Reproducible crash on http://my.opera.com/ODIN/blog/lovely-break-css-working-group after using ctrl + cmd + d (Lookup in Dictionary) 1) Go to http://my.opera.com/ODIN/blog/lovely-break-css-working-group 2) Place cursor on "lovely" word 3) Press ctrl + cmd + d 4) Webkit r35844 for Mac OS X crashes Note: if it doesn't crash for the first time, use shortcut one more time.
Created attachment 22932 [details] crash log
I'm seeing this bug as well, at this URL: http://www.metafilter.com/74881/Palin-pancakes-and-the-straight-talk-express#2265981
Took me about a dozen tries to reproduce it, but I see the crash also. Am unable to reproduce in Safari 3.1.2 after trying for a while, so presume this is a regression.
Easier steps to reproduce: 1) Go to http://my.opera.com/ODIN/blog/lovely-break-css-working-group 2) Place cursor on "lovely" word 3) Press ctrl + cmd + d 4) If it hasn't crashed, place cursor on "lunch" 5) Press ctrl + cmd + d
Regressed between r34342 and r34367 ( don't have privileges to change the title).
I suspect: http://trac.webkit.org/changeset/34344 though am not sure.
Created attachment 23617 [details] reduction 1) Place cursor on "One" word 2) Press ctrl + cmd + d 3) Place cursor on "Two" 4) Press ctrl + cmd + d Crash! I don't seem to be able to reduce any further.
I don't see this crash anymore with WebKit nightly build r38826 on Mac OS X 10.4.11 (8S165) with Safari 3.2. Can anyone else still reproduce it?
r38826 also doesn't crash for me on 10.5.5 with Safari 3.2. It would be nice to know what changeset fixed this, and to at least have a manual test to prevent it regressing.
Running bisect-builds to determine when this was fixed.
(In reply to comment #10) > Running bisect-builds to determine when this was fixed. Fails: r38297 Works: r38377
(In reply to comment #11) > (In reply to comment #10) > > Running bisect-builds to determine when this was fixed. > Fails: r38297 Works: r38377 I suspect r38304 fixed this. http://trac.webkit.org/changeset/38304 See also Bug 22160.