14705 – REGRESSION (r24484-r24509): Windows Safari crashes when loading a page containing an iframe

RESOLVED FIXED 14705

REGRESSION (r24484-r24509): Windows Safari crashes when loading a page containing an iframe

https://bugs.webkit.org/show_bug.cgi?id=14705

Summary REGRESSION (r24484-r24509): Windows Safari crashes when loading a page contai...

mitz

Reported 2007-07-21 14:02:22 PDT

Opening the URL crashes in Safari.exe code under WebFrame::dispatchDidCommitLoad().

Attachments
Crash log (115.72 KB, text/plain) 2007-07-22 16:22 PDT, Charles Gaudette	no flags	Details
User Dump (29.34 KB, text/plain) 2007-07-22 19:24 PDT, Charles Gaudette	no flags	Details
View All Add attachment proposed patch, testcase, etc.

David Kilzer (:ddkilzer)

Comment 1 2007-07-21 16:40:07 PDT

<rdar://problem/5352535>

Charles Gaudette

Comment 2 2007-07-22 16:22:03 PDT

Created attachment 15633 [details] Crash log WebKit-r24501

Adam Roben (:aroben)

Comment 3 2007-07-22 17:56:24 PDT

Comment on attachment 15633 [details] Crash log Thanks for the log, Charles. It would be even more helpful to see the accompanying drwtsn32.dmp file. Could you upload that as well, please?

Charles Gaudette

Comment 4 2007-07-22 19:24:49 PDT

Created attachment 15638 [details] User Dump This is the User Dump (usr.dmp) file for my previously posted Crash Log. Here you go Adam, I'll remember to send this along in future such reports.

mitz

Comment 5 2007-07-23 13:28:08 PDT

Probably caused by <http://trac.webkit.org/projects/webkit/changeset/24490>.

Amit Gupta

Comment 6 2007-07-24 23:57:45 PDT

Hello, This is the call stack, ================================================================================ Safari.exe!004607ad() [Frames below may be incorrect and/or missing, no symbols loaded for Safari.exe] Safari.exe!00465516() Safari.exe!00481fb9() > WebKit_debug.dll!WebFrame::dispatchDidCommitLoad() Line 1541 + 0x2c bytes C++ WebKit_debug.dll!WebCore::FrameLoader::dispatchDidCommitLoad() Line 4467 + 0x1a bytes C++ WebKit_debug.dll!WebCore::FrameLoader::receivedFirstData() Line 823 C++ WebKit_debug.dll!WebCore::FrameLoader::setEncoding(const WebCore::String & name={...}, bool userChosen=false) Line 1622 C++ WebKit_debug.dll!WebFrame::receivedData(const char * data=0x00000000, int length=0, const WebCore::String & textEncoding={...}) Line 1896 C++ WebKit_debug.dll!WebFrame::committedLoad(WebCore::DocumentLoader * loader=0x04ab3ab0, const char * data=0x00000000, int length=0) Line 1935 C++ WebKit_debug.dll!WebFrame::finishedLoading(WebCore::DocumentLoader * loader=0x04ab3ab0) Line 1644 + 0x1a bytes C++ WebKit_debug.dll!WebCore::FrameLoader::finishedLoadingDocument(WebCore::DocumentLoader * loader=0x04ab3ab0) Line 2696 + 0x1c bytes C++ WebKit_debug.dll!WebCore::DocumentLoader::finishedLoading() Line 319 C++ WebKit_debug.dll!WebCore::FrameLoader::init() Line 267 C++ WebKit_debug.dll!WebCore::Frame::init() Line 213 C++ WebKit_debug.dll!WebFrame::createFrame(const WebCore::KURL & URL={...}, const WebCore::String & name={...}, WebCore::HTMLFrameOwnerElement * ownerElement=0x02767eb8, const WebCore::String & referrer={...}) Line 1270 C++ WebKit_debug.dll!WebFrame::createFrame(const WebCore::KURL & url={...}, const WebCore::String & name={...}, WebCore::HTMLFrameOwnerElement * ownerElement=0x02767eb8, const WebCore::String & referrer={...}, bool __formal=true, bool __formal=true, bool __formal=true) Line 2209 + 0x23 bytes C++ WebKit_debug.dll!WebCore::FrameLoader::loadSubframe(WebCore::HTMLFrameOwnerElement * ownerElement=0x02767eb8, const WebCore::KURL & url={...}, const WebCore::String & name={...}, const WebCore::String & referrer={...}) Line 455 + 0x6e bytes C++ WebKit_debug.dll!WebCore::FrameLoader::requestFrame(WebCore::HTMLFrameOwnerElement * ownerElement=0x02767eb8, const WebCore::String & urlString={...}, const WebCore::AtomicString & frameName={...}) Line 425 + 0x25 bytes C++ WebKit_debug.dll!WebCore::HTMLFrameElementBase::openURL() Line 110 C++ WebKit_debug.dll!WebCore::HTMLFrameElementBase::setNameAndOpenURL() Line 168 C++ WebKit_debug.dll!WebCore::HTMLFrameElementBase::setNameAndOpenURLCallback(WebCore::Node * n=0x02767eb8) Line 173 C++ WebKit_debug.dll!WebCore::ContainerNode::attach() Line 605 + 0x9 bytes C++ WebKit_debug.dll!WebCore::Element::attach() Line 665 C++ WebKit_debug.dll!WebCore::HTMLFrameElementBase::attach() Line 201 C++ WebKit_debug.dll!WebCore::HTMLIFrameElement::attach() Line 123 C++ WebKit_debug.dll!WebCore::HTMLParser::insertNode(WebCore::Node * n=0x02767eb8, bool flat=false) Line 325 + 0x12 bytes C++ WebKit_debug.dll!WebCore::HTMLParser::parseToken(WebCore::Token * t=0x02761cec) Line 250 + 0x18 bytes C++ WebKit_debug.dll!WebCore::HTMLTokenizer::processToken() Line 1648 + 0x1c bytes C++ WebKit_debug.dll!WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString & src={...}, WebCore::HTMLTokenizer::State state={...}) Line 1213 + 0xf bytes C++ WebKit_debug.dll!WebCore::HTMLTokenizer::write(const WebCore::SegmentedString & str={...}, bool appendData=true) Line 1444 + 0x1d bytes C++ WebKit_debug.dll!WebCore::HTMLTokenizer::timerFired(WebCore::Timer<WebCore::HTMLTokenizer> * __formal=0x02761db0) Line 1524 + 0x1d bytes C++ WebKit_debug.dll!WebCore::Timer<WebCore::HTMLTokenizer>::fired() Line 96 + 0x3d bytes C++ WebKit_debug.dll!WebCore::TimerBase::fireTimers(double fireTime=1185343979.4424171, const WTF::Vector<WebCore::TimerBase *,0> & firingTimers={...}) Line 336 + 0xf bytes C++ WebKit_debug.dll!WebCore::TimerBase::sharedTimerFired() Line 353 + 0x12 bytes C++ WebKit_debug.dll!WebCore::TimerWindowWndProc(HWND__ * hWnd=0x002606ba, unsigned int message=49840, unsigned int wParam=0, long lParam=0) Line 49 + 0x8 bytes C++ user32.dll!7e418734() user32.dll!7e418816() user32.dll!7e4189cd() user32.dll!7e418a10() Safari.exe!0047ea4b() Safari.exe!0047b61b() Safari.exe!0047bc65() Safari.exe!004c7695() kernel32.dll!7c816fd7()

Darin Adler

Comment 7 2007-07-26 17:51:50 PDT

I've got a handle on what's going on here. And a fix in progress.

Matt Lilek

Comment 8 2007-07-29 17:25:09 PDT

Adele landed a temp fix for this in r24749

Adam Roben (:aroben)

Comment 9 2007-08-20 22:03:43 PDT

*** Bug 14720 has been marked as a duplicate of this bug. ***

Matt Lilek

Comment 10 2007-08-29 16:59:58 PDT

Adele's "temp" fix has been in the tree for a month and we haven't noticed any horrible side effects, does this still need to be P1 or am I missing some horrible side effects?

Darin Adler

Comment 11 2007-08-29 17:05:54 PDT

We could close this and just open a new bug about the internal badness. There's no symptom, but it's crazy that we need that platform-specific code.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P1

Severity Critical

Classification Unclassified

Version 523.x (Safari 3)

Hardware PC

OS Windows XP

Product WebKit

Component Page Loading

Assignee

Darin Adler

Reported

2007-07-21 14:02 PDT

Modified

2007-08-29 17:05 PDT History

CC List

6 users Show

URL

data:text/html,<iframe></iframe>

Keywords InRadar, PlatformOnly, Regression

Duplicates (1)

14720 View as bug list

Depends on

Blocks