WebKit crashes on quit.
Created attachment 18755 [details] WebKit Crash Log from WebKit Crash.
WebKit crashed on quit (Cmd + Q).
Do you remember what Web pages were open at the time? The crash is seemingly caused by something that a page's JavaScript performed.
I cannot remember exactly but it was probably iGoogle, Gmail, Google Calendar, Google Docs, or Google Reader.
Created attachment 18977 [details] Problem Report for Webkit Just had this issue appear again while scrolling through Google Reader.
Created attachment 18991 [details] Problem Report for Webkit Just had this issue occur again on Google Reader.
Thanks! The stack traces are different, and the do not really match the "crash on quit" description, but such frequent crashing is worrisome.
I agree, this is probably not a crash on quit. Google Reader is known for doing some funky things with JS, so it is likely a problem with the ActivationImp tear-off. I will try to find a reliable method of reproduction so that I can figure out exactly what is going wrong.
I played around with Google Reader for a bit, trying to reproduce the crash, but I couldn't.
*** Bug 17389 has been marked as a duplicate of this bug. ***
Bug continues to occur.
The third stack trace is probably the same issue as bug 17329, which is now fixed, whereas the first two are likely the same distinct bug.
Comment on attachment 18991 [details] Problem Report for Webkit Same as bug 17329, which has been fixed.
All of the stack traces look the same (I didn't check all the way back) so it is probably the same JS causing the crash each time. It's also sort of strange that the crash is on dereferencing a null pointer rather than something offset from zero. Where would that be happening in JSNodeList::indexGetter()?
Created attachment 19165 [details] Problem Report for WebKit Just had this issue again while loading AmpCoder.com in one tab and an already loaded GoDaddy.com in the other.
(In reply to comment #14) > It's also sort of strange that the crash is on dereferencing a null pointer > rather than something offset from zero. AFAICT, the crash may be happening in a virtual node->nodeType() call in toJS(ExecState*, PassRefPtr<Node> n) in JSNodeCustom.cpp.
Created attachment 19183 [details] Problem Report for Webkit Just had another crash while browsing through Gmail.
*** Bug 17399 has been marked as a duplicate of this bug. ***
Marking confirmed since this keeps happening, and we have a duplicate - although I never saw this myself.
<rdar://problem/5749117>
Created attachment 19194 [details] Problem Report for WebKit Just had this issue occur while iGoogle loading iGoogle in a single window.
Created attachment 19195 [details] Problem Report for WebKit Just had this issue after composing a message in Gmail and clicking "Send".
The call stack in the crashing thread is awfully deep (180+ frames). Could this be related to removing the KJS_MEM_LIMIT in r30492? http://trac.webkit.org/projects/webkit/changeset/30492 Steven, if you use a WebKit nightly build before r30492, do you still see crashes?
I think it's fair to say that this is a regression as well.
(In reply to comment #23) > The call stack in the crashing thread is awfully deep (180+ frames). Could > this be related to removing the KJS_MEM_LIMIT in r30492? > > http://trac.webkit.org/projects/webkit/changeset/30492 Hmm...that didn't make much sense. KJS_MAX_STACK was raised from 100 to 500 in r25161, but that was a while time ago. Please ignore Comment #23. :)
I frequently see this at GMail using latest SVN.
I just had this issue while working on a Spreadsheet in Google Docs.
We're actively investigating this bug. If anyone can reproduce it running under gdb, please find a WebKit developer (especially weinig, bdash, darin or maciej) on IRC.
Fix landed in r31144.