Opening the URL crashes in Safari.exe code under WebFrame::dispatchDidCommitLoad().
<rdar://problem/5352535>
Created attachment 15633 [details] Crash log WebKit-r24501
Comment on attachment 15633 [details] Crash log Thanks for the log, Charles. It would be even more helpful to see the accompanying drwtsn32.dmp file. Could you upload that as well, please?
Created attachment 15638 [details] User Dump This is the User Dump (usr.dmp) file for my previously posted Crash Log. Here you go Adam, I'll remember to send this along in future such reports.
Probably caused by <http://trac.webkit.org/projects/webkit/changeset/24490>.
Hello, This is the call stack, ================================================================================ Safari.exe!004607ad() [Frames below may be incorrect and/or missing, no symbols loaded for Safari.exe] Safari.exe!00465516() Safari.exe!00481fb9() > WebKit_debug.dll!WebFrame::dispatchDidCommitLoad() Line 1541 + 0x2c bytes C++ WebKit_debug.dll!WebCore::FrameLoader::dispatchDidCommitLoad() Line 4467 + 0x1a bytes C++ WebKit_debug.dll!WebCore::FrameLoader::receivedFirstData() Line 823 C++ WebKit_debug.dll!WebCore::FrameLoader::setEncoding(const WebCore::String & name={...}, bool userChosen=false) Line 1622 C++ WebKit_debug.dll!WebFrame::receivedData(const char * data=0x00000000, int length=0, const WebCore::String & textEncoding={...}) Line 1896 C++ WebKit_debug.dll!WebFrame::committedLoad(WebCore::DocumentLoader * loader=0x04ab3ab0, const char * data=0x00000000, int length=0) Line 1935 C++ WebKit_debug.dll!WebFrame::finishedLoading(WebCore::DocumentLoader * loader=0x04ab3ab0) Line 1644 + 0x1a bytes C++ WebKit_debug.dll!WebCore::FrameLoader::finishedLoadingDocument(WebCore::DocumentLoader * loader=0x04ab3ab0) Line 2696 + 0x1c bytes C++ WebKit_debug.dll!WebCore::DocumentLoader::finishedLoading() Line 319 C++ WebKit_debug.dll!WebCore::FrameLoader::init() Line 267 C++ WebKit_debug.dll!WebCore::Frame::init() Line 213 C++ WebKit_debug.dll!WebFrame::createFrame(const WebCore::KURL & URL={...}, const WebCore::String & name={...}, WebCore::HTMLFrameOwnerElement * ownerElement=0x02767eb8, const WebCore::String & referrer={...}) Line 1270 C++ WebKit_debug.dll!WebFrame::createFrame(const WebCore::KURL & url={...}, const WebCore::String & name={...}, WebCore::HTMLFrameOwnerElement * ownerElement=0x02767eb8, const WebCore::String & referrer={...}, bool __formal=true, bool __formal=true, bool __formal=true) Line 2209 + 0x23 bytes C++ WebKit_debug.dll!WebCore::FrameLoader::loadSubframe(WebCore::HTMLFrameOwnerElement * ownerElement=0x02767eb8, const WebCore::KURL & url={...}, const WebCore::String & name={...}, const WebCore::String & referrer={...}) Line 455 + 0x6e bytes C++ WebKit_debug.dll!WebCore::FrameLoader::requestFrame(WebCore::HTMLFrameOwnerElement * ownerElement=0x02767eb8, const WebCore::String & urlString={...}, const WebCore::AtomicString & frameName={...}) Line 425 + 0x25 bytes C++ WebKit_debug.dll!WebCore::HTMLFrameElementBase::openURL() Line 110 C++ WebKit_debug.dll!WebCore::HTMLFrameElementBase::setNameAndOpenURL() Line 168 C++ WebKit_debug.dll!WebCore::HTMLFrameElementBase::setNameAndOpenURLCallback(WebCore::Node * n=0x02767eb8) Line 173 C++ WebKit_debug.dll!WebCore::ContainerNode::attach() Line 605 + 0x9 bytes C++ WebKit_debug.dll!WebCore::Element::attach() Line 665 C++ WebKit_debug.dll!WebCore::HTMLFrameElementBase::attach() Line 201 C++ WebKit_debug.dll!WebCore::HTMLIFrameElement::attach() Line 123 C++ WebKit_debug.dll!WebCore::HTMLParser::insertNode(WebCore::Node * n=0x02767eb8, bool flat=false) Line 325 + 0x12 bytes C++ WebKit_debug.dll!WebCore::HTMLParser::parseToken(WebCore::Token * t=0x02761cec) Line 250 + 0x18 bytes C++ WebKit_debug.dll!WebCore::HTMLTokenizer::processToken() Line 1648 + 0x1c bytes C++ WebKit_debug.dll!WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString & src={...}, WebCore::HTMLTokenizer::State state={...}) Line 1213 + 0xf bytes C++ WebKit_debug.dll!WebCore::HTMLTokenizer::write(const WebCore::SegmentedString & str={...}, bool appendData=true) Line 1444 + 0x1d bytes C++ WebKit_debug.dll!WebCore::HTMLTokenizer::timerFired(WebCore::Timer<WebCore::HTMLTokenizer> * __formal=0x02761db0) Line 1524 + 0x1d bytes C++ WebKit_debug.dll!WebCore::Timer<WebCore::HTMLTokenizer>::fired() Line 96 + 0x3d bytes C++ WebKit_debug.dll!WebCore::TimerBase::fireTimers(double fireTime=1185343979.4424171, const WTF::Vector<WebCore::TimerBase *,0> & firingTimers={...}) Line 336 + 0xf bytes C++ WebKit_debug.dll!WebCore::TimerBase::sharedTimerFired() Line 353 + 0x12 bytes C++ WebKit_debug.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x002606ba, unsigned int message=49840, unsigned int wParam=0, long lParam=0) Line 49 + 0x8 bytes C++ user32.dll!7e418734() user32.dll!7e418816() user32.dll!7e4189cd() user32.dll!7e418a10() Safari.exe!0047ea4b() Safari.exe!0047b61b() Safari.exe!0047bc65() Safari.exe!004c7695() kernel32.dll!7c816fd7()
I've got a handle on what's going on here. And a fix in progress.
Adele landed a temp fix for this in r24749
*** Bug 14720 has been marked as a duplicate of this bug. ***
Adele's "temp" fix has been in the tree for a month and we haven't noticed any horrible side effects, does this still need to be P1 or am I missing some horrible side effects?
We could close this and just open a new bug about the internal badness. There's no symptom, but it's crazy that we need that platform-specific code.