RESULTS
Tab closes with crash.

* REGRESSION
This is a regression from shipping Safari 2.0.4 (419.3) on Mac OS X 10.4.9 (8P135).

* NOTES
I have NOT been able to reproduce this.
Comment 1 David Kilzer (:ddkilzer) 2007-04-29 18:27:46 PDT 
Console output:

Bus error

Stack trace:

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x04000004

Thread 0 Crashed:
0   <<00000000>>        0x04000004 0 + 67108868
1   com.apple.JavaScriptCore    0x0060181c WTF::RefPtr<KJS::FunctionBodyNode>::~RefPtr [not-in-charge]() + 60 (RefPtr.h:41)
2   com.apple.JavaScriptCore    0x00601850 WTF::RefPtr<KJS::FunctionBodyNode>::~RefPtr [in-charge]() + 32 (RefPtr.h:41)
3   com.apple.JavaScriptCore    0x005abf0c KJS::FunctionImp::~FunctionImp [not-in-charge]() + 84 (function.cpp:69)
4   com.apple.JavaScriptCore    0x00615f1c KJS::DeclaredFunctionImp::~DeclaredFunctionImp [not-in-charge]() + 64 (function.h:105)
5   com.apple.JavaScriptCore    0x00615f64 KJS::DeclaredFunctionImp::~DeclaredFunctionImp [in-charge]() + 32 (function.h:105)
6   com.apple.JavaScriptCore    0x00585bb8 KJS::Collector::collect() + 1292 (collector.cpp:814)
7   com.apple.WebCore           0x012e1bf0 WebCore::KJSProxy::~KJSProxy [not-in-charge]() + 208 (kjs_proxy.cpp:56)
8   com.apple.WebCore           0x012e1c38 WebCore::KJSProxy::~KJSProxy [in-charge]() + 32 (kjs_proxy.cpp:57)
9   com.apple.WebCore           0x010ebbe8 WebCore::FramePrivate::~FramePrivate [not-in-charge]() + 56 (Frame.cpp:1893)
10  com.apple.WebCore           0x010ebd6c WebCore::FramePrivate::~FramePrivate [in-charge]() + 32 (Frame.cpp:1895)
11  com.apple.WebCore           0x010ec114 WebCore::Frame::~Frame [in-charge deleting]() + 916 (Frame.cpp:251)
12  com.apple.WebCore           0x0159f604 WebCore::Shared<WebCore::Frame>::deref() + 228 (Shared.h:52)
13  com.apple.WebCore           0x0159f658 WTF::RefPtr<WebCore::Frame>::~RefPtr [not-in-charge]() + 64 (RefPtr.h:41)
14  com.apple.WebCore           0x0159f68c WTF::RefPtr<WebCore::Frame>::~RefPtr [in-charge]() + 32 (RefPtr.h:41)
15  com.apple.WebCore           0x010f3854 WebCore::FrameView::~FrameView [in-charge deleting]() + 792 (FrameView.cpp:146)
16  com.apple.WebCore           0x01622d60 WebCore::FrameView::deref() + 116 (FrameView.h:63)
17  com.apple.WebCore           0x0131676c WebCore::RenderPart::~RenderPart [not-in-charge]() + 180 (RenderPart.cpp:54)
18  com.apple.WebCore           0x0171f89c WebCore::RenderPartObject::~RenderPartObject [in-charge deleting]() + 64 (RenderPartObject.h:32)
19  com.apple.WebCore           0x011c9a44 WebCore::RenderObject::arenaDelete(WebCore::RenderArena*, void*) + 324 (RenderObject.cpp:2539)
20  com.apple.WebCore           0x0131dc0c WebCore::RenderWidget::deref(WebCore::RenderArena*) + 112 (RenderWidget.cpp:207)
21  com.apple.WebCore           0x0131e484 WebCore::RenderWidget::destroy() + 372 (RenderWidget.cpp:101)
22  com.apple.WebCore           0x012af64c WebCore::Node::detach() + 124 (Node.cpp:834)
23  com.apple.WebCore           0x01109844 WebCore::ContainerNode::detach() + 112 (ContainerNode.cpp:618)
24  com.apple.WebCore           0x012b8f78 WebCore::Element::detach() + 44 (Element.cpp:661)
25  com.apple.WebCore           0x0110981c WebCore::ContainerNode::detach() + 72 (ContainerNode.cpp:615)
26  com.apple.WebCore           0x012b8f78 WebCore::Element::detach() + 44 (Element.cpp:661)
27  com.apple.WebCore           0x0110981c WebCore::ContainerNode::detach() + 72 (ContainerNode.cpp:615)
28  com.apple.WebCore           0x012b8f78 WebCore::Element::detach() + 44 (Element.cpp:661)
29  com.apple.WebCore           0x0110981c WebCore::ContainerNode::detach() + 72 (ContainerNode.cpp:615)
30  com.apple.WebCore           0x012b8f78 WebCore::Element::detach() + 44 (Element.cpp:661)
31  com.apple.WebCore           0x0110981c WebCore::ContainerNode::detach() + 72 (ContainerNode.cpp:615)
32  com.apple.WebCore           0x012b8f78 WebCore::Element::detach() + 44 (Element.cpp:661)
33  com.apple.WebCore           0x0110981c WebCore::ContainerNode::detach() + 72 (ContainerNode.cpp:615)
34  com.apple.WebCore           0x012b8f78 WebCore::Element::detach() + 44 (Element.cpp:661)
35  com.apple.WebCore           0x0110981c WebCore::ContainerNode::detach() + 72 (ContainerNode.cpp:615)
36  com.apple.WebCore           0x012b8f78 WebCore::Element::detach() + 44 (Element.cpp:661)
37  com.apple.WebCore           0x0110981c WebCore::ContainerNode::detach() + 72 (ContainerNode.cpp:615)
38  com.apple.WebCore           0x012b8f78 WebCore::Element::detach() + 44 (Element.cpp:661)
39  com.apple.WebCore           0x0110981c WebCore::ContainerNode::detach() + 72 (ContainerNode.cpp:615)
40  com.apple.WebCore           0x012b8f78 WebCore::Element::detach() + 44 (Element.cpp:661)
41  com.apple.WebCore           0x0110981c WebCore::ContainerNode::detach() + 72 (ContainerNode.cpp:615)
42  com.apple.WebCore           0x01100408 WebCore::Document::detach() + 220 (Document.cpp:1150)
43  com.apple.WebCore           0x010e2b54 WebCore::Frame::setView(WebCore::FrameView*) + 184 (Frame.cpp:272)
44  com.apple.WebCore           0x0147b6a4 WebCore::FrameLoader::detachFromParent() + 352 (FrameLoader.cpp:2964)
45  com.apple.WebKit            0x0037f1cc -[WebView(WebPrivate) _close] + 524 (WebView.mm:662)
46  com.apple.Safari            0x00047858 0x1000 + 288856
47  com.apple.Safari            0x000476fc 0x1000 + 288508
48  com.apple.Safari            0x00047690 0x1000 + 288400
49  com.apple.Safari            0x0007163c 0x1000 + 460348
50  com.apple.AppKit            0x9383fc4c -[NSApplication sendAction:to:from:] + 108
51  com.apple.Safari            0x0002956c 0x1000 + 165228
52  com.apple.AppKit            0x9389a4b8 -[NSMenu performActionForItemAtIndex:] + 392
53  com.apple.AppKit            0x9389a23c -[NSCarbonMenuImpl performActionWithHighlightingForItemAtIndex:] + 104
54  com.apple.AppKit            0x93899ce4 -[NSMenu performKeyEquivalent:] + 272
55  com.apple.AppKit            0x93899930 -[NSApplication _handleKeyEquivalent:] + 328
56  com.apple.AppKit            0x937a3408 -[NSApplication sendEvent:] + 2944
57  com.apple.Safari            0x00021238 0x1000 + 131640
58  com.apple.AppKit            0x9379ad10 -[NSApplication run] + 508
59  com.apple.AppKit            0x9388b87c NSApplicationMain + 452
60  com.apple.Safari            0x0005c77c 0x1000 + 374652
61  com.apple.Safari            0x0005c624 0x1000 + 374308
Comment 2 Darin Adler 2007-05-04 22:19:01 PDT 
<rdar://problem/5183691>
Comment 3 John Sullivan 2007-06-07 10:27:44 PDT 
This was marked as a regression, but the originator cannot reproduce it. There's no evidence that an unreproducible crash is a regression, so I un-marked it as a regression.
Comment 4 David Kilzer (:ddkilzer) 2007-06-07 10:47:17 PDT 
Can't reproduce bug, so closing for now.