Steps to reproduce. 1. Go to http://ip30.eti.uva.nl/zma3d/sittidae.html 2. Click on Medium Size for the top bird. Kaboom. Crash. Tested in r32698. It does not crash on Safari 3.1.1. Crash log coming. Note, this is the same bug url as bug 3524; I don't think they are actually related though.
Created attachment 20912 [details] Crash log
I can't reproduce this, but if anyone can it will have to be moved to radar as the crash is in closed source libraries unrelated to WebKit.
Hmm, it's reproducible in my machine at home (2 out of 2 times I tried), but not on my machine at work. Both are running 10.5.2, and both are MacPros (one new, one older). The only difference that occurs to me is that the one on which it crashed has the Java 1.6 release installed, but I don't think that's relevant.
I worked out the problem. Looking more closely at the crash log: Thread 5 Crashed: 0 com.apple.JavaScriptCore 0x003a7c19 JSObjectIsFunction + 9 1 com.apple.CFNetwork 0x96f719f3 JSObjectIsFunction + 190 2 com.apple.CFNetwork 0x96f5ac36 _callPACFunction + 131 3 com.apple.CFNetwork 0x96f5c4a7 _JSFindProxyForURLAsync + 197 4 com.apple.CFNetwork 0x96f1e870 _CFNetworkProxyListForURLAsync + 771 5 com.apple.CFNetwork 0x96f1e50e constructProxyList + 326 I noticed reference to a proxy. The problem only manifests when you're behind a proxy server. I use a PAC file so that when I access online scientific journals, I get routed through Stanford, and thus have Stanford access to those journals. I just removed the reference to the PAC file in the system preferences, and the crash no longer occurs. If it's relevant, the PAC file (referenced by URL) is: http://library.stanford.edu/apcproxy/suproxy.pac I presume this means the bug is in CFNetwork, not Webkit, and that I should file a radar, and this should be marked as INVALID? I've noticed at least two other bugs in Leopard with regard to PAC files (Adobe updater takes up all available RAM behind a proxy, and dmnotifyd also takes up all available memory after waking from sleep (see http://discussions.apple.com/thread.jspa?threadID=1287849&tstart=0)), so these may all be related.
Oh wow, I guess I didn't have enough caffeine in me yesterday to look at which thread crashed. (In reply to comment #4) > > I presume this means the bug is in CFNetwork, not Webkit, and that I should > file a radar, and this should be marked as INVALID? > > I've noticed at least two other bugs in Leopard with regard to PAC files (Adobe > updater takes up all available RAM behind a proxy, and dmnotifyd also takes up > all available memory after waking from sleep (see > http://discussions.apple.com/thread.jspa?threadID=1287849&tstart=0)), so these > may all be related. > Looks like it's actually in JSCore; there have been a number of PAC file-related crashes lately.
Can you still reproduce this problem with r32828?
Still reproduces with r32828, with identical backtrace.
Confirmed with r32862.
Created attachment 21076 [details] fix by disabling incomplete multithreading support
Comment on attachment 21076 [details] fix by disabling incomplete multithreading support r=me
Committed revision 33039.