Bug 57495 - CRASH in WebCore::Page::scrollableAreaSet
Summary: CRASH in WebCore::Page::scrollableAreaSet
Status: RESOLVED CONFIGURATION CHANGED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC OS X 10.5
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-03-30 12:18 PDT by Xan Lopez
Modified: 2023-02-08 15:47 PST (History)
7 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Xan Lopez 2011-03-30 12:18:39 PDT 
Steps to reproduce:

1) visit http://www.metafilter.com/101997/Theological-Clusterf
2) Click on "Who Goes to Hell?" link.
3) Wait for http://www.foxnews.com/opinion/2011/03/25/goes-hell/# to load
4) Press back.
5)

Trace:


Program received signal SIGSEGV, Segmentation fault.
0x00de7a38 in WTF::OwnPtr<WTF::HashSet<WebCore::ScrollableArea*, WTF::PtrHash<WebCore::ScrollableArea*>, WTF::HashTraits<WebCore::ScrollableArea*> > >::get
    (this=0xa8) at ../../Source/JavaScriptCore/wtf/OwnPtr.h:59
59	        PtrType get() const { return m_ptr; }
(gdb) bt
#0  0x00de7a38 in WTF::OwnPtr<WTF::HashSet<WebCore::ScrollableArea*, WTF::PtrHash<WebCore::ScrollableArea*>, WTF::HashTraits<WebCore::ScrollableArea*> > >::get (this=0xa8) at ../../Source/JavaScriptCore/wtf/OwnPtr.h:59
#1  0x00de7a1c in WebCore::Page::scrollableAreaSet (this=0x0) at ../../Source/WebCore/page/Page.h:289
#2  0x00df924a in WebCore::FrameView::notifyPageThatContentAreaWillPaint (this=0x9e1ca88) at ../../Source/WebCore/page/FrameView.cpp:2078
#3  0x00ea9bc5 in WebCore::ScrollView::paint (this=0x9e1ca88, context=0xbfffb0a0, rect=...) at ../../Source/WebCore/platform/ScrollView.cpp:924
#4  0x0100ffed in WebCore::RenderWidget::paint (this=0x9ffafd4, paintInfo=..., tx=434, ty=448) at ../../Source/WebCore/rendering/RenderWidget.cpp:299
#5  0x00ef64a2 in WebCore::InlineBox::paint (this=0x957bfcc, paintInfo=..., tx=434, ty=448) at ../../Source/WebCore/rendering/InlineBox.cpp:184
#6  0x00efb095 in WebCore::InlineFlowBox::paint (this=0x957c004, paintInfo=..., tx=434, ty=448) at ../../Source/WebCore/rendering/InlineFlowBox.cpp:977
#7  0x0101584e in WebCore::RootInlineBox::paint (this=0x957c004, paintInfo=..., tx=434, ty=448) at ../../Source/WebCore/rendering/RootInlineBox.cpp:183
#8  0x00fab2b2 in WebCore::RenderLineBoxList::paint (this=0xa05cb44, renderer=0xa05cadc, paintInfo=..., tx=434, ty=448)
    at ../../Source/WebCore/rendering/RenderLineBoxList.cpp:257
#9  0x00f1b7a7 in WebCore::RenderBlock::paintContents (this=0xa05cadc, paintInfo=..., tx=434, ty=448) at ../../Source/WebCore/rendering/RenderBlock.cpp:2368
#10 0x00f1bfef in WebCore::RenderBlock::paintObject (this=0xa05cadc, paintInfo=..., tx=434, ty=448) at ../../Source/WebCore/rendering/RenderBlock.cpp:2478
#11 0x00f1af97 in WebCore::RenderBlock::paint (this=0xa05cadc, paintInfo=..., tx=434, ty=448) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258
#12 0x00fb075e in WebCore::RenderListItem::paint (this=0xa05cadc, paintInfo=..., tx=80, ty=444) at ../../Source/WebCore/rendering/RenderListItem.cpp:349
#13 0x00f1c76e in WebCore::RenderBlock::paintFloats (this=0xa058e14, paintInfo=..., tx=80, ty=444, preservePhase=false)
    at ../../Source/WebCore/rendering/RenderBlock.cpp:2566
#14 0x00f1c0dc in WebCore::RenderBlock::paintObject (this=0xa058e14, paintInfo=..., tx=80, ty=444) at ../../Source/WebCore/rendering/RenderBlock.cpp:2492
#15 0x00f1af97 in WebCore::RenderBlock::paint (this=0xa058e14, paintInfo=..., tx=80, ty=444) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258
#16 0x00f1bb3e in WebCore::RenderBlock::paintChildren (this=0x956c2c4, paintInfo=..., tx=80, ty=444) at ../../Source/WebCore/rendering/RenderBlock.cpp:2411
#17 0x00f1b7c9 in WebCore::RenderBlock::paintContents (this=0x956c2c4, paintInfo=..., tx=80, ty=444) at ../../Source/WebCore/rendering/RenderBlock.cpp:2370
#18 0x00f1bfef in WebCore::RenderBlock::paintObject (this=0x956c2c4, paintInfo=..., tx=80, ty=444) at ../../Source/WebCore/rendering/RenderBlock.cpp:2478
#19 0x00f1af97 in WebCore::RenderBlock::paint (this=0x956c2c4, paintInfo=..., tx=80, ty=444) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258
#20 0x00f1bb3e in WebCore::RenderBlock::paintChildren (this=0x8ed4a44, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2411
#21 0x00f1b7c9 in WebCore::RenderBlock::paintContents (this=0x8ed4a44, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2370
#22 0x00f1bfef in WebCore::RenderBlock::paintObject (this=0x8ed4a44, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2478
#23 0x00f1af97 in WebCore::RenderBlock::paint (this=0x8ed4a44, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258
#24 0x00f1bb3e in WebCore::RenderBlock::paintChildren (this=0x957e3ac, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2411
#25 0x00f1b7c9 in WebCore::RenderBlock::paintContents (this=0x957e3ac, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2370
#26 0x00f1bfef in WebCore::RenderBlock::paintObject (this=0x957e3ac, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2478
#27 0x00f1af97 in WebCore::RenderBlock::paint (this=0x957e3ac, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258
#28 0x00f1bb3e in WebCore::RenderBlock::paintChildren (this=0x957e00c, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2411
#29 0x00f1b7c9 in WebCore::RenderBlock::paintContents (this=0x957e00c, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2370
#30 0x00f1bfef in WebCore::RenderBlock::paintObject (this=0x957e00c, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2478
#31 0x00f1af97 in WebCore::RenderBlock::paint (this=0x957e00c, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258
#32 0x00f1c728 in WebCore::RenderBlock::paintFloats (this=0x957d634, paintInfo=..., tx=80, ty=326, preservePhase=false)
    at ../../Source/WebCore/rendering/RenderBlock.cpp:2564
#33 0x00f1c0dc in WebCore::RenderBlock::paintObject (this=0x957d634, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2492
#34 0x00f1af97 in WebCore::RenderBlock::paint (this=0x957d634, paintInfo=..., tx=80, ty=326) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258
#35 0x00f1bb3e in WebCore::RenderBlock::paintChildren (this=0x9577bfc, paintInfo=..., tx=68, ty=224) at ../../Source/WebCore/rendering/RenderBlock.cpp:2411
---Type <return> to continue, or q <return> to quit---
#36 0x00f1b7c9 in WebCore::RenderBlock::paintContents (this=0x9577bfc, paintInfo=..., tx=68, ty=224) at ../../Source/WebCore/rendering/RenderBlock.cpp:2370
#37 0x00f1bfef in WebCore::RenderBlock::paintObject (this=0x9577bfc, paintInfo=..., tx=68, ty=224) at ../../Source/WebCore/rendering/RenderBlock.cpp:2478
#38 0x00f1af97 in WebCore::RenderBlock::paint (this=0x9577bfc, paintInfo=..., tx=68, ty=224) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258
#39 0x00f1bb3e in WebCore::RenderBlock::paintChildren (this=0x93defe4, paintInfo=..., tx=0, ty=0) at ../../Source/WebCore/rendering/RenderBlock.cpp:2411
#40 0x00f1b7c9 in WebCore::RenderBlock::paintContents (this=0x93defe4, paintInfo=..., tx=0, ty=0) at ../../Source/WebCore/rendering/RenderBlock.cpp:2370
#41 0x00f1bfef in WebCore::RenderBlock::paintObject (this=0x93defe4, paintInfo=..., tx=0, ty=0) at ../../Source/WebCore/rendering/RenderBlock.cpp:2478
#42 0x00f1af97 in WebCore::RenderBlock::paint (this=0x93defe4, paintInfo=..., tx=0, ty=0) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258
#43 0x00f1bb3e in WebCore::RenderBlock::paintChildren (this=0x8fa1b0c, paintInfo=..., tx=0, ty=0) at ../../Source/WebCore/rendering/RenderBlock.cpp:2411
#44 0x00f1b7c9 in WebCore::RenderBlock::paintContents (this=0x8fa1b0c, paintInfo=..., tx=0, ty=0) at ../../Source/WebCore/rendering/RenderBlock.cpp:2370
#45 0x00f1bfef in WebCore::RenderBlock::paintObject (this=0x8fa1b0c, paintInfo=..., tx=0, ty=0) at ../../Source/WebCore/rendering/RenderBlock.cpp:2478
#46 0x00f1af97 in WebCore::RenderBlock::paint (this=0x8fa1b0c, paintInfo=..., tx=0, ty=0) at ../../Source/WebCore/rendering/RenderBlock.cpp:2258
#47 0x00f9eb5b in WebCore::RenderLayer::paintLayer (this=0x90ec014, rootLayer=0x90e83fc, p=0xbfffb0a0, paintDirtyRect=..., paintBehavior=0, paintingRoot=
    0x0, overlapTestRequests=0xbfffae98, paintFlags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:2552
#48 0x00f9eff3 in WebCore::RenderLayer::paintList (this=0x90e83fc, list=0x9116230, rootLayer=0x90e83fc, p=0xbfffb0a0, paintDirtyRect=..., paintBehavior=0, 
    paintingRoot=0x0, overlapTestRequests=0xbfffae98, paintFlags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:2614
#49 0x00f9ed7d in WebCore::RenderLayer::paintLayer (this=0x90e83fc, rootLayer=0x90e83fc, p=0xbfffb0a0, paintDirtyRect=..., paintBehavior=0, 
    paintingRoot=0x0, overlapTestRequests=0xbfffae98, paintFlags=0) at ../../Source/WebCore/rendering/RenderLayer.cpp:2576
#50 0x00f9df77 in WebCore::RenderLayer::paint (this=0x90e83fc, p=0xbfffb0a0, damageRect=..., paintBehavior=0, paintingRoot=0x0)
    at ../../Source/WebCore/rendering/RenderLayer.cpp:2349
#51 0x00df9ef1 in WebCore::FrameView::paintContents (this=0x90d64f8, p=0xbfffb0a0, rect=...) at ../../Source/WebCore/page/FrameView.cpp:2303
#52 0x00ea9d68 in WebCore::ScrollView::paint (this=0x90d64f8, context=0xbfffb0a0, rect=...) at ../../Source/WebCore/platform/ScrollView.cpp:941
#53 0x007cf57f in paintWebView (frame=0x8984200, transparent=0, context=..., clipRect=..., rects=WTF::Vector of length 2, capacity 16 = {...})
    at ../../Source/WebKit/gtk/webkit/webkitwebview.cpp:684
#54 0x007cf833 in webkit_web_view_draw (widget=0x8972000, cr=0x31ed6e0) at ../../Source/WebKit/gtk/webkit/webkitwebview.cpp:751
#55 0x02deb1e2 in _gtk_marshal_BOOLEAN__BOXED (closure=0x8175360, return_value=0xbfffb2f0, n_param_values=2, param_values=0xaf8025b8, 
    invocation_hint=0xbfffb30c, marshal_data=0x7cf69d) at gtkmarshalers.c:85
#56 0x02f74c36 in gtk_widget_draw_marshaller (closure=0x8175360, return_value=0xbfffb2f0, n_param_values=2, param_values=0xaf8025b8, 
    invocation_hint=0xbfffb30c, marshal_data=0x7cf69d) at gtkwidget.c:797
#57 0x036f8d3e in g_type_class_meta_marshal (closure=0x8175360, return_value=0xbfffb2f0, n_param_values=2, param_values=0xaf8025b8, 
    invocation_hint=0xbfffb30c, marshal_data=0x90) at gclosure.c:878
#58 0x036f8a2d in g_closure_invoke (closure=0x8175360, return_value=0xbfffb2f0, n_param_values=2, param_values=0xaf8025b8, invocation_hint=0xbfffb30c)
    at gclosure.c:767
#59 0x0371154e in signal_emit_unlocked_R (node=0x81754e8, detail=0, instance=0x8972000, emission_return=0xbfffb42c, instance_and_params=0xaf8025b8)
    at gsignal.c:3294
#60 0x03710764 in g_signal_emit_valist (instance=0x8972000, signal_id=34, detail=0, var_args=0xbfffb500 "8\265\377\277") at gsignal.c:2997
#61 0x037109c4 in g_signal_emit (instance=0x8972000, signal_id=34, detail=0) at gsignal.c:3044
#62 0x02f7d9f7 in _gtk_widget_draw_internal (widget=0x8972000, cr=0x31ed6e0, clip_to_size=1) at gtkwidget.c:5668
#63 0x02f7e1a0 in gtk_widget_send_expose (widget=0x8972000, event=0xbfffb65c) at gtkwidget.c:5915
#64 0x02de9c85 in gtk_main_do_event (event=0xbfffb65c) at gtkmain.c:1797
#65 0x0031f129 in _gdk_event_emit (event=0xbfffb65c) at gdkevents.c:71
---Type <return> to continue, or q <return> to quit---
#66 0x0032c7eb in _gdk_window_process_updates_recurse (window=0x8d9c680, expose_region=0x9b64780) at gdkwindow.c:3856
#67 0x0032c70a in _gdk_window_process_updates_recurse (window=0x8d9c5d0, expose_region=0x92affa0) at gdkwindow.c:3829
#68 0x0032c70a in _gdk_window_process_updates_recurse (window=0x8437520, expose_region=0x8fe1990) at gdkwindow.c:3829
#69 0x0036ac01 in gdk_x11_window_process_updates_recurse (window=0x8437520, region=0x8fe1990) at gdkwindow-x11.c:4667
#70 0x0032ca6d in gdk_window_process_updates_internal (window=0x8437520) at gdkwindow.c:4012
#71 0x0032cec5 in gdk_window_process_updates (window=0x8d9c680, update_children=1) at gdkwindow.c:4208
#72 0x00793b83 in WebKit::ChromeClient::invalidateWindow (this=0x81f45a8, immediate=true) at ../../Source/WebKit/gtk/WebCoreSupport/ChromeClientGtk.cpp:384
#73 0x00dbccfb in WebCore::Chrome::invalidateWindow (this=0x897f378, updateRect=..., immediate=true) at ../../Source/WebCore/page/Chrome.cpp:72
#74 0x00ea8ad7 in WebCore::ScrollView::scrollContents (this=0x90d64f8, scrollDelta=...) at ../../Source/WebCore/platform/ScrollView.cpp:654
#75 0x00ea73d9 in WebCore::ScrollView::scrollTo (this=0x90d64f8, newOffset=...) at ../../Source/WebCore/platform/ScrollView.cpp:361
#76 0x00df8f4d in WebCore::FrameView::scrollTo (this=0x90d64f8, newOffset=...) at ../../Source/WebCore/page/FrameView.cpp:2030
#77 0x00ea7331 in WebCore::ScrollView::setScrollOffset (this=0x90d64f8, offset=...) at ../../Source/WebCore/platform/ScrollView.cpp:347
#78 0x00ea2962 in WebCore::ScrollableArea::setScrollOffsetFromAnimation (this=0x90d6520, offset=...) at ../../Source/WebCore/platform/ScrollableArea.cpp:129
#79 0x00ea2517 in WebCore::ScrollAnimator::notityPositionChanged (this=0x90c2ac8) at ../../Source/WebCore/platform/ScrollAnimator.cpp:129
#80 0x00ea20ca in WebCore::ScrollAnimator::scrollToOffsetWithoutAnimation (this=0x90c2ac8, offset=...)
    at ../../Source/WebCore/platform/ScrollAnimator.cpp:80
#81 0x00ea27f1 in WebCore::ScrollableArea::scrollToOffsetWithoutAnimation (this=0x90d6520, offset=...)
    at ../../Source/WebCore/platform/ScrollableArea.cpp:93
#82 0x00ea2907 in WebCore::ScrollableArea::scrollToYOffsetWithoutAnimation (this=0x90d6520, y=0) at ../../Source/WebCore/platform/ScrollableArea.cpp:111
#83 0x00ea2832 in WebCore::ScrollableArea::scrollToOffsetWithoutAnimation (this=0x90d6520, orientation=WebCore::VerticalScrollbar, offset=0)
    at ../../Source/WebCore/platform/ScrollableArea.cpp:101
#84 0x00749eb6 in WebCore::MainFrameScrollbarGtk::gtkValueChanged (that=0x924b500) at ../../Source/WebCore/platform/gtk/MainFrameScrollbarGtk.cpp:124
#85 0x03711b88 in g_cclosure_marshal_VOID__VOID (closure=0x9562188, return_value=0x0, n_param_values=1, param_values=0xb1005138, 
    invocation_hint=0xbfffbd0c, marshal_data=0x0) at gmarshal.c:79
#86 0x036f8a2d in g_closure_invoke (closure=0x9562188, return_value=0x0, n_param_values=1, param_values=0xb1005138, invocation_hint=0xbfffbd0c)
    at gclosure.c:767
#87 0x03711389 in signal_emit_unlocked_R (node=0x83b9590, detail=0, instance=0x8445ed8, emission_return=0x0, instance_and_params=0xb1005138)
    at gsignal.c:3256
#88 0x037106d8 in g_signal_emit_valist (instance=0x8445ed8, signal_id=309, detail=0, var_args=0xbfffbefc "(\277\377\277P!E\t\330^D\b\300 \030\b\001")
    at gsignal.c:2987
#89 0x037109c4 in g_signal_emit (instance=0x8445ed8, signal_id=309, detail=0) at gsignal.c:3044
#90 0x02cc5641 in gtk_adjustment_value_changed (adjustment=0x8445ed8) at gtkadjustment.c:764
#91 0x02cc54de in gtk_adjustment_configure (adjustment=0x8445ed8, value=0, lower=0, upper=0, step_increment=40, page_increment=552, page_size=631)
    at gtkadjustment.c:732
#92 0x00749e01 in WebCore::MainFrameScrollbarGtk::updateThumbProportion (this=0x8fb1d98) at ../../Source/WebCore/platform/gtk/MainFrameScrollbarGtk.cpp:109
#93 0x00749b4c in WebCore::MainFrameScrollbarGtk::attachAdjustment (this=0x8fb1d98, adjustment=0x8445ed8)
    at ../../Source/WebCore/platform/gtk/MainFrameScrollbarGtk.cpp:72
#94 0x0075e750 in WebCore::ScrollView::setVerticalAdjustment (this=0x8e12e28, vadj=0x8445ed8, resetValues=false)
    at ../../Source/WebCore/platform/gtk/ScrollViewGtk.cpp:142
#95 0x0075e9b0 in WebCore::ScrollView::setGtkAdjustments (this=0x8e12e28, hadj=0x8445950, vadj=0x8445ed8, resetValues=false)
---Type <return> to continue, or q <return> to quit---
    at ../../Source/WebCore/platform/gtk/ScrollViewGtk.cpp:163
#96 0x007add5e in WebKit::postCommitFrameViewSetup (frame=0x896faf0, view=0x8e12e28, resetValues=false)
    at ../../Source/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:1361
#97 0x007adeb4 in WebKit::FrameLoaderClient::transitionToCommittedFromCachedFrame (this=0x8981f58, cachedFrame=0x90d5ce8)
    at ../../Source/WebKit/gtk/WebCoreSupport/FrameLoaderClientGtk.cpp:1386
#98 0x00d57e6c in WebCore::FrameLoader::transitionToCommitted (this=0x8984260, cachedPage=...) at ../../Source/WebCore/loader/FrameLoader.cpp:2039
#99 0x00d574c4 in WebCore::FrameLoader::commitProvisionalLoad (this=0x8984260) at ../../Source/WebCore/loader/FrameLoader.cpp:1905
#100 0x00d5c282 in WebCore::FrameLoader::loadProvisionalItemFromCachedPage (this=0x8984260) at ../../Source/WebCore/loader/FrameLoader.cpp:3160
#101 0x00d5b7ab in WebCore::FrameLoader::continueLoadAfterNavigationPolicy (this=0x8984260, formState=..., shouldContinue=true)
    at ../../Source/WebCore/loader/FrameLoader.cpp:3031
#102 0x00d5b04a in WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy (argument=0x8984260, request=..., formState=..., shouldContinue=true)
    at ../../Source/WebCore/loader/FrameLoader.cpp:2911
#103 0x00d88562 in WebCore::PolicyChecker::checkNavigationPolicy (this=0x8984268, request=..., loader=0x8e0da28, formState=..., 
    function=0xd5aff8 <WebCore::FrameLoader::callContinueLoadAfterNavigationPolicy(void*, WebCore::ResourceRequest const&, WTF::PassRefPtr<WebCore::FormState>, bool)>, argument=0x8984260) at ../../Source/WebCore/loader/PolicyChecker.cpp:68
#104 0x00d559fa in WebCore::FrameLoader::loadWithDocumentLoader (this=0x8984260, loader=0x8e0da28, type=WebCore::FrameLoadTypeBack, prpFormState=...)
    at ../../Source/WebCore/loader/FrameLoader.cpp:1526
#105 0x00d5c692 in WebCore::FrameLoader::loadDifferentDocumentItem (this=0x8984260, item=0x82246b8, loadType=WebCore::FrameLoadTypeBack)
    at ../../Source/WebCore/loader/FrameLoader.cpp:3218
#106 0x00d5cd10 in WebCore::FrameLoader::loadItem (this=0x8984260, item=0x82246b8, loadType=WebCore::FrameLoadTypeBack)
    at ../../Source/WebCore/loader/FrameLoader.cpp:3317
#107 0x00d688de in WebCore::HistoryController::recursiveGoToItem (this=0x8984388, item=0x82246b8, fromItem=0x90d63c8, type=WebCore::FrameLoadTypeBack)
    at ../../Source/WebCore/loader/HistoryController.cpp:694
#108 0x00d66c11 in WebCore::HistoryController::goToItem (this=0x8984388, targetItem=0x82246b8, type=WebCore::FrameLoadTypeBack)
    at ../../Source/WebCore/loader/HistoryController.cpp:261
#109 0x00e0441e in WebCore::Page::goToItem (this=0x897e4f0, item=0x82246b8, type=WebCore::FrameLoadTypeBack) at ../../Source/WebCore/page/Page.cpp:345
#110 0x00e04122 in WebCore::Page::goBack (this=0x897e4f0) at ../../Source/WebCore/page/Page.cpp:282
#111 0x007d7a97 in webkit_web_view_go_back (webView=0x8972000) at ../../Source/WebKit/gtk/webkit/webkitwebview.cpp:3835
#112 0x08097625 in action_activate (action=0x81fc8e8) at ../../src/ephy-navigation-history-action.c:298
#113 0x03711b88 in g_cclosure_marshal_VOID__VOID (closure=0x81a9378, return_value=0x0, n_param_values=1, param_values=0xb1002a20, 
    invocation_hint=0xbfffcbcc, marshal_data=0x80974d0) at gmarshal.c:79
#114 0x036f8d3e in g_type_class_meta_marshal (closure=0x81a9378, return_value=0x0, n_param_values=1, param_values=0xb1002a20, invocation_hint=0xbfffcbcc, 
    marshal_data=0x44) at gclosure.c:878
#115 0x036f8a2d in g_closure_invoke (closure=0x81a9378, return_value=0x0, n_param_values=1, param_values=0xb1002a20, invocation_hint=0xbfffcbcc)
    at gclosure.c:767
#116 0x0371100a in signal_emit_unlocked_R (node=0x81a93c0, detail=0, instance=0x81fc8e8, emission_return=0x0, instance_and_params=0xb1002a20)
    at gsignal.c:3186
#117 0x037106d8 in g_signal_emit_valist (instance=0x81fc8e8, signal_id=183, detail=0, var_args=0xbfffcdbc "") at gsignal.c:2987
#118 0x037109c4 in g_signal_emit (instance=0x81fc8e8, signal_id=183, detail=0) at gsignal.c:3044
#119 0x02cbe81c in _gtk_action_emit_activate (action=0x81fc8e8) at gtkaction.c:799
---Type <return> to continue, or q <return> to quit---
#120 0x02cbe8fd in gtk_action_activate (action=0x81fc8e8) at gtkaction.c:829
#121 0x02f0b9a3 in button_clicked (widget=0x835a670, button=0x81288e0) at gtktoolbutton.c:781
#122 0x03711b88 in g_cclosure_marshal_VOID__VOID (closure=0x838dc18, return_value=0x0, n_param_values=1, param_values=0xb6606420, 
    invocation_hint=0xbfffcf3c, marshal_data=0x0) at gmarshal.c:79
#123 0x036f8a2d in g_closure_invoke (closure=0x838dc18, return_value=0x0, n_param_values=1, param_values=0xb6606420, invocation_hint=0xbfffcf3c)
    at gclosure.c:767
#124 0x03711389 in signal_emit_unlocked_R (node=0x817fad8, detail=0, instance=0x835a670, emission_return=0x0, instance_and_params=0xb6606420)
    at gsignal.c:3256
#125 0x037106d8 in g_signal_emit_valist (instance=0x835a670, signal_id=104, detail=0, 
    var_args=0xbfffd12c "v\262q\003\320\345\023\bp\246\065\b\320\345\023\b\001") at gsignal.c:2987
#126 0x037109c4 in g_signal_emit (instance=0x835a670, signal_id=104, detail=0) at gsignal.c:3044
#127 0x02ce85cb in gtk_button_clicked (button=0x835a670) at gtkbutton.c:1194
#128 0x02ce9aea in gtk_real_button_released (button=0x835a670) at gtkbutton.c:1827
#129 0x03711b88 in g_cclosure_marshal_VOID__VOID (closure=0x817fa28, return_value=0x0, n_param_values=1, param_values=0x90c99b0, 
    invocation_hint=0xbfffd2bc, marshal_data=0x2ce9a91) at gmarshal.c:79
#130 0x036f8d3e in g_type_class_meta_marshal (closure=0x817fa28, return_value=0x0, n_param_values=1, param_values=0x90c99b0, invocation_hint=0xbfffd2bc, 
    marshal_data=0x1fc) at gclosure.c:878
#131 0x036f8a2d in g_closure_invoke (closure=0x817fa28, return_value=0x0, n_param_values=1, param_values=0x90c99b0, invocation_hint=0xbfffd2bc)
    at gclosure.c:767
#132 0x0371100a in signal_emit_unlocked_R (node=0x817fa68, detail=0, instance=0x835a670, emission_return=0x0, instance_and_params=0x90c99b0)
    at gsignal.c:3186
#133 0x037106d8 in g_signal_emit_valist (instance=0x835a670, signal_id=103, detail=0, 
    var_args=0xbfffd4ac "v\262q\003\320\345\023\bp\246\065\b\320\345\023\b\001") at gsignal.c:2987
#134 0x037109c4 in g_signal_emit (instance=0x835a670, signal_id=103, detail=0) at gsignal.c:3044
#135 0x02ce851b in gtk_button_released (button=0x835a670) at gtkbutton.c:1180
#136 0x02ce97ff in gtk_button_button_release (widget=0x835a670, event=0xa183170) at gtkbutton.c:1719
#137 0x02deb1e2 in _gtk_marshal_BOOLEAN__BOXED (closure=0x8175868, return_value=0xbfffd630, n_param_values=2, param_values=0x9113828, 
    invocation_hint=0xbfffd64c, marshal_data=0x2ce97c0) at gtkmarshalers.c:85
#138 0x036f8d3e in g_type_class_meta_marshal (closure=0x8175868, return_value=0xbfffd630, n_param_values=2, param_values=0x9113828, 
    invocation_hint=0xbfffd64c, marshal_data=0xc4) at gclosure.c:878
#139 0x036f8a2d in g_closure_invoke (closure=0x8175868, return_value=0xbfffd630, n_param_values=2, param_values=0x9113828, invocation_hint=0xbfffd64c)
    at gclosure.c:767
#140 0x0371154e in signal_emit_unlocked_R (node=0x8175a80, detail=0, instance=0x835a670, emission_return=0xbfffd76c, instance_and_params=0x9113828)
    at gsignal.c:3294
#141 0x03710764 in g_signal_emit_valist (instance=0x835a670, signal_id=43, detail=0, var_args=0xbfffd840 "X\330\377\277\320\065\027\b\001")
    at gsignal.c:2997
#142 0x037109c4 in g_signal_emit (instance=0x835a670, signal_id=43, detail=0) at gsignal.c:3044
#143 0x02f7e4ab in gtk_widget_event_internal (widget=0x835a670, event=0xa183170) at gtkwidget.c:6078
#144 0x02f7dd39 in gtk_widget_event (widget=0x835a670, event=0xa183170) at gtkwidget.c:5794
#145 0x02deb07c in gtk_propagate_event (widget=0x835a670, event=0xa183170) at gtkmain.c:2597
---Type <return> to continue, or q <return> to quit---
#146 0x02de9e6b in gtk_main_do_event (event=0xa183170) at gtkmain.c:1872
#147 0x0031f129 in _gdk_event_emit (event=0xa183170) at gdkevents.c:71
#148 0x00352254 in gdk_event_source_dispatch (source=0x811cb60, callback=0, user_data=0x0) at gdkeventsource.c:318
#149 0x0379394f in g_main_dispatch (context=0x8133e78) at gmain.c:2440
#150 0x03794cb3 in g_main_context_dispatch (context=0x8133e78) at gmain.c:3013
#151 0x03795108 in g_main_context_iterate (context=0x8133e78, block=1, dispatch=1, self=0x8112388) at gmain.c:3091
#152 0x03795871 in g_main_loop_run (loop=0x8197e58) at gmain.c:3299
#153 0x02de95b5 in gtk_main () at gtkmain.c:1358
#154 0x0806d996 in main (argc=1, argv=0xbfffec34) at ../../src/ephy-main.c:747
(gdb)
Comment 1 Alexey Proskuryakov 2011-03-30 15:01:30 PDT 
I can't reproduce with a (somewhat dated) local build of r82154 (with Safari).
Comment 2 Beth Dakin 2011-03-30 17:14:28 PDT 
(In reply to comment #1)
> I can't reproduce with a (somewhat dated) local build of r82154 (with Safari).

I also could not reproduce this crash. I was using WebKit trunk 82400 with Safari.
Comment 3 Martin Robinson 2011-06-15 18:18:41 PDT 
I just saw this crash in the 1.4.x WebKitGTK+ stable branch. Have you seen this crash recently Xan?
Comment 4 Robin Cao 2012-02-02 22:57:54 PST 
<http://trac.webkit.org/changeset/104260> adds a null-check, so this crash will not happen again.
Comment 5 Ahmad Saleem 2023-01-07 10:04:31 PST 
(In reply to Robin Cao from comment #4)
> <http://trac.webkit.org/changeset/104260> adds a null-check, so this crash
> will not happen again.

After this, do we need to do something more here? Thanks! Since Comment 01 and Comment 02 also mention that it was not reproducible. Thanks!
Comment 6 Ahmad Saleem 2023-02-08 15:47:13 PST 
Marking this as "RESOLVED CONFIGURATION CHANGED", please reopen if something else is needed.