Bug 13662 - REGRESSION (r21367): Crash due to null document deref when closing bookmarks
Summary: REGRESSION (r21367): Crash due to null document deref when closing bookmarks
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 523.x (Safari 3)
Hardware: Macintosh OS X 10.4
: P1 Normal
Assignee: Nobody
Keywords: InRadar, Regression
: 13671 (view as bug list)
Depends on:
Reported: 2007-05-10 12:18 PDT by Kevin M. Dean
Modified: 2007-05-12 23:09 PDT (History)
4 users (show)

See Also:

Crash log (29.22 KB, text/plain)
2007-05-10 12:19 PDT, Kevin M. Dean
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Kevin M. Dean 2007-05-10 12:18:45 PDT
After the webkit start page loads, I click my bookmarks view to open which works fine. I click it again to close and webkit crashes.
Comment 1 Kevin M. Dean 2007-05-10 12:19:10 PDT
Created attachment 14474 [details]
Crash log
Comment 2 Matt Lilek 2007-05-10 12:37:46 PDT
Debug build of r21371 gives me the following assertion failure:

(WebKit/WebCore/loader/FrameLoader.cpp:3758 saveDocumentState)
Comment 3 Matt Lilek 2007-05-10 12:43:34 PDT
CCing Maciej, this assert was just added in r21367.
Comment 4 Brady Eidson 2007-05-10 12:54:30 PDT
Note there is both an ASSERT and a crash in a release build due to null deref - updating the title

Also, while the effect on Mac seems to be narrow (Bookmarks view only, perhaps?) it has a broader effect x-platform.  From #webkit a few moments ago -

"zecke: WebKit/Gdk started to crash after mjs's change. Somehow it is managed to call FrameLoader::saveDocumentState with m_frame->document == 0"
Comment 5 Mark Rowe (bdash) 2007-05-10 20:59:43 PDT
*** Bug 13671 has been marked as a duplicate of this bug. ***
Comment 6 Maciej Stachowiak 2007-05-11 13:36:19 PDT
Comment 7 David Kilzer (:ddkilzer) 2007-05-12 23:09:54 PDT
Fixed in r21421.