WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
CLOSED FIXED
30492
WebKit crashes 100% when switching waves in Google Wave
https://bugs.webkit.org/show_bug.cgi?id=30492
Summary
WebKit crashes 100% when switching waves in Google Wave
Dimitris Apostolou
Reported
2009-10-18 08:55:40 PDT
WebKit Version 4.0.3 (6531.9,
r49748
) Reproducibility: always Pre-steps: Have a Google Wave account. Steps: 1. Go to
https://wave.google.com/wave/
2. Navigation -> All. 3. Select wave "Welcome to Google Wave". 4. Select wave "Getting started with Google Wave". 5. Repeat steps 2-3 a few times. What happened: 5. WebKit crashes. Thread 0 Crashed: Dispatch queue: com.apple.main-thread 0 com.apple.WebKit 0x00000001002efc16 WebKit::NetscapePluginInstanceProxy::loadRequest(NSURLRequest*, char const*, bool, unsigned int&) + 134 1 com.apple.WebKit 0x00000001002f0208 WebKit::NetscapePluginInstanceProxy::loadURL(char const*, char const*, char const*, unsigned int, LoadURLFlags, unsigned int&) + 280 2 com.apple.WebKit 0x00000001002e8e29 WKPCLoadURL + 153 3 com.apple.WebKit 0x0000000100356e52 _XPCLoadURL + 242 4 com.apple.WebKit 0x0000000100355551 WebKitPluginClient_server + 81 5 com.apple.WebKit 0x00000001002e9652 WebKit::NetscapePluginHostProxy::processRequests() + 274 6 com.apple.WebKit 0x00000001002ebb8c WebKit::NetscapePluginInstanceProxy::processRequestsAndWaitForReply(unsigned int) + 60 7 com.apple.WebKit 0x00000001002ef4c8 WebKit::NetscapePluginInstanceProxy::destroy() + 72 8 com.apple.WebKit 0x000000010033782c -[WebHostedNetscapePluginView destroyPlugin] + 76 9 com.apple.WebKit 0x0000000100301ccc -[WebBaseNetscapePluginView viewWillMoveToSuperview:] + 44 10 com.apple.AppKit 0x00007fff841fb427 -[NSView _setSuperview:] + 283 11 com.apple.AppKit 0x00007fff8423e8d0 -[NSView removeFromSuperview] + 342 12 com.apple.WebCore 0x0000000100fe99ef WebCore::safeRemoveFromSuperview(NSView*) + 159 13 com.apple.WebCore 0x0000000100fe9a81 WebCore::Widget::removeFromSuperview() + 49 14 com.apple.WebCore 0x0000000100eb21d8 WebCore::ScrollView::removeChild(WebCore::Widget*) + 152 15 com.apple.WebCore 0x0000000100e7d6d0 WebCore::RenderWidget::destroy() + 144 16 com.apple.WebCore 0x0000000100d79fe6 WebCore::Node::detach() + 38 17 com.apple.WebCore 0x000000010097189e WebCore::Element::detach() + 110 18 com.apple.WebCore 0x0000000100799f3c WebCore::ContainerNode::detach() + 44 19 com.apple.WebCore 0x000000010097189e WebCore::Element::detach() + 110 20 com.apple.WebCore 0x0000000100799f3c WebCore::ContainerNode::detach() + 44 21 com.apple.WebCore 0x000000010097189e WebCore::Element::detach() + 110 22 com.apple.WebCore 0x0000000100799f3c WebCore::ContainerNode::detach() + 44 23 com.apple.WebCore 0x000000010085f225 WebCore::Document::detach() + 213 24 com.apple.WebCore 0x000000010099e746 WebCore::Frame::setView(WTF::PassRefPtr<WebCore::FrameView>) + 166 25 com.apple.WebCore 0x00000001009a7d35 WebCore::FrameLoader::closeAndRemoveChild(WebCore::Frame*) + 53 26 com.apple.WebCore 0x00000001009abafa WebCore::FrameLoader::detachFromParent() + 154 27 com.apple.WebCore 0x0000000100a19274 WebCore::HTMLFrameOwnerElement::willRemove() + 52 28 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 29 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 30 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 31 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 32 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 33 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 34 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 35 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 36 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 37 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 38 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 39 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 40 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 41 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 42 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 43 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 44 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 45 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 46 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 47 com.apple.WebCore 0x0000000100799fdc WebCore::ContainerNode::willRemove() + 44 48 com.apple.WebCore 0x000000010079c2d6 WebCore::willRemoveChild(WebCore::Node*) + 918 49 com.apple.WebCore 0x000000010079c6c5 WebCore::ContainerNode::removeChild(WebCore::Node*, int&) + 133 50 com.apple.WebCore 0x0000000100c46807 WebCore::JSNode::removeChild(JSC::ExecState*, JSC::ArgList const&) + 87 51 com.apple.WebCore 0x0000000100c44c29 WebCore::jsNodePrototypeFunctionRemoveChild(JSC::ExecState*, JSC::JSObject*, JSC::JSValue, JSC::ArgList const&) + 137 52 ??? 0x00005d232e8001c4 0 + 102405685379524 53 com.apple.JavaScriptCore 0x0000000100567428 JSC::Interpreter::execute(JSC::FunctionExecutable*, JSC::ExecState*, JSC::JSFunction*, JSC::JSObject*, JSC::ArgList const&, JSC::ScopeChainNode*, JSC::JSValue*) + 584 54 ??? 0x000000011d3afd80 0 + 4785372544 55 ??? 0x0000000116ce8060 0 + 4677599328 56 com.apple.WebCore 0x0000000100b76cf0 WebCore::JSDOMWindowShell::~JSDOMWindowShell() + 0 57 ??? 0x0000441f0f66ffff 0 + 74900193083391 Expected result: 5. WebKit does not crash.
Attachments
Crash log
(41.21 KB, application/octet-stream)
2009-10-18 08:56 PDT
,
Dimitris Apostolou
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Dimitris Apostolou
Comment 1
2009-10-18 08:56:41 PDT
Created
attachment 41378
[details]
Crash log
Mark Rowe (bdash)
Comment 2
2009-10-18 22:14:23 PDT
I think this is fixed by
r49763
. Can you please grab a nightly build once a new one becomes available (should be within the hour) and see if the problem still occurs?
Mark Rowe (bdash)
Comment 3
2009-10-18 23:03:27 PDT
This should be fixed in the nightly for
r49764
.
Dimitris Apostolou
Comment 4
2009-10-19 00:14:50 PDT
Verified with (6531.9,
r49764
) Closing.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug