Bug 13984 - REGRESSION: Crash when rotating photos on Flickr
Summary: REGRESSION: Crash when rotating photos on Flickr
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 523.x (Safari 3)
Hardware: Mac OS X 10.4
: P1 Normal
Assignee: Nobody
URL:
Keywords: NeedsReduction, Regression
: 14023 14026 14029 14031 14034 14035 14036 14039 14043 14047 (view as bug list)
Depends on:
Blocks:
 
Reported: 2007-06-04 06:05 PDT by Andrej Duchovka
Modified: 2007-06-09 22:32 PDT (History)
13 users (show)

See Also:


Attachments
Null check the layer (3.21 KB, patch)
2007-06-07 22:27 PDT, mitz
hyatt: review-
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andrej Duchovka 2007-06-04 06:05:35 PDT
When I try to rotate a photo on flickr.com, WebKit crashes.
Comment 1 David Kilzer (:ddkilzer) 2007-06-04 08:25:44 PDT
Thanks for the bug report, Andrej!  Could you please post the crash reporter log (as an attachment or as a comment) and steps to reproduce the bug with a URL?  Also, reporting which WebKit nightly build (using the "rNNNNN" number) would be a big help.

Comment 2 Andrej Duchovka 2007-06-04 09:27:23 PDT
Nightly build 21955

http://flickr.com/photos/andreasbachofen/529627300/

I tried to rotate the picture, then a popup layer comes up with a preview what it looks like if I rotate it cw or ccw, then I press OK and the spinning beachball takes over.

Date/Time:      2007-06-04 18:22:10.472 +0200
OS Version:     10.4.9 (Build 8P135)
Report Version: 4

Command: Safari
Path:    /Applications/Safari.app/Contents/MacOS/Safari
Parent:  WindowServer [64]

Version: ??? (21955)

PID:    17368
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000004

Thread 0 Crashed:
0   com.apple.WebCore              	0x0116adec WebCore::RenderLayer::childrenClipRect() const + 28
1   com.apple.WebCore              	0x010c3004 WebCore::FrameView::windowClipRectForLayer(WebCore::RenderLayer const*, bool) const + 68
2   com.apple.WebCore              	0x010edb60 -[DOMElement(WebPrivate) _windowClipRect] + 144
3   com.apple.WebKit               	0x003193ac -[WebBaseNetscapePluginView saveAndSetNewPortStateForUpdate:] + 412
4   com.apple.WebKit               	0x00313380 -[WebBaseNetscapePluginView sendEvent:] + 272
5   com.apple.WebKit               	0x0031395c -[WebBaseNetscapePluginView setHasFocus:] + 156
6   com.apple.WebKit               	0x003139e8 -[WebBaseNetscapePluginView resignFirstResponder] + 40
7   com.apple.AppKit               	0x93848de8 -[NSWindow makeFirstResponder:] + 104
8   com.apple.Safari               	0x000128e8 0x1000 + 71912
9   com.apple.WebCore              	0x01203250 WebCore::safeRemoveFromSuperview(NSView*) + 160
10  com.apple.WebCore              	0x01203dac WebCore::Widget::removeFromSuperview() + 252
11  com.apple.WebCore              	0x01297024 WebCore::RenderWidget::destroy() + 132
12  com.apple.WebCore              	0x01237af8 WebCore::Node::detach() + 72
13  com.apple.WebCore              	0x010d8af8 WebCore::ContainerNode::detach() + 72
14  com.apple.WebCore              	0x010d8af8 WebCore::ContainerNode::detach() + 72
15  com.apple.WebCore              	0x010d8af8 WebCore::ContainerNode::detach() + 72
16  com.apple.WebCore              	0x010d8af8 WebCore::ContainerNode::detach() + 72
17  com.apple.WebCore              	0x010d8af8 WebCore::ContainerNode::detach() + 72
18  com.apple.WebCore              	0x010d8af8 WebCore::ContainerNode::detach() + 72
19  com.apple.WebCore              	0x0123e0b8 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 248
20  com.apple.WebCore              	0x0123e27c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700
21  com.apple.WebCore              	0x0123e27c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700
22  com.apple.WebCore              	0x0123e27c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700
23  com.apple.WebCore              	0x0123e27c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700
24  com.apple.WebCore              	0x0123e27c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700
25  com.apple.WebCore              	0x0123e27c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700
26  com.apple.WebCore              	0x0123e27c WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 700
27  com.apple.WebCore              	0x010cdaac WebCore::Document::recalcStyle(WebCore::Node::StyleChange) + 1212
28  com.apple.WebCore              	0x010c7380 WebCore::Document::updateLayout() + 64
29  com.apple.WebCore              	0x010d18d0 WebCore::Document::updateLayoutIgnorePendingStylesheets() + 128
30  com.apple.WebCore              	0x01269060 KJS::Window::getValueProperty(KJS::ExecState*, int) const + 1744
31  com.apple.JavaScriptCore       	0x004b3364 KJS::DotAccessorNode::evaluate(KJS::ExecState*) + 324
32  com.apple.JavaScriptCore       	0x0049afb8 KJS::VarDeclNode::evaluate(KJS::ExecState*) + 88
33  com.apple.JavaScriptCore       	0x0049b2cc KJS::VarDeclListNode::evaluate(KJS::ExecState*) + 76
34  com.apple.JavaScriptCore       	0x004c15b4 KJS::VarStatementNode::execute(KJS::ExecState*) + 100
35  com.apple.JavaScriptCore       	0x004be3f0 KJS::SourceElementsNode::execute(KJS::ExecState*) + 368
36  com.apple.JavaScriptCore       	0x004c1538 KJS::BlockNode::execute(KJS::ExecState*) + 136
37  com.apple.JavaScriptCore       	0x004c1298 KJS::IfNode::execute(KJS::ExecState*) + 344
38  com.apple.JavaScriptCore       	0x004be3f0 KJS::SourceElementsNode::execute(KJS::ExecState*) + 368
39  com.apple.JavaScriptCore       	0x004c1538 KJS::BlockNode::execute(KJS::ExecState*) + 136
40  com.apple.JavaScriptCore       	0x004c1f98 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 56
41  com.apple.JavaScriptCore       	0x004c2300 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 608
42  com.apple.JavaScriptCore       	0x004b3ee0 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 832
43  com.apple.JavaScriptCore       	0x004c1374 KJS::ExprStatementNode::execute(KJS::ExecState*) + 100
44  com.apple.JavaScriptCore       	0x004be3f0 KJS::SourceElementsNode::execute(KJS::ExecState*) + 368
45  com.apple.JavaScriptCore       	0x004c1538 KJS::BlockNode::execute(KJS::ExecState*) + 136
46  com.apple.JavaScriptCore       	0x004c1f98 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 56
47  com.apple.JavaScriptCore       	0x004c2300 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 608
48  com.apple.JavaScriptCore       	0x004b3ee0 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 832
49  com.apple.JavaScriptCore       	0x004c1374 KJS::ExprStatementNode::execute(KJS::ExecState*) + 100
50  com.apple.JavaScriptCore       	0x004be3f0 KJS::SourceElementsNode::execute(KJS::ExecState*) + 368
51  com.apple.JavaScriptCore       	0x004c1538 KJS::BlockNode::execute(KJS::ExecState*) + 136
52  com.apple.JavaScriptCore       	0x004c1f98 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 56
53  com.apple.JavaScriptCore       	0x004c2300 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 608
54  com.apple.JavaScriptCore       	0x004b3ee0 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 832
55  com.apple.JavaScriptCore       	0x004c1374 KJS::ExprStatementNode::execute(KJS::ExecState*) + 100
56  com.apple.JavaScriptCore       	0x004be33c KJS::SourceElementsNode::execute(KJS::ExecState*) + 188
57  com.apple.JavaScriptCore       	0x004c1538 KJS::BlockNode::execute(KJS::ExecState*) + 136
58  com.apple.JavaScriptCore       	0x004c1f98 KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 56
59  com.apple.JavaScriptCore       	0x004c2300 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 608
60  com.apple.JavaScriptCore       	0x0049e498 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 792
61  com.apple.JavaScriptCore       	0x004c1374 KJS::ExprStatementNode::execute(KJS::ExecState*) + 100
62  com.apple.JavaScriptCore       	0x004be33c KJS::SourceElementsNode::execute(KJS::ExecState*) + 188
63  com.apple.JavaScriptCore       	0x004c1538 KJS::BlockNode::execute(KJS::ExecState*) + 136
64  com.apple.JavaScriptCore       	0x004ce770 KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UChar const*, int, KJS::JSValue*) + 1136
65  com.apple.WebCore              	0x0125bbf0 WebCore::KJSProxy::evaluate(WebCore::String const&, int, WebCore::String const&, WebCore::Node*) + 304
66  com.apple.WebCore              	0x013e859c WebCore::FrameLoader::executeScript(WebCore::String const&, int, WebCore::Node*, WebCore::String const&) + 92
67  com.apple.WebCore              	0x013e8648 WebCore::FrameLoader::executeScript(WebCore::Node*, WebCore::String const&, bool) + 120
68  com.apple.WebCore              	0x010e20ec -[WebCoreFrameBridge stringByEvaluatingJavaScriptFromString:forceUserGesture:] + 92
69  com.apple.WebKit               	0x003161e8 -[WebBaseNetscapePluginView(WebNPPCallbacks) evaluateJavaScriptPluginRequest:] + 168
70  com.apple.WebKit               	0x0031915c -[WebBaseNetscapePluginView(WebNPPCallbacks) loadPluginRequest:] + 716
71  com.apple.Foundation           	0x92bebc04 __NSFireDelayedPerform + 304
72  com.apple.CoreFoundation       	0x907f2578 __CFRunLoopDoTimer + 184
73  com.apple.CoreFoundation       	0x907deef8 __CFRunLoopRun + 1680
74  com.apple.CoreFoundation       	0x907de4ac CFRunLoopRunSpecific + 268
75  com.apple.HIToolbox            	0x93298b20 RunCurrentEventLoopInMode + 264
76  com.apple.HIToolbox            	0x932981b4 ReceiveNextEventCommon + 380
77  com.apple.HIToolbox            	0x93298020 BlockUntilNextEventMatchingListInMode + 96
78  com.apple.AppKit               	0x9379eae4 _DPSNextEvent + 384
79  com.apple.AppKit               	0x9379e7a8 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
80  com.apple.Safari               	0x00006740 0x1000 + 22336
81  com.apple.AppKit               	0x9379acec -[NSApplication run] + 472
82  com.apple.AppKit               	0x9388b87c NSApplicationMain + 452
83  com.apple.Safari               	0x0005c77c 0x1000 + 374652
84  com.apple.Safari               	0x0005c624 0x1000 + 374308

Thread 1:
0   libSystem.B.dylib              	0x9001f98c select + 12
1   com.apple.CoreFoundation       	0x907f1434 __CFSocketManager + 472
2   libSystem.B.dylib              	0x9002be08 _pthread_body + 96

Thread 2:
0   libSystem.B.dylib              	0x9000b448 mach_msg_trap + 8
1   libSystem.B.dylib              	0x9000b39c mach_msg + 60
2   com.apple.CoreFoundation       	0x907deba8 __CFRunLoopRun + 832
3   com.apple.CoreFoundation       	0x907de4ac CFRunLoopRunSpecific + 268
4   com.apple.Foundation           	0x92c086a8 +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 264
5   com.apple.Foundation           	0x92be11a0 forkThreadForFunction + 108
6   libSystem.B.dylib              	0x9002be08 _pthread_body + 96

Thread 3:
0   libSystem.B.dylib              	0x9000b448 mach_msg_trap + 8
1   libSystem.B.dylib              	0x9000b39c mach_msg + 60
2   com.apple.CoreFoundation       	0x907deba8 __CFRunLoopRun + 832
3   com.apple.CoreFoundation       	0x907de4ac CFRunLoopRunSpecific + 268
4   com.apple.Foundation           	0x92c097e8 +[NSURLCache _diskCacheSyncLoop:] + 152
5   com.apple.Foundation           	0x92be11a0 forkThreadForFunction + 108
6   libSystem.B.dylib              	0x9002be08 _pthread_body + 96

Thread 4:
0   libSystem.B.dylib              	0x9002c4c8 semaphore_wait_signal_trap + 8
1   libSystem.B.dylib              	0x90030fac pthread_cond_wait + 480
2   com.apple.Foundation           	0x92be830c -[NSConditionLock lockWhenCondition:] + 68
3   com.apple.Syndication          	0x9bad342c -[AsyncDB _run:] + 192
4   com.apple.Foundation           	0x92be11a0 forkThreadForFunction + 108
5   libSystem.B.dylib              	0x9002be08 _pthread_body + 96

Thread 5:
0   libSystem.B.dylib              	0x9000b448 mach_msg_trap + 8
1   libSystem.B.dylib              	0x9000b39c mach_msg + 60
2   ...romedia.Flash Player.plugin 	0x080a437c native_ShockwaveFlash_TCallFrame + 1472568
3   libSystem.B.dylib              	0x9002be08 _pthread_body + 96

Thread 6:
0   libSystem.B.dylib              	0x900553a8 semaphore_timedwait_signal_trap + 8
1   libSystem.B.dylib              	0x90071be8 pthread_cond_timedwait_relative_np + 556
2   ...ple.CoreServices.CarbonCore 	0x90c044f0 MPWaitOnSemaphore + 184
3   ...romedia.Flash Player.plugin 	0x07ef1818 Flash_EnforceLocalSecurity + 1228060
4   ...romedia.Flash Player.plugin 	0x07f48ee0 native_ShockwaveFlash_TCallFrame + 50076
5   ...romedia.Flash Player.plugin 	0x07f48e3c native_ShockwaveFlash_TCallFrame + 49912
6   ...romedia.Flash Player.plugin 	0x07ef1528 Flash_EnforceLocalSecurity + 1227308
7   ...romedia.Flash Player.plugin 	0x07ef14f0 Flash_EnforceLocalSecurity + 1227252
8   ...ple.CoreServices.CarbonCore 	0x90bc67e8 PrivateMPEntryPoint + 76
9   libSystem.B.dylib              	0x9002be08 _pthread_body + 96

Thread 0 crashed with PPC Thread State 64:
  srr0: 0x000000000116adec srr1: 0x000000000200f930                        vrsave: 0x0000000000000000
    cr: 0x24022224          xer: 0x0000000000000004   lr: 0x00000000010c3004  ctr: 0x0000000001486290
    r0: 0x00000000010c3004   r1: 0x00000000bfffbd40   r2: 0x0000000001592008   r3: 0x00000000bfffbe60
    r4: 0x0000000000000000   r5: 0x0000000000000000   r6: 0x0000000000000001   r7: 0x0000000043540000
    r8: 0x0000000043110000   r9: 0x00000000074337c0  r10: 0x0000000000000000  r11: 0x000000000000001c
   r12: 0x0000000001486290  r13: 0x0000000000000000  r14: 0x0000000000000001  r15: 0x0000000000000001
   r16: 0x00000000004fe19c  r17: 0x0000000000000000  r18: 0x000000000050e19c  r19: 0x000000000050e19c
   r20: 0x00000000003c9228  r21: 0x00000000bfffd4f0  r22: 0x00000000bfffc120  r23: 0x0000000006bc1980
   r24: 0x00000000bfffd264  r25: 0x00000000bfffd394  r26: 0x00000000003c9228  r27: 0x0000000000000000
   r28: 0x00000000bfffbe60  r29: 0x00000000bfffbe60  r30: 0x00000000069387f8  r31: 0x00000000010edae0

Binary Images Description:
    0x1000 -    0xdcfff com.apple.Safari 2.0.4 (419.3)	/Applications/Safari.app/Contents/MacOS/Safari
  0x109000 -   0x10afff WebKitNightlyEnabler.dylib 	/Applications/WebKit.app/Contents/Resources/WebKitNightlyEnabler.dylib
  0x305000 -   0x3b8fff com.apple.WebKit 522+	/Applications/WebKit.app/Contents/Resources/WebKit.framework/Versions/A/WebKit
  0x438000 -   0x4ebfff com.apple.JavaScriptCore 522+	/Applications/WebKit.app/Contents/Resources/JavaScriptCore.framework/Versions/A/JavaScriptCore
  0x5f9000 -   0x5fbfff net.culater.SIMBL 0.8 (8)	/Library/InputManagers/SIMBL/SIMBL.bundle/Contents/MacOS/SIMBL
  0x7f9000 -   0x7f9fff com.ksuther.chaxloader ??? (1.4.8)	/Library/InputManagers/Chax/Chax.bundle/Contents/MacOS/Chax
 0x1008000 -  0x1561fff com.apple.WebCore 522+	/Applications/WebKit.app/Contents/Resources/WebCore.framework/Versions/A/WebCore
 0x19f4000 -  0x19fbfff com.unsanity.smartcrashreports Smart Crash Reports version 1.0.2 (1.0.2)	/Users/andreas/Library/InputManagers/Smart Crash Reports/Smart Crash Reports.bundle/Contents/MacOS/Smart Crash Reports
 0x1a00000 -  0x1a12fff com.jokeweb.SpotlightInputManager ??? (1.0.1)	/Users/andreas/Library/InputManagers/SpotlightInputManager/SpotlightInputManager.bundle/Contents/MacOS/SpotlightInputManager
 0x1a19000 -  0x1a19fff org.xlife.InquisitorLoader 3.0 (42)	/Users/andreas/Library/InputManagers/Inquisitor/Inquisitor.bundle/Contents/MacOS/Inquisitor
 0x1a1d000 -  0x1a1dfff com.growl.GrowlSafariLoader 1.0	/Library/InputManagers/GrowlSafari/GrowlSafariLoader.bundle/Contents/MacOS/GrowlSafariLoader
 0x1a21000 -  0x1a23fff com.growl.GrowlSafari GrowlSafari v1.0
Copyright © The Growl Project, 2004-2005 (1.2)	/Library/InputManagers/GrowlSafari/GrowlSafariLoader.bundle/Contents/PlugIns/GrowlSafari.bundle/Contents/MacOS/GrowlSafari
 0x1b34000 -  0x1b52fff org.xlife.InquisitorCore 3.0 (42)	/Users/andreas/Library/InputManagers/Inquisitor/Inquisitor.bundle/Contents/Resources/InquisitorCore.bundle/Contents/MacOS/InquisitorCore
 0x1bd1000 -  0x1bd2fff com.li.hao.saftloader 1.3.1 (457)	/Library/InputManagers/Saft/SaftLoader.bundle/Contents/MacOS/SaftLoader
 0x1ca5000 -  0x1cf8fff com.li.hao.saft 8.3.11 (457)	/Library/InputManagers/Saft/Saft.bundle/Contents/MacOS/Saft
 0x1d37000 -  0x1d39fff org.ianhenderson.megazoomer ??? (0.4.1)	/Library/Application Support/SIMBL/Plugins/megazoomer.bundle/Contents/MacOS/megazoomer
 0x61db000 -  0x61e0fff com.growl.growlframework 0.7.1	/Library/InputManagers/Saft/Saft.bundle/Contents/Frameworks/Growl.framework/Growl
 0x7a70000 -  0x7ad8fff com.DivXInc.DivXDecoder 6.4.0	/Library/QuickTime/DivX Decoder.component/Contents/MacOS/DivX Decoder
 0x7dc2000 -  0x811efff com.macromedia.Flash Player.plugin 9.0.45.0 (1.0.4f41)	/Library/Internet Plug-Ins/Flash Player.plugin/Contents/MacOS/Flash Player
0x32000000 - 0x32055fff isao.sonobe.OgreKit OgreKit version 2.0.0 (2.0.0)	/Library/InputManagers/Saft/Saft.bundle/Contents/Frameworks/OgreKit.framework/OgreKit
0x8fe00000 - 0x8fe52fff dyld 46.12	/usr/lib/dyld
0x90000000 - 0x901bdfff libSystem.B.dylib 	/usr/lib/libSystem.B.dylib
0x90215000 - 0x9021afff libmathCommon.A.dylib 	/usr/lib/system/libmathCommon.A.dylib
0x9021c000 - 0x90269fff com.apple.CoreText 1.0.3 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText
0x90294000 - 0x90345fff ATS 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS
0x90374000 - 0x9072ffff com.apple.CoreGraphics 1.258.75 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
0x907bc000 - 0x90895fff com.apple.CoreFoundation 6.4.7 (368.28)	/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x908de000 - 0x908defff com.apple.CoreServices 10.4 (???)	/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
0x908e0000 - 0x909e2fff libicucore.A.dylib 	/usr/lib/libicucore.A.dylib
0x90a3c000 - 0x90ac0fff libobjc.A.dylib 	/usr/lib/libobjc.A.dylib
0x90aea000 - 0x90b5cfff IOKit 	/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x90b72000 - 0x90b84fff libauto.dylib 	/usr/lib/libauto.dylib
0x90b8b000 - 0x90e62fff com.apple.CoreServices.CarbonCore 681.12	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore
0x90ec8000 - 0x90f48fff com.apple.CoreServices.OSServices 4.1	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices
0x90f92000 - 0x90fd3fff com.apple.CFNetwork 129.20	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
0x90fe8000 - 0x91000fff com.apple.WebServices 1.1.2 (1.1.0)	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/WebServicesCore
0x91010000 - 0x91091fff com.apple.SearchKit 1.0.5	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit
0x910d7000 - 0x91100fff com.apple.Metadata 10.4.4 (121.36)	/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata
0x91111000 - 0x9111ffff libz.1.dylib 	/usr/lib/libz.1.dylib
0x91122000 - 0x912ddfff com.apple.security 4.6 (29770)	/System/Library/Frameworks/Security.framework/Versions/A/Security
0x913dc000 - 0x913e5fff com.apple.DiskArbitration 2.1	/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
0x913ec000 - 0x913f4fff libbsm.dylib 	/usr/lib/libbsm.dylib
0x913f8000 - 0x91420fff com.apple.SystemConfiguration 1.8.3	/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
0x91433000 - 0x9143efff libgcc_s.1.dylib 	/usr/lib/libgcc_s.1.dylib
0x91443000 - 0x914befff com.apple.audio.CoreAudio 3.0.4	/System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
0x914fb000 - 0x914fbfff com.apple.ApplicationServices 10.4 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
0x914fd000 - 0x91535fff com.apple.AE 1.5 (297)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE
0x91550000 - 0x91622fff com.apple.ColorSync 4.4.9	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync
0x91675000 - 0x91706fff com.apple.print.framework.PrintCore 4.6 (177.13)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore
0x9174d000 - 0x91804fff com.apple.QD 3.10.24 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD
0x91841000 - 0x9189ffff com.apple.HIServices 1.5.3 (???)	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices
0x918ce000 - 0x918effff com.apple.LangAnalysis 1.6.1	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis
0x91903000 - 0x91928fff com.apple.FindByContent 1.5	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/FindByContent
0x9193b000 - 0x9197dfff com.apple.LaunchServices 182	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices
0x91999000 - 0x919adfff com.apple.speech.synthesis.framework 3.3	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis
0x919bb000 - 0x91a01fff com.apple.ImageIO.framework 1.5.4	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO
0x91a18000 - 0x91adffff libcrypto.0.9.7.dylib 	/usr/lib/libcrypto.0.9.7.dylib
0x91b2d000 - 0x91b42fff libcups.2.dylib 	/usr/lib/libcups.2.dylib
0x91b47000 - 0x91b65fff libJPEG.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib
0x91b6b000 - 0x91c22fff libJP2.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib
0x91c71000 - 0x91c75fff libGIF.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib
0x91c77000 - 0x91cdffff libRaw.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib
0x91ce4000 - 0x91d21fff libTIFF.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib
0x91d28000 - 0x91d41fff libPng.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
0x91d46000 - 0x91d49fff libRadiance.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib
0x91d4b000 - 0x91e29fff libxml2.2.dylib 	/usr/lib/libxml2.2.dylib
0x91e49000 - 0x91e49fff com.apple.Accelerate 1.2.2 (Accelerate 1.2.2)	/System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
0x91e4b000 - 0x91f30fff com.apple.vImage 2.4	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage
0x91f38000 - 0x91f57fff com.apple.Accelerate.vecLib 3.2.2 (vecLib 3.2.2)	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib
0x91fc3000 - 0x92031fff libvMisc.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib
0x9203c000 - 0x920d1fff libvDSP.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib
0x920eb000 - 0x92673fff libBLAS.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
0x926a6000 - 0x929d1fff libLAPACK.dylib 	/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib
0x92a01000 - 0x92aeffff libiconv.2.dylib 	/usr/lib/libiconv.2.dylib
0x92af2000 - 0x92b7afff com.apple.DesktopServices 1.3.6	/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv
0x92bbb000 - 0x92de6fff com.apple.Foundation 6.4.8 (567.29)	/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x92f13000 - 0x92f31fff libGL.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
0x92f3c000 - 0x92f96fff libGLU.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
0x92fb4000 - 0x92fb4fff com.apple.Carbon 10.4 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
0x92fb6000 - 0x92fcafff com.apple.ImageCapture 3.0	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture
0x92fe2000 - 0x92ff2fff com.apple.speech.recognition.framework 3.4	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition
0x92ffe000 - 0x93013fff com.apple.securityhi 2.0 (203)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI
0x93025000 - 0x930acfff com.apple.ink.framework 101.2 (69)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink
0x930c0000 - 0x930cbfff com.apple.help 1.0.3 (32)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help
0x930d5000 - 0x93102fff com.apple.openscripting 1.2.5 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting
0x9311c000 - 0x9312bfff com.apple.print.framework.Print 5.2 (192.4)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print
0x93137000 - 0x9319dfff com.apple.htmlrendering 1.1.2	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering
0x931ce000 - 0x9321dfff com.apple.NavigationServices 3.4.4 (3.4.3)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices
0x9324b000 - 0x93268fff com.apple.audio.SoundManager 3.9	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound
0x9327a000 - 0x93287fff com.apple.CommonPanels 1.2.2 (73)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels
0x93290000 - 0x9359efff com.apple.HIToolbox 1.4.9 (???)	/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox
0x936ee000 - 0x936fafff com.apple.opengl 1.4.7	/System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
0x936ff000 - 0x9371ffff com.apple.DirectoryService.Framework 3.1	/System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService
0x93794000 - 0x93794fff com.apple.Cocoa 6.4 (???)	/System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa
0x93796000 - 0x93dc9fff com.apple.AppKit 6.4.7 (824.41)	/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
0x94156000 - 0x941c8fff com.apple.CoreData 91 (92.1)	/System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
0x94201000 - 0x942c5fff com.apple.audio.toolbox.AudioToolbox 1.4.5	/System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
0x94317000 - 0x94317fff com.apple.audio.units.AudioUnit 1.4	/System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
0x94319000 - 0x944d9fff com.apple.QuartzCore 1.4.12	/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
0x94523000 - 0x94560fff libsqlite3.0.dylib 	/usr/lib/libsqlite3.0.dylib
0x94568000 - 0x945b8fff libGLImage.dylib 	/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib
0x945c1000 - 0x945dbfff com.apple.CoreVideo 1.4	/System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo
0x945eb000 - 0x9460cfff libmx.A.dylib 	/usr/lib/libmx.A.dylib
0x9469a000 - 0x946dcfff com.apple.vmutils 4.0.2 (93.1)	/System/Library/PrivateFrameworks/vmutils.framework/Versions/A/vmutils
0x94720000 - 0x9473cfff com.apple.securityfoundation 2.2 (27710)	/System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation
0x94750000 - 0x94794fff com.apple.securityinterface 2.2 (27692)	/System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface
0x947b8000 - 0x947c7fff libCGATS.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib
0x947cf000 - 0x947dcfff libCSync.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib
0x94822000 - 0x9483bfff libRIP.A.dylib 	/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib
0x94842000 - 0x94b58fff com.apple.QuickTime 7.1.6	/System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime
0x94c3a000 - 0x94cabfff libstdc++.6.dylib 	/usr/lib/libstdc++.6.dylib
0x94e20000 - 0x94f50fff com.apple.AddressBook.framework 4.0.4 (485.1)	/System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook
0x94fe2000 - 0x94ff1fff com.apple.DSObjCWrappers.Framework 1.1	/System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers
0x94ff9000 - 0x95026fff com.apple.LDAPFramework 1.4.1 (69.0.1)	/System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
0x9502d000 - 0x9503dfff libsasl2.2.dylib 	/usr/lib/libsasl2.2.dylib
0x95041000 - 0x95070fff libssl.0.9.7.dylib 	/usr/lib/libssl.0.9.7.dylib
0x95080000 - 0x9509dfff libresolv.9.dylib 	/usr/lib/libresolv.9.dylib
0x95785000 - 0x957adfff libcurl.3.dylib 	/usr/lib/libcurl.3.dylib
0x9626c000 - 0x96295fff libxslt.1.dylib 	/usr/lib/libxslt.1.dylib
0x965dd000 - 0x965dffff com.apple.ExceptionHandling 1.2 (???)	/System/Library/Frameworks/ExceptionHandling.framework/Versions/A/ExceptionHandling
0x976e5000 - 0x97704fff com.apple.vecLib 3.2.2 (vecLib 3.2.2)	/System/Library/Frameworks/vecLib.framework/Versions/A/vecLib
0x97f0a000 - 0x97f17fff com.apple.agl 2.5.6 (AGL-2.5.6)	/System/Library/Frameworks/AGL.framework/Versions/A/AGL
0x99b53000 - 0x9a700fff com.apple.QuickTimeComponents.component 7.1.6	/System/Library/QuickTime/QuickTimeComponents.component/Contents/MacOS/QuickTimeComponents
0x9bad0000 - 0x9bb06fff com.apple.Syndication 1.0.6 (54)	/System/Library/PrivateFrameworks/Syndication.framework/Versions/A/Syndication
0x9bb23000 - 0x9bb35fff com.apple.SyndicationUI 1.0.6 (54)	/System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI
0xc0000000 - 0xc0009fff com.growl.growlframework 0.7.6	/Library/InputManagers/GrowlSafari/GrowlSafariLoader.bundle/Contents/PlugIns/GrowlSafari.bundle/Contents/Frameworks/Growl.framework/Growl

Model: PowerBook6,5, BootROM 4.8.7f1, 1 processors, PowerPC G4  (1.1), 1.2 GHz, 1.25 GB
Graphics: ATI Mobility Radeon 9200, ATY,RV280M9+, AGP, 32 MB
Memory Module: DIMM0/BUILT-IN, 256 MB, built-in, built-in
Memory Module: DIMM1/J7, 1 GB, DDR SDRAM, PC2700U-30330
AirPort: AirPort Extreme, 405.1 (3.90.34.0.p18)
Modem: Jump, V.92, Version 1.0
Bluetooth: Version 1.7.14f14, 2 service, 1 devices, 1 incoming serial ports
Network Service: AirPort, AirPort, en1
Parallel ATA Device: MATSHITACD-RW  CW-8123
Parallel ATA Device: TOSHIBA MK6025GAS, 55.89 GB
USB Device: iPod, Apple, Up to 480 Mb/sec, 500 mA
USB Device: Bluetooth HCI, Up to 12 Mb/sec, 500 mA
Comment 3 Matt Lilek 2007-06-04 10:12:54 PDT
Confirmed with a local debug build of r21952. It doesn't matter whether you hit OK or Cancel to dismiss the little overlay thing.
Comment 4 mitz 2007-06-04 14:41:11 PDT
CC:ing Hyatt as I'm seeing his new Netscape plugin clipping code in the backtrace.
Comment 5 mitz 2007-06-06 00:24:29 PDT
Did <http://trac.webkit.org/projects/webkit/changeset/22020> fix this bug?
Comment 6 Andrej Duchovka 2007-06-06 05:47:30 PDT
I am using r22026 and it's still there.

(In reply to comment #5)
> Did <http://trac.webkit.org/projects/webkit/changeset/22020> fix this bug?
> 

Comment 7 Marc Epard 2007-06-06 07:39:41 PDT
I'm getting this crash on <http://www.sparta.nl/uk/sparta-ION-page.asp?id=20001&menu=1>.  If it doesn't happen right away, click on the SPARTA ION Comfort: Bike of the Year 2004!  link.  The crash happens on r22026, but does not happen on r421970.  I'm running in Leopard 9A410j.
Comment 8 mitz 2007-06-07 02:51:55 PDT
*** Bug 14023 has been marked as a duplicate of this bug. ***
Comment 9 mitz 2007-06-07 07:15:22 PDT
*** Bug 14026 has been marked as a duplicate of this bug. ***
Comment 10 Matt Lilek 2007-06-07 13:39:55 PDT
*** Bug 14029 has been marked as a duplicate of this bug. ***
Comment 11 mitz 2007-06-07 14:33:14 PDT
*** Bug 14031 has been marked as a duplicate of this bug. ***
Comment 12 mitz 2007-06-07 14:57:16 PDT
windowClipRectForLayer() is getting called with a null layer since the plugin has already been removed and therefore has no enclosing layer.
Comment 13 Matt Lilek 2007-06-07 19:22:41 PDT
*** Bug 14035 has been marked as a duplicate of this bug. ***
Comment 14 mitz 2007-06-07 22:27:14 PDT
Created attachment 14904 [details]
Null check the layer
Comment 15 Dave Hyatt 2007-06-07 22:30:47 PDT
Comment on attachment 14904 [details]
Null check the layer

Should still return frame view's windowClipRect, and just to be safe I put the guard lower level.  I actually coded this up already but have been too busy to land it.  WIll do so now.
Comment 16 Matt Lilek 2007-06-07 23:20:35 PDT
(In reply to comment #15)
> (From update of attachment 14904 [details] [edit])
> Should still return frame view's windowClipRect, and just to be safe I put the
> guard lower level.  I actually coded this up already but have been too busy to
> land it.  WIll do so now.
> 

r22062
Comment 17 mitz 2007-06-08 12:28:32 PDT
*** Bug 14039 has been marked as a duplicate of this bug. ***
Comment 18 Matt Lilek 2007-06-08 13:42:33 PDT
*** Bug 14036 has been marked as a duplicate of this bug. ***
Comment 19 Matt Lilek 2007-06-09 09:56:05 PDT
*** Bug 14047 has been marked as a duplicate of this bug. ***
Comment 20 Matt Lilek 2007-06-09 21:17:37 PDT
*** Bug 14034 has been marked as a duplicate of this bug. ***
Comment 21 David Kilzer (:ddkilzer) 2007-06-09 22:32:03 PDT
*** Bug 14043 has been marked as a duplicate of this bug. ***