RESOLVED FIXED 17313
querySelectorAll() causing crashes when called via dojo.query() wrapper
https://bugs.webkit.org/show_bug.cgi?id=17313
Summary querySelectorAll() causing crashes when called via dojo.query() wrapper
Alex Russell
Reported 2008-02-11 14:07:59 PST
Individual calls to document.querySelectorAll(), and individual calls to [node].querySelectorAll() work as expected, but when being wrapped by dojo.query() (and called many times in succession), we are seeing crashes on the latest webkit nightlies.
Attachments
Reduction (will crash Release builds of TOT) (393 bytes, text/html)
2008-03-03 04:02 PST, Mark Rowe (bdash)
no flags
Transcript of debugging session from point of crash (5.56 KB, text/plain)
2008-03-03 04:08 PST, Mark Rowe (bdash)
no flags
Transcript of debugging session from point of bogus write (4.37 KB, text/plain)
2008-03-03 04:11 PST, Mark Rowe (bdash)
no flags
Crash under guard malloc (4.16 KB, text/plain)
2008-03-03 04:30 PST, Mark Rowe (bdash)
no flags
Patch (4.56 KB, patch)
2008-03-03 14:18 PST, Mark Rowe (bdash)
mitz: review+
Alexey Proskuryakov
Comment 1 2008-02-11 14:52:40 PST
FWIW, I could not reproduce this by opening the bug URL with a local debug build of r30153.
Alex Russell
Comment 2 2008-02-11 15:04:11 PST
The nightly I'm working from is r30123...I'll try again on tomorrow's build.
Mark Rowe (bdash)
Comment 3 2008-02-11 19:08:09 PST
Can you please attach the crash logs from this crash? See <http://webkit.org/quality/crashlogs.html> for details.
Dylan Schiemann
Comment 4 2008-02-12 21:00:18 PST
(In reply to comment #3) > Can you please attach the crash logs from this crash? See > <http://webkit.org/quality/crashlogs.html> for details. > Date/Time: 2008-02-12 20:58:59.020 -0800 OS Version: 10.4.11 (Build 8S2167) Report Version: 4 Command: Safari Path: /Applications/Safari.app/Contents/MacOS/Safari Parent: WindowServer [87] Version: r30153 (30153) PID: 6917 Thread: 0 Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_INVALID_ADDRESS (0x0001) at 0x898c45bf Thread 0 Crashed: 0 com.apple.WebCore 0x014d0e6b WebCore::TextIterator::handleTextBox() + 587 1 com.apple.WebCore 0x014d20e6 WebCore::TextIterator::advance() + 54 2 com.apple.WebCore 0x014d25db WebCore::plainTextToMallocAllocatedBuffer(WebCore::Range const*, unsigned&) + 187 3 com.apple.WebCore 0x014eca12 -[WebCoreFrameBridge stringForRange:] + 50 4 com.apple.WebKit 0x00346e44 -[WebHTMLView(WebDocumentPrivateProtocols) string] + 84 5 com.apple.Safari 0x0002fbf9 0x1000 + 191481 6 com.apple.Safari 0x0002f7d8 0x1000 + 190424 7 com.apple.Safari 0x0002f5ec 0x1000 + 189932 8 com.apple.Safari 0x0002f4e7 0x1000 + 189671 9 com.apple.Foundation 0x9283f2be __NSFireTimer + 199 10 com.apple.CoreFoundation 0x9082d76a CFRunLoopRunSpecific + 3341 11 com.apple.CoreFoundation 0x9082ca56 CFRunLoopRunInMode + 61 12 com.apple.HIToolbox 0x92df0878 RunCurrentEventLoopInMode + 285 13 com.apple.HIToolbox 0x92deff82 ReceiveNextEventCommon + 385 14 com.apple.HIToolbox 0x92defdd9 BlockUntilNextEventMatchingListInMode + 81 15 com.apple.AppKit 0x93296485 _DPSNextEvent + 572 16 com.apple.AppKit 0x93296076 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 137 17 com.apple.Safari 0x00009208 0x1000 + 33288 18 com.apple.AppKit 0x9328fdfb -[NSApplication run] + 512 19 com.apple.AppKit 0x93283d4f NSApplicationMain + 573 20 com.apple.Safari 0x00090652 0x1000 + 587346 21 com.apple.Safari 0x000027a9 0x1000 + 6057 Thread 1: 0 libSystem.B.dylib 0x90009cd7 mach_msg_trap + 7 1 com.unsanity.ape 0xc0001cac __ape_agent + 307 2 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 2: 0 libSystem.B.dylib 0x900248c7 semaphore_wait_signal_trap + 7 1 com.apple.WebCore 0x01200b0f WebCore::IconDatabase::syncThreadMainLoop() + 239 2 com.apple.WebCore 0x01200c25 WebCore::IconDatabase::iconDatabaseSyncThread() + 181 3 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 3: 0 libSystem.B.dylib 0x90009cd7 mach_msg_trap + 7 1 com.apple.CoreFoundation 0x9082d23b CFRunLoopRunSpecific + 2014 2 com.apple.CoreFoundation 0x9082ca56 CFRunLoopRunInMode + 61 3 com.apple.Foundation 0x92854bca +[NSURLCache _diskCacheSyncLoop:] + 206 4 com.apple.Foundation 0x927f82c0 forkThreadForFunction + 123 5 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 4: 0 libSystem.B.dylib 0x90009cd7 mach_msg_trap + 7 1 com.apple.CoreFoundation 0x9082d23b CFRunLoopRunSpecific + 2014 2 com.apple.CoreFoundation 0x9082ca56 CFRunLoopRunInMode + 61 3 com.apple.Foundation 0x9282d9ef +[NSURLConnection(NSURLConnectionInternal) _resourceLoadLoop:] + 259 4 com.apple.Foundation 0x927f82c0 forkThreadForFunction + 123 5 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 5: 0 libSystem.B.dylib 0x900248c7 semaphore_wait_signal_trap + 7 1 com.apple.Foundation 0x9284e250 -[NSConditionLock lockWhenCondition:] + 39 2 com.apple.Syndication 0x9ad79966 -[AsyncDB _run:] + 181 3 com.apple.Foundation 0x927f82c0 forkThreadForFunction + 123 4 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 6: 0 libSystem.B.dylib 0x9001a1cc select + 12 1 libSystem.B.dylib 0x90024227 _pthread_body + 84 Thread 0 crashed with X86 Thread State (32-bit): eax: 0x458c3dd5 ebx: 0x014ec9ea ecx: 0x898c458b edx: 0x898c458b edi: 0xbfffeb74 esi: 0x898c458b ebp: 0xbfffeae8 esp: 0xbfffea80 ss: 0x0000001f efl: 0x00010286 eip: 0x014d0e6b cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 Binary Images Description: 0x1000 - 0x119fff com.apple.Safari 3.0.4 (523.12.2) /Applications/Safari.app/Contents/MacOS/Safari 0x155000 - 0x156fff WebKitNightlyEnabler.dylib /Applications/WebKit.app/Contents/Resources/WebKitNightlyEnabler.dylib 0x305000 - 0x3c2fff com.apple.WebKit 525.8+ /Applications/WebKit.app/Contents/Frameworks/10.4/WebKit.framework/Versions/A/WebKit 0x457000 - 0x526fff com.apple.JavaScriptCore 525.8+ /Applications/WebKit.app/Contents/Frameworks/10.4/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x5aa000 - 0x5abfff com.Logitech.Control Center.Scroll Enhancer 2.1.4 /Library/Application Enhancers/LCC Scroll Enhancer.ape/Contents/MacOS/LCC Scroll Enhancer 0x1008000 - 0x1654fff com.apple.WebCore 525.8+ /Applications/WebKit.app/Contents/Frameworks/10.4/WebCore.framework/Versions/A/WebCore 0x270d3000 - 0x27140fff com.DivXInc.DivXDecoder 6.6.0 /Library/QuickTime/DivX Decoder.component/Contents/MacOS/DivX Decoder 0x8f8c0000 - 0x8f95ffff com.apple.QuickTimeImporters.component 7.4 (92) /System/Library/QuickTime/QuickTimeImporters.component/Contents/MacOS/QuickTimeImporters 0x8fe00000 - 0x8fe4afff dyld 46.16 /usr/lib/dyld 0x90000000 - 0x90171fff libSystem.B.dylib /usr/lib/libSystem.B.dylib 0x901c1000 - 0x901c3fff libmathCommon.A.dylib /usr/lib/system/libmathCommon.A.dylib 0x901c5000 - 0x90202fff com.apple.CoreText 1.1.3 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x90229000 - 0x902fffff ATS /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x9031f000 - 0x90774fff com.apple.CoreGraphics 1.258.77 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x9080b000 - 0x908d3fff com.apple.CoreFoundation 6.4.9 (368.31) /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x90911000 - 0x90911fff com.apple.CoreServices 10.4 (???) /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x90913000 - 0x90a07fff libicucore.A.dylib /usr/lib/libicucore.A.dylib 0x90a57000 - 0x90ad6fff libobjc.A.dylib /usr/lib/libobjc.A.dylib 0x90aff000 - 0x90b63fff libstdc++.6.dylib /usr/lib/libstdc++.6.dylib 0x90bd2000 - 0x90bd9fff libgcc_s.1.dylib /usr/lib/libgcc_s.1.dylib 0x90bde000 - 0x90c51fff com.apple.framework.IOKit 1.4.8 (???) /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0x90c66000 - 0x90c78fff libauto.dylib /usr/lib/libauto.dylib 0x90c7e000 - 0x90f24fff com.apple.CoreServices.CarbonCore 682.28 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x90f67000 - 0x90fcffff com.apple.CoreServices.OSServices 4.1 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x91008000 - 0x91047fff com.apple.CFNetwork 129.22 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x9105a000 - 0x9106afff com.apple.WebServices 1.1.3 (1.1.0) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/WebServicesCore.framework/Versions/A/WebServicesCore 0x91075000 - 0x910f4fff com.apple.SearchKit 1.0.7 /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x9112e000 - 0x9114cfff com.apple.Metadata 10.4.4 (121.36) /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x91158000 - 0x91166fff libz.1.dylib /usr/lib/libz.1.dylib 0x91169000 - 0x91308fff com.apple.security 4.5.2 (29774) /System/Library/Frameworks/Security.framework/Versions/A/Security 0x91406000 - 0x9140efff com.apple.DiskArbitration 2.1.2 /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x91415000 - 0x9141cfff libbsm.dylib /usr/lib/libbsm.dylib 0x91420000 - 0x91446fff com.apple.SystemConfiguration 1.8.6 /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x91458000 - 0x914cefff com.apple.audio.CoreAudio 3.0.5 /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x9151f000 - 0x9151ffff com.apple.ApplicationServices 10.4 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x91521000 - 0x9154dfff com.apple.AE 314 (313) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x91560000 - 0x91634fff com.apple.ColorSync 4.4.10 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x9166f000 - 0x916e2fff com.apple.print.framework.PrintCore 4.6 (177.13) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x91710000 - 0x917b9fff com.apple.QD 3.10.25 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x917df000 - 0x9182afff com.apple.HIServices 1.5.2 (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x91849000 - 0x9185ffff com.apple.LangAnalysis 1.6.3 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x9186b000 - 0x91886fff com.apple.FindByContent 1.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/FindByContent.framework/Versions/A/FindByContent 0x91891000 - 0x918cefff com.apple.LaunchServices 182 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x918e2000 - 0x918eefff com.apple.speech.synthesis.framework 3.5 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x918f5000 - 0x91935fff com.apple.ImageIO.framework 1.5.6 /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x91948000 - 0x919fafff libcrypto.0.9.7.dylib /usr/lib/libcrypto.0.9.7.dylib 0x91a40000 - 0x91a56fff libcups.2.dylib /usr/lib/libcups.2.dylib 0x91a5b000 - 0x91a79fff libJPEG.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x91a7e000 - 0x91addfff libJP2.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJP2.dylib 0x91aef000 - 0x91af3fff libGIF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x91af5000 - 0x91b7dfff libRaw.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRaw.dylib 0x91b81000 - 0x91bbefff libTIFF.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x91bc4000 - 0x91bdefff libPng.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x91be3000 - 0x91be5fff libRadiance.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x91be7000 - 0x91cc5fff libxml2.2.dylib /usr/lib/libxml2.2.dylib 0x91ce2000 - 0x91ce2fff com.apple.Accelerate 1.3.1 (Accelerate 1.3.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x91ce4000 - 0x91d72fff com.apple.vImage 2.5 /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x91d79000 - 0x91d79fff com.apple.Accelerate.vecLib 3.3.1 (vecLib 3.3.1) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x91d7b000 - 0x91dd4fff libvMisc.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x91ddd000 - 0x91e01fff libvDSP.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x91e09000 - 0x92212fff libBLAS.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x9224c000 - 0x92600fff libLAPACK.dylib /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x9262d000 - 0x9271afff libiconv.2.dylib /usr/lib/libiconv.2.dylib 0x9271c000 - 0x9279afff com.apple.DesktopServices 1.3.7 /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x927db000 - 0x92a0bfff com.apple.Foundation 6.4.9 (567.36) /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x92b25000 - 0x92b3cfff libGL.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x92b47000 - 0x92b9ffff libGLU.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x92bb3000 - 0x92bb3fff com.apple.Carbon 10.4 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x92bb5000 - 0x92bc5fff com.apple.ImageCapture 3.0.4 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x92bd4000 - 0x92bdcfff com.apple.speech.recognition.framework 3.6 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x92be2000 - 0x92be8fff com.apple.securityhi 2.0.1 (24742) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x92bee000 - 0x92c7ffff com.apple.ink.framework 101.2.1 (71) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x92c93000 - 0x92c97fff com.apple.help 1.0.3 (32.1) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x92c9a000 - 0x92cb8fff com.apple.openscripting 1.2.5 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x92cca000 - 0x92cd0fff com.apple.print.framework.Print 5.2 (192.4) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x92cd6000 - 0x92d39fff com.apple.htmlrendering 66.1 (1.1.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x92d60000 - 0x92da1fff com.apple.NavigationServices 3.4.4 (3.4.3) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x92dc8000 - 0x92dd6fff com.apple.audio.SoundManager 3.9.1 /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x92ddd000 - 0x92de2fff com.apple.CommonPanels 1.2.3 (73) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x92de7000 - 0x930dcfff com.apple.HIToolbox 1.4.10 (???) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x931e2000 - 0x931edfff com.apple.opengl 1.4.16 /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x931f2000 - 0x9320dfff com.apple.DirectoryService.Framework 3.3 /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x9327d000 - 0x9327dfff com.apple.Cocoa 6.4 (???) /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x9327f000 - 0x93935fff com.apple.AppKit 6.4.9 (824.44) /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x93cb6000 - 0x93d31fff com.apple.CoreData 91 (92.1) /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x93d6a000 - 0x93e23fff com.apple.audio.toolbox.AudioToolbox 1.4.7 /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x93e66000 - 0x93e66fff com.apple.audio.units.AudioUnit 1.4.3 /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x93e68000 - 0x94029fff com.apple.QuartzCore 1.4.12 /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x9406f000 - 0x940b0fff libsqlite3.0.dylib /usr/lib/libsqlite3.0.dylib 0x940b8000 - 0x940f2fff libGLImage.dylib /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x940f7000 - 0x9410dfff com.apple.CoreVideo 1.4.2 /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x941a6000 - 0x941e4fff com.apple.vmutils 4.0.2 (93.1) /System/Library/PrivateFrameworks/vmutils.framework/Versions/A/vmutils 0x94228000 - 0x94239fff com.apple.securityfoundation 2.2.1 (28150) /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x94247000 - 0x94285fff com.apple.securityinterface 2.2.1 (27695) /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x942a1000 - 0x942b0fff libCGATS.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x942b7000 - 0x942c2fff libCSync.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x9430e000 - 0x94328fff libRIP.A.dylib /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x9432e000 - 0x94645fff com.apple.QuickTime 7.4.0 (92) /System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime 0x947ca000 - 0x94910fff com.apple.AddressBook.framework 4.0.6 (490) /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x9499c000 - 0x949abfff com.apple.DSObjCWrappers.Framework 1.1 /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x949b2000 - 0x949dbfff com.apple.LDAPFramework 1.4.2 (69.1.1) /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x949e1000 - 0x949f0fff libsasl2.2.dylib /usr/lib/libsasl2.2.dylib 0x949f4000 - 0x94a19fff libssl.0.9.7.dylib /usr/lib/libssl.0.9.7.dylib 0x94a25000 - 0x94a42fff libresolv.9.dylib /usr/lib/libresolv.9.dylib 0x96da2000 - 0x96da2fff com.apple.vecLib 3.3.1 (vecLib 3.3.1) /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x97411000 - 0x97416fff com.apple.agl 2.5.9 (AGL-2.5.9) /System/Library/Frameworks/AGL.framework/Versions/A/AGL 0x98e82000 - 0x99cc4fff com.apple.QuickTimeComponents.component 7.4 (92) /System/Library/QuickTime/QuickTimeComponents.component/Contents/MacOS/QuickTimeComponents 0x9aa61000 - 0x9aa91fff com.apple.QuickTime Plugin.plugin 7.4 (92) /Library/Internet Plug-Ins/QuickTime Plugin.plugin/Contents/MacOS/QuickTime Plugin 0x9ad77000 - 0x9adaefff com.apple.Syndication 1.0.7 (55) /System/Library/PrivateFrameworks/Syndication.framework/Versions/A/Syndication 0x9adca000 - 0x9addcfff com.apple.SyndicationUI 1.0.7 (55) /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI 0xc0000000 - 0xc000efff com.unsanity.ape 2.0.2 /Library/Frameworks/ApplicationEnhancer.framework/Versions/A/ApplicationEnhancer Model: MacPro1,1, BootROM MP11.005C.B08, 4 processors, Dual-Core Intel Xeon, 2.66 GHz, 8 GB Graphics: NVIDIA GeForce 7300 GT, NVIDIA GeForce 7300 GT, PCIe, 256 MB Graphics: NVIDIA GeForce 7300 GT, NVIDIA GeForce 7300 GT, PCIe, 256 MB Memory Module: DIMM Riser A/DIMM 1, 1 GB, DDR2 FB-DIMM, 667 MHz Memory Module: DIMM Riser A/DIMM 2, 1 GB, DDR2 FB-DIMM, 667 MHz Memory Module: DIMM Riser B/DIMM 1, 1 GB, DDR2 FB-DIMM, 667 MHz Memory Module: DIMM Riser B/DIMM 2, 1 GB, DDR2 FB-DIMM, 667 MHz Memory Module: DIMM Riser A/DIMM 3, 1 GB, DDR2 FB-DIMM, 667 MHz Memory Module: DIMM Riser A/DIMM 4, 1 GB, DDR2 FB-DIMM, 667 MHz Memory Module: DIMM Riser B/DIMM 3, 1 GB, DDR2 FB-DIMM, 667 MHz Memory Module: DIMM Riser B/DIMM 4, 1 GB, DDR2 FB-DIMM, 667 MHz AirPort: spairport_wireless_card_type_airport_extreme (0x14E4, 0x87), Broadcom BCM43xx 1.0 (4.170.13.1) Bluetooth: Version 1.9.5f4, 2 service, 1 devices, 1 incoming serial ports Network Service: Built-in Ethernet 1, Ethernet, en0 PCI Card: NVIDIA GeForce 7300 GT, Display, Slot-4 PCI Card: NVIDIA GeForce 7300 GT, Display, Slot-1 Serial ATA Device: WDC WD5000AAKS-41TMA0, 465.76 GB Parallel ATA Device: OPTIARC DVD RW AD-7170A USB Device: Keyboard Hub, Apple, Inc., Up to 480 Mb/sec, 500 mA USB Device: USB-PS/2 Optical Mouse, Logitech, Up to 1.5 Mb/sec, 100 mA USB Device: psc 1310 series, hp, Up to 12 Mb/sec, 100 mA USB Device: Apple Keyboard, Apple, Inc, Up to 1.5 Mb/sec, 100 mA USB Device: Bluetooth USB Host Controller, Apple, Inc., Up to 12 Mb/sec, 500 mA FireWire Device: built-in_hub, unknown_value, Unknown FireWire Device: d2 Quadra (button), LaCie SA, Up to 800 Mb/sec FireWire Device: (Rev 1.00), Tri-Select, Up to 400 Mb/sec
Dylan Schiemann
Comment 5 2008-02-12 21:04:22 PST
(In reply to comment #3) > Can you please attach the crash logs from this crash? See > <http://webkit.org/quality/crashlogs.html> for details. > Also crashes Leopard: Process: Safari [92873] Path: /Applications/WebKit.app/Contents/MacOS/WebKit Identifier: org.webkit.nightly.WebKit Version: r30153 (30153) Code Type: X86 (Native) Parent Process: launchd [78] Date/Time: 2008-02-12 21:02:34.961 -0800 OS Version: Mac OS X 10.5.1 (9B18) Report Version: 6 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000e8042488 Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.WebCore 0x00f0c48b WebCore::TextIterator::handleTextBox() + 587 1 com.apple.WebCore 0x00f0d706 WebCore::TextIterator::advance() + 54 2 com.apple.WebCore 0x00f0dbfb WebCore::plainTextToMallocAllocatedBuffer(WebCore::Range const*, unsigned int&) + 187 3 com.apple.WebCore 0x00f28042 -[WebCoreFrameBridge stringForRange:] + 50 4 com.apple.WebKit 0x001be474 -[WebHTMLView(WebDocumentPrivateProtocols) string] + 84 5 com.apple.Safari 0x00034ba1 0x1000 + 211873 6 com.apple.Safari 0x00034724 0x1000 + 210724 7 com.apple.Safari 0x00034416 0x1000 + 209942 8 com.apple.Safari 0x00034302 0x1000 + 209666 9 com.apple.Foundation 0x966c5663 __NSFireTimer + 147 10 com.apple.CoreFoundation 0x95eaab7e CFRunLoopRunSpecific + 4494 11 com.apple.CoreFoundation 0x95eaad38 CFRunLoopRunInMode + 88 12 com.apple.HIToolbox 0x915d08a4 RunCurrentEventLoopInMode + 283 13 com.apple.HIToolbox 0x915d06bd ReceiveNextEventCommon + 374 14 com.apple.HIToolbox 0x915d0531 BlockUntilNextEventMatchingListInMode + 106 15 com.apple.AppKit 0x9344fd5b _DPSNextEvent + 657 16 com.apple.AppKit 0x9344f6a0 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 17 com.apple.Safari 0x00009d4e 0x1000 + 36174 18 com.apple.AppKit 0x934486d1 -[NSApplication run] + 795 19 com.apple.AppKit 0x934159ba NSApplicationMain + 574 20 com.apple.Safari 0x00002876 0x1000 + 6262 Thread 1: 0 libSystem.B.dylib 0x92144ace __semwait_signal + 10 1 libSystem.B.dylib 0x9216eced pthread_cond_wait$UNIX2003 + 73 2 com.apple.WebCore 0x00c3a85f WebCore::IconDatabase::syncThreadMainLoop() + 239 3 com.apple.WebCore 0x00c3a975 WebCore::IconDatabase::iconDatabaseSyncThread() + 181 4 libSystem.B.dylib 0x9216e075 _pthread_start + 321 5 libSystem.B.dylib 0x9216df32 thread_start + 34 Thread 2: 0 libSystem.B.dylib 0x9213d8e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x921450dc mach_msg + 72 2 com.apple.CoreFoundation 0x95eaa0fe CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x95eaad38 CFRunLoopRunInMode + 88 4 com.apple.CFNetwork 0x933a17ba CFURLCacheWorkerThread(void*) + 396 5 libSystem.B.dylib 0x9216e075 _pthread_start + 321 6 libSystem.B.dylib 0x9216df32 thread_start + 34 Thread 3: 0 libSystem.B.dylib 0x9213d8e6 mach_msg_trap + 10 1 libSystem.B.dylib 0x921450dc mach_msg + 72 2 com.apple.CoreFoundation 0x95eaa0fe CFRunLoopRunSpecific + 1806 3 com.apple.CoreFoundation 0x95eaad38 CFRunLoopRunInMode + 88 4 com.apple.Foundation 0x966f4560 +[NSURLConnection(NSURLConnectionReallyInternal) _resourceLoadLoop:] + 320 5 com.apple.Foundation 0x9669104d -[NSThread main] + 45 6 com.apple.Foundation 0x96690bf4 __NSThread__main__ + 308 7 libSystem.B.dylib 0x9216e075 _pthread_start + 321 8 libSystem.B.dylib 0x9216df32 thread_start + 34 Thread 4: 0 libSystem.B.dylib 0x9218cf5a select$DARWIN_EXTSN + 10 1 libSystem.B.dylib 0x9216e075 _pthread_start + 321 2 libSystem.B.dylib 0x9216df32 thread_start + 34 Thread 0 crashed with X86 Thread State (32-bit): eax: 0x0015867b ebx: 0x00f2801a ecx: 0xe8042454 edx: 0xe8042454 edi: 0xbfffea44 esi: 0xe8042454 ebp: 0xbfffe9b8 esp: 0xbfffe950 ss: 0x0000001f efl: 0x00010282 eip: 0x00f0c48b cs: 0x00000017 ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037 cr2: 0xe8042488 Binary Images: 0x1000 - 0x12efef com.apple.Safari 3.0.4 (5523.10.6) <53d219fd878088543fd2e1af460bed18> /Applications/Safari.app/Contents/MacOS/Safari 0x176000 - 0x177ffc +WebKitNightlyEnabler.dylib ??? (???) /Applications/WebKit.app/Contents/Resources/WebKitNightlyEnabler.dylib 0x17c000 - 0x23afff com.apple.WebKit 525.8+ (525.8+) /Applications/WebKit.app/Contents/Frameworks/10.5/WebKit.framework/Versions/A/WebKit 0x2d6000 - 0x2e4ff8 SyndicationUI ??? (???) <8adc35e1eb5001dead3c18ee25f2e8db> /System/Library/PrivateFrameworks/SyndicationUI.framework/Versions/A/SyndicationUI 0x2f3000 - 0x3c1ff7 com.apple.JavaScriptCore 525.8+ (525.8+) /Applications/WebKit.app/Contents/Frameworks/10.5/JavaScriptCore.framework/Versions/A/JavaScriptCore 0x47f000 - 0x481fff +net.culater.SIMBL 0.8.2 (8) /Library/InputManagers/SIMBL/SIMBL.bundle/Contents/MacOS/SIMBL 0x61a000 - 0x61fff3 libCGXCoreImage.A.dylib ??? (???) <1d164317677d5eb499d27388a0f0bb29> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGXCoreImage.A.dylib 0xa3a000 - 0x1090fff com.apple.WebCore 525.8+ (525.8+) /Applications/WebKit.app/Contents/Frameworks/10.5/WebCore.framework/Versions/A/WebCore 0x1700000 - 0x17e6ff7 com.apple.RawCamera.bundle 2.0 (2.0) /System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera 0x16f4b000 - 0x16f4bffe com.apple.JavaPluginCocoa 12.0.0 (12.0.0) <02a9f23a8bfc902c32ac0adfb66d6816> /Library/Internet Plug-Ins/JavaPluginCocoa.bundle/Contents/MacOS/JavaPluginCocoa 0x17593000 - 0x1759affd com.apple.JavaVM 12.0.0 (12.0.0) <44b9536fe4d7c7fcb3506adb695a180f> /System/Library/Frameworks/JavaVM.framework/Versions/A/JavaVM 0x17cf4000 - 0x17cf5ff3 ATSHI.dylib ??? (???) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/Resources/ATSHI.dylib 0x8fe00000 - 0x8fe2d883 dyld 95.3 (???) <3896c718b33f3e065e199a659baf1a2b> /usr/lib/dyld 0x90fbc000 - 0x91352ff7 com.apple.QuartzCore 1.5.1 (1.5.1) <deb61cbeb3f734a1b2f4669f6268b9de> /System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore 0x91353000 - 0x91371ff3 com.apple.DirectoryService.Framework 3.5 (3.5) <55f196eadfd3ca73497d85aabd53c082> /System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService 0x91372000 - 0x91404ff3 com.apple.ApplicationServices.ATS 3.0 (???) <d994740916f7aa6495a3372def0e7b61> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS 0x91405000 - 0x91411ff5 libGL.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib 0x914f2000 - 0x9154fffb libstdc++.6.dylib ??? (???) <04b812dcec670daa8b7d2852ab14be60> /usr/lib/libstdc++.6.dylib 0x91550000 - 0x915a0ff7 com.apple.HIServices 1.6.0 (???) <d74aa73e4cfd30a08fb169198a8d2539> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices 0x915a1000 - 0x918a7fff com.apple.HIToolbox 1.5.0 (???) <baa49e74751bc3c4738509ba8cc512b1> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox 0x91ab3000 - 0x91ab7fff libGIF.dylib ??? (???) <b8f61e346fa243a7138910bed3dcdb6b> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib 0x91ae2000 - 0x91bc3ff7 libxml2.2.dylib ??? (???) <450ec38b57fb46013847cce851001a2f> /usr/lib/libxml2.2.dylib 0x91bc4000 - 0x91d8dfef com.apple.security 5.0.1 (32736) <8c9eda0fcc1d8a571543025ac900715f> /System/Library/Frameworks/Security.framework/Versions/A/Security 0x91d8e000 - 0x91dbdfe3 com.apple.AE 402 (402) <994ba8e884aefe7bf1fc5987df099e7b> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE 0x91e4f000 - 0x91e51fff com.apple.CrashReporterSupport 10.5.0 (156) <a9cf092be7a554b3cda00fe946d1c1a7> /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Versions/A/CrashReporterSupport 0x91e52000 - 0x91e53ffc libffi.dylib ??? (???) <a3b573eb950ca583290f7b2b4c486d09> /usr/lib/libffi.dylib 0x91e54000 - 0x91e59fff com.apple.CommonPanels 1.2.4 (85) <ea0665f57cd267609466ed8b2b20e893> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels 0x91e5a000 - 0x91e60fff com.apple.print.framework.Print 218 (220) <c35172175abbe554ddadd9b6401351fa> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print 0x91e7e000 - 0x91fa2fe3 com.apple.audio.toolbox.AudioToolbox 1.5 (1.5) /System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox 0x92013000 - 0x92021ffd libz.1.dylib ??? (???) <5ddd8539ae2ebfd8e7cc1c57525385c7> /usr/lib/libz.1.dylib 0x92022000 - 0x9205bffe com.apple.securityfoundation 3.0 (32768) <1e9885d63ced51f81bc1f39af624637d> /System/Library/Frameworks/SecurityFoundation.framework/Versions/A/SecurityFoundation 0x92124000 - 0x92131fe7 com.apple.opengl 1.5.5 (1.5.5) <aa08b52d2a84b44dc6ee5d544a53fe8a> /System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL 0x92132000 - 0x9213bfff com.apple.speech.recognition.framework 3.7.24 (3.7.24) <d3180f9edbd9a5e6f283d6156aa3c602> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition 0x9213c000 - 0x9213cff8 com.apple.Cocoa 6.5 (???) <e064f94d969ce25cb7de3cfb980c3249> /System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa 0x9213d000 - 0x92297fe3 libSystem.B.dylib ??? (???) <08d9ec2f36455fc197b9b44adf62f304> /usr/lib/libSystem.B.dylib 0x92298000 - 0x92299fef libmathCommon.A.dylib ??? (???) /usr/lib/system/libmathCommon.A.dylib 0x9229a000 - 0x9230efef libvMisc.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib 0x92783000 - 0x9278dfeb com.apple.audio.SoundManager 3.9.2 (3.9.2) <0f2ba6e891d3761212cf5a5e6134d683> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound 0x9278e000 - 0x9278effa com.apple.CoreServices 32 (32) <2fcc8f3bd5bbfc000b476cad8e6a3dd2> /System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices 0x9278f000 - 0x927c5fef libtidy.A.dylib ??? (???) <e4d3e7399fb83d7f145f9b4ec8196242> /usr/lib/libtidy.A.dylib 0x927c6000 - 0x927eeff7 com.apple.shortcut 1 (1.0) <057783867138902b52bc0941fedb74d1> /System/Library/PrivateFrameworks/Shortcut.framework/Versions/A/Shortcut 0x927ef000 - 0x927fffff com.apple.speech.synthesis.framework 3.6.59 (3.6.59) <4ffef145fad3d4d787e0c33eab26b336> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis 0x92800000 - 0x928dffff libobjc.A.dylib ??? (???) <5eda47fec2d0e7853b3506aa1fd2dafa> /usr/lib/libobjc.A.dylib 0x9292d000 - 0x9296efe7 libRIP.A.dylib ??? (???) <8aa8d17b338ebde48df7f01a8dc28eac> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib 0x9296f000 - 0x9296fffd com.apple.Accelerate 1.4 (Accelerate 1.4) /System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate 0x92970000 - 0x929ecfeb com.apple.audio.CoreAudio 3.1.0 (3.1) <483e0d3879d52ba9ac10b4bcfb0728d6> /System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio 0x92a68000 - 0x92b69fff com.apple.PubSub 1.0.1 (59) /System/Library/Frameworks/PubSub.framework/Versions/A/PubSub 0x92b6a000 - 0x92bf6ff7 com.apple.LaunchServices 286 (286) <72b15e7a01e42d510f0339e90113d5d6> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices 0x92c2c000 - 0x92c5efff com.apple.LDAPFramework 1.4.3 (106) <94a26abfc0a5d88c752763b44a10ae51> /System/Library/Frameworks/LDAP.framework/Versions/A/LDAP 0x92c5f000 - 0x92cbbff7 com.apple.htmlrendering 68 (1.1.3) <fe87a9dede38db00e6c8949942c6bd4f> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering 0x92cbc000 - 0x92cbcffd com.apple.vecLib 3.4 (vecLib 3.4) /System/Library/Frameworks/vecLib.framework/Versions/A/vecLib 0x92cbd000 - 0x92cd3fff com.apple.DictionaryServices 1.0.0 (1.0.0) <ad0aa0252e3323d182e17f50defe56fc> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/DictionaryServices.framework/Versions/A/DictionaryServices 0x92cd4000 - 0x92cd9fff com.apple.backup.framework 1.0 (1.0) /System/Library/PrivateFrameworks/Backup.framework/Versions/A/Backup 0x9323e000 - 0x9327bff7 libGLImage.dylib ??? (???) <202d73e6a4688fc06ff11b71910c2ce7> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib 0x9327c000 - 0x9327eff5 libRadiance.dylib ??? (???) <b9e04afa91e4b597a00797d67a7268fb> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib 0x9327f000 - 0x932b9ff7 com.apple.coreui 0.1 (60) /System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI 0x932ba000 - 0x93385fff com.apple.ColorSync 4.5.0 (4.5.0) /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync 0x93386000 - 0x93395fff libsasl2.2.dylib ??? (???) <b9e1ca0b6612e280b6cbea6df0eec5f6> /usr/lib/libsasl2.2.dylib 0x93396000 - 0x9340dfe3 com.apple.CFNetwork 220 (221) <972a41911805859205b057a6f5b91e8d> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork 0x9340f000 - 0x93c09fef com.apple.AppKit 6.5 (949) <b7c57a0df7821668815329f17698d7ba> /System/Library/Frameworks/AppKit.framework/Versions/C/AppKit 0x93c0a000 - 0x93c89ff5 com.apple.SearchKit 1.2.0 (1.2.0) <277b460da86bc222785159fe77e2e2ed> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit 0x93c8a000 - 0x93c92fff com.apple.DiskArbitration 2.2 (2.2) <1551b2af557fdf6f368f93e093933852> /System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration 0x93cd1000 - 0x93d36ffb com.apple.ISSupport 1.6 (34) /System/Library/PrivateFrameworks/ISSupport.framework/Versions/A/ISSupport 0x93d3d000 - 0x93d3dffb com.apple.installserver.framework 1.0 (8) /System/Library/PrivateFrameworks/InstallServer.framework/Versions/A/InstallServer 0x93d3e000 - 0x93d41fff com.apple.help 1.1 (36) <b507b08e484cb89033e9cf23062d77de> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help 0x93d93000 - 0x941a3fef libBLAS.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib 0x944c6000 - 0x94540ff8 com.apple.print.framework.PrintCore 5.5 (245) <9441d178f4b430cf92b67bf346646693> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore 0x9463b000 - 0x9464affe com.apple.DSObjCWrappers.Framework 1.2 (1.2) <f5b58d1d3a855a63d493ccbec417a1e9> /System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers 0x946ea000 - 0x9477dfff com.apple.ink.framework 101.3 (86) <bf3fa8927b4b8baae92381a976fd2079> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink 0x9477e000 - 0x947abfeb libvDSP.dylib ??? (???) <a26683d121ee0f96df9a9d0bfca36049> /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib 0x94819000 - 0x94ce5ffe libGLProgrammability.dylib ??? (???) <e8bc0af671427cf2b6279a035805a086> /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib 0x94ce6000 - 0x94d98ffb libcrypto.0.9.7.dylib ??? (???) <330b0e48e67faffc8c22dfc069ca7a47> /usr/lib/libcrypto.0.9.7.dylib 0x94d99000 - 0x94dd8fef libTIFF.dylib ??? (???) <76301b3506f310fb454b58897c8d0a9f> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib 0x94dd9000 - 0x94de9ffc com.apple.LangAnalysis 1.6.4 (1.6.4) <cbeb17ab39f28351fe2ab5b82bf465bc> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis 0x94dea000 - 0x94e2cfef com.apple.NavigationServices 3.5.1 (161) <cc6bd78eabf1e2e7166914e9f12f5850> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices 0x94e2d000 - 0x94e2dffd com.apple.Accelerate.vecLib 3.4 (vecLib 3.4) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib 0x94e2e000 - 0x94e87fff libGLU.dylib ??? (???) /System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib 0x94e96000 - 0x95014fff com.apple.AddressBook.framework 4.1 (687) <65b801e9f2cd16f4227d472aecb5deaf> /System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook 0x95015000 - 0x95020fe7 libCSync.A.dylib ??? (???) <482d16ba55f91a5dc05f78cc9db707a7> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib 0x95021000 - 0x956b8fff com.apple.CoreGraphics 1.351.0 (???) <fc69a86d38421778ad5675b82c9c7da7> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics 0x956b9000 - 0x956d8ffa libJPEG.dylib ??? (???) <0dd7e9d7fb22174b78205a944144f9c3> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib 0x956d9000 - 0x956e4ff9 com.apple.helpdata 1.0 (14) /System/Library/PrivateFrameworks/HelpData.framework/Versions/A/HelpData 0x956e5000 - 0x956fdfff com.apple.openscripting 1.2.6 (???) <b8e553df643f2aec68fa968b3b459b2b> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting 0x956ff000 - 0x95759ff7 com.apple.CoreText 2.0.0 (???) <7fa39cd5bc847615ec02e7c7a37c0508> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText 0x9575a000 - 0x957e1ff7 libsqlite3.0.dylib ??? (???) <273efcb717e89c21207c851d7d33fda4> /usr/lib/libsqlite3.0.dylib 0x957e2000 - 0x95abbfe7 com.apple.CoreServices.CarbonCore 783 (783) <fe663a790344f1c5bac1645f68c7c661> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore 0x95b66000 - 0x95cabff7 com.apple.ImageIO.framework 2.0.0 (2.0.0) <d6bf5dfae212dce267c2f6e50b2f23c6> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO 0x95cac000 - 0x95cb3ff7 libCGATS.A.dylib ??? (???) <dd3161e6653fa6400b9ef9c144309fa5> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib 0x95d70000 - 0x95d70fff com.apple.Carbon 136 (136) <9961570a497d79f13b8ea159826af42d> /System/Library/Frameworks/Carbon.framework/Versions/A/Carbon 0x95d71000 - 0x95d78fe9 libgcc_s.1.dylib ??? (???) <a9ab135a5f81f6e345527df87f51bfc9> /usr/lib/libgcc_s.1.dylib 0x95d79000 - 0x95e20fff com.apple.QD 3.11.50 (???) <e2f71720ae1dad06a8883ac80775b21a> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD 0x95e21000 - 0x95e37fe7 com.apple.CoreVideo 1.5.0 (1.5.0) <7e010557527a0e6d49147c297d16850a> /System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo 0x95e38000 - 0x95f6afe7 com.apple.CoreFoundation 6.5 (476) <8bfebc0dbad6fc33bea0fa00a1b9ec37> /System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation 0x95f6b000 - 0x95f95fef libauto.dylib ??? (???) <d468bc4a8a69343f1748c293db1b57fb> /usr/lib/libauto.dylib 0x95f96000 - 0x96354fea libLAPACK.dylib ??? (???) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib 0x96355000 - 0x96379feb libssl.0.9.7.dylib ??? (???) <acee7fc534674498dcac211318aa23e8> /usr/lib/libssl.0.9.7.dylib 0x963ac000 - 0x96490ffb com.apple.CoreData 100 (185) <a4e63784275e25e62f57e75e0af0b94d> /System/Library/Frameworks/CoreData.framework/Versions/A/CoreData 0x96491000 - 0x96491ffc com.apple.audio.units.AudioUnit 1.5 (1.5) /System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit 0x96492000 - 0x96492ff8 com.apple.ApplicationServices 34 (34) <8f910fa65f01d401ad8d04cc933cf887> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices 0x96493000 - 0x96543fff edu.mit.Kerberos 6.0.11 (6.0.11) <33c25789baedcd70a7e24881775dd9ad> /System/Library/Frameworks/Kerberos.framework/Versions/A/Kerberos 0x96544000 - 0x96558ff3 com.apple.ImageCapture 4.0 (5.0.0) /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture 0x96559000 - 0x965a3fe1 com.apple.securityinterface 3.0 (32532) <f521dae416ce7a3bdd594b0d4e2fb517> /System/Library/Frameworks/SecurityInterface.framework/Versions/A/SecurityInterface 0x965a4000 - 0x965dafff com.apple.SystemConfiguration 1.9.0 (1.9.0) <d78573acfd26322c0324e51b171f016c> /System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration 0x965db000 - 0x965f9fff libresolv.9.dylib ??? (???) <8538164a282c147c3543550ae49d4bd4> /usr/lib/libresolv.9.dylib 0x965fa000 - 0x96621fff libcups.2.dylib ??? (???) <5521498e8902ddd0b15cfaa7db384e29> /usr/lib/libcups.2.dylib 0x96622000 - 0x9663dffb libPng.dylib ??? (???) <85ca18172d7a4b5a5be3574e4e879880> /System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib 0x9663e000 - 0x96640fff com.apple.securityhi 3.0 (30817) <dbe328cd62d603a952a4226342711e8b> /System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI 0x9667f000 - 0x96686ffe libbsm.dylib ??? (???) <d25c63378a5029648ffd4b4669be31bf> /usr/lib/libbsm.dylib 0x96687000 - 0x96900fe7 com.apple.Foundation 6.5.1 (677.1) <85ac18c7cd454378db6122bea0c00965> /System/Library/Frameworks/Foundation.framework/Versions/C/Foundation 0x9694f000 - 0x96a87ff7 libicucore.A.dylib ??? (???) <afcea652ff2ec36885b2c81c57d06d4c> /usr/lib/libicucore.A.dylib 0x96a88000 - 0x96b4fff2 com.apple.vImage 3.0 (3.0) /System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage 0x96b64000 - 0x96c1afe3 com.apple.CoreServices.OSServices 210.2 (210.2) <4ed69f07fc0f211ab32d1ee96e281fc2> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices 0x96d72000 - 0x96e21fff com.apple.DesktopServices 1.4.3 (1.4.3) <66d5ed56111c43d234e235d365d02469> /System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv 0x96e28000 - 0x96e6dfef com.apple.Metadata 10.5.0 (398) <96d857e02d199e768919047b28ec95b3> /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata 0x96e6e000 - 0x96e92fff libxslt.1.dylib ??? (???) <4933ddc7f6618743197aadc85b33b5ab> /usr/lib/libxslt.1.dylib 0x96e93000 - 0x96f1dfff com.apple.framework.IOKit 1.5.1 (???) <5176a7383151a19c962334009fef2c6d> /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0xba900000 - 0xba916fff libJapaneseConverter.dylib ??? (???) <1e92e348e73fc6fce723936c11e4b25c> /System/Library/CoreServices/Encodings/libJapaneseConverter.dylib 0xfffe8000 - 0xfffebfff libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib 0xffff0000 - 0xffff1780 libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib
Alexey Proskuryakov
Comment 6 2008-02-12 23:55:53 PST
The dojotoolkit.org server doesn't respond currently, waiting for it to come back.
Matthew Knapp
Comment 7 2008-02-13 02:06:00 PST
I am able to access dojotoolkit.org now, so it appears to be back online. (In reply to comment #6) > The dojotoolkit.org server doesn't respond currently, waiting for it to come > back. >
Alexey Proskuryakov
Comment 8 2008-02-13 02:30:58 PST
I can reproduce this with a nightly, but not with a local debug build.
Mark Rowe (bdash)
Comment 9 2008-03-03 00:02:39 PST
David Smith
Comment 10 2008-03-03 02:02:17 PST
http://paste.lisp.org/display/56721 Crashlogs from a debug build while we were testing this on irc tonight.
Mark Rowe (bdash)
Comment 11 2008-03-03 03:45:04 PST
I suspect the debug crash is a different issue, as the stack trace in a release build is very different.
Mark Rowe (bdash)
Comment 12 2008-03-03 04:02:04 PST
Created attachment 19491 [details] Reduction (will crash Release builds of TOT)
Mark Rowe (bdash)
Comment 13 2008-03-03 04:06:54 PST
I've been debugging this for a few hours now and the situation seems quite bizarre. It crashes consistently within RenderText::deleteTextBoxes while attempting to destroy a InlineTextBox. This is due to the RenderText's m_firstTextBox having a bogus m_nextLine pointer. This m_nextLine pointer is being set from CSSStyleSelector.cpp:1665. Yes, that seems crazy, but at that point CSSStyleSelector's m_style/childStyle points to the same memory that is used by the InlineTextBox. childStyle->setFirstChildState() ends up setting m_nextLine to 0x1000 rather than setting the bitfield member it intends to. As to *why* a single memory location is being treated as a RenderStyle and InlineTextBox simultaneously... I have no idea at this point!
Mark Rowe (bdash)
Comment 14 2008-03-03 04:08:48 PST
Created attachment 19492 [details] Transcript of debugging session from point of crash Points of interest here are the stack trace, and the value of this->m_firstTextBox->m_nextLine (0x1000).
Mark Rowe (bdash)
Comment 15 2008-03-03 04:11:12 PST
Created attachment 19493 [details] Transcript of debugging session from point of bogus write Points of interest here are that childStyle looks like garbage when interpreted as a RenderStyle ($3), but looks sane and matches the InlineTextBox at point of crash when interpreted as an InlineTextBox ($4). The transcript also shows the instruction that stores 0x1000 into memory, and that the address of the store corresponds to the offset of the m_nextLine member of an InlineTextBox instance.
Mark Rowe (bdash)
Comment 16 2008-03-03 04:30:24 PST
Created attachment 19494 [details] Crash under guard malloc The reduction is small enough to run quickly under guard malloc, and it confirms the bogus write! Under guard malloc, we conveniently crash at the point where the write occurs. A little further poking around shows that the RenderStyle that previously resided at this memory location belonged to the <input> element, and is destroyed at the point of the following backtrace: Breakpoint 2, WebCore::RenderStyle::~RenderStyle (this=0xd2641fbc) at WebCore/rendering/RenderStyle.cpp:1047 1047 } #0 WebCore::RenderStyle::~RenderStyle (this=0xd2641fbc) at WebCore/rendering/RenderStyle.cpp:1047 #1 0x01f846f5 in WebCore::RenderStyle::~RenderStyle (this=0xd2641fbc) at WebCore/rendering/RenderStyle.cpp:1047 #2 0x01f84752 in WebCore::RenderStyle::arenaDelete (this=0xd2641fbc, arena=0xd1ea3e50) at WebCore/rendering/RenderStyle.cpp:924 #3 0x01b54139 in WebCore::RenderStyle::deref (this=0xd2641fbc, arena=0xd1ea3e50) at rendering/RenderStyle.h:1377 #4 0x01cb6955 in WebCore::Element::recalcStyle (this=0xd2569f80, change=WebCore::Node::Force) at WebCore/dom/Element.cpp:769 #5 0x01d40814 in WebCore::HTMLGenericFormElement::recalcStyle (this=0xd2569f80, change=WebCore::Node::Force) at WebCore/html/HTMLGenericFormElement.cpp:176 #6 0x01cb6a22 in WebCore::Element::recalcStyle (this=0xd252dfb0, change=WebCore::Node::Force) at WebCore/dom/Element.cpp:781 #7 0x01cb6a22 in WebCore::Element::recalcStyle (this=0xd21b7fb0, change=WebCore::Node::Force) at WebCore/dom/Element.cpp:781 #8 0x01c88a42 in WebCore::Document::recalcStyle (this=0xd1e72950, change=WebCore::Node::Force) at WebCore/dom/Document.cpp:1118 #9 0x01c8ab98 in WebCore::Document::updateStyleSelector (this=0xd1e72950) at WebCore/dom/Document.cpp:2068 #10 0x01cf1a37 in WebCore::Frame::reapplyStyles (this=0xc1d09ff0) at WebCore/page/Frame.cpp:755 #11 0x01d11786 in WebCore::FrameView::layout (this=0xc2ca3fd0, allowSubtree=true) at WebCore/page/FrameView.cpp:376 #12 0x01c85761 in WebCore::Document::implicitClose (this=0xd1e72950) at WebCore/dom/Document.cpp:1512 #13 0x01cf612e in WebCore::FrameLoader::checkCallImplicitClose (this=0xc1d11da0) at WebCore/loader/FrameLoader.cpp:1310 #14 0x01d019ae in WebCore::FrameLoader::checkCompleted (this=0xc1d11da0) at WebCore/loader/FrameLoader.cpp:1263 Perhaps someone that knows something (anything?) about how the CSS style system and rendering fit together would have more luck taking things from here?
Mark Rowe (bdash)
Comment 17 2008-03-03 14:18:17 PST
Created attachment 19503 [details] Patch This fixes the reduced test case. The original test case still crashes, though the crash is because of a different issue that I'll file as a new bug report.
mitz
Comment 18 2008-03-03 14:23:24 PST
Comment on attachment 19503 [details] Patch + styleSelector->initForStyleResolve(static_cast<Element*>(n), 0); You can use the 'element' variable defined 2 lines above. r=me
Mark Rowe (bdash)
Comment 19 2008-03-03 14:44:55 PST
Landed in r30722.
Mark Rowe (bdash)
Comment 20 2008-03-03 15:06:11 PST
Filed bug 17655 about the remaining crash.
David Kilzer (:ddkilzer)
Comment 21 2008-05-17 02:29:48 PDT
*** Bug 17408 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.