6597 – REGRESSION: Assertion failure in Mail (KJS::Collector::protect)

RESOLVED DUPLICATE of bug 63776597

REGRESSION: Assertion failure in Mail (KJS::Collector::protect)

https://bugs.webkit.org/show_bug.cgi?id=6597

Summary REGRESSION: Assertion failure in Mail (KJS::Collector::protect)

Mark Rowe (bdash)

Reported 2006-01-16 13:10:09 PST

This occurs when selecting a specific message in a folder, clicking on empty space in the message list to deselect it, and then selecting the original message. Backtrace when asertion fires is: #0 0x9004716c in kill () #1 0x90128b98 in abort () #2 0x946e7144 in __eprintf () #3 0x01010994 in KJS::Collector::protect (k=0x0) at .../JavaScriptCore/kjs/collector.cpp:392 #4 0x01aff960 in KJS::gcProtect (val=0x0) at .../WebKitBuild/Development/JavaScriptCore.framework/ PrivateHeaders/protect.h:36 #5 0x01b80f50 in KJS::Bindings::RootObject::setRootObjectImp (this=0x1101e390, i=0x0) at .../ WebKitBuild/Development/JavaScriptCore.framework/PrivateHeaders/runtime_root.h:61 #6 0x01a360b8 in MacFrame::bindingRootObject (this=0xd9bd000) at .../WebCore/bridge/mac/ MacFrame.mm:1145 #7 0x01a361bc in MacFrame::windowScriptObject (this=0xd9bd000) at .../WebCore/bridge/mac/ MacFrame.mm:1157 #8 0x01a6bd80 in -[WebCoreFrameBridge windowScriptObject] (self=0x10bf9260, _cmd=0x90a3e1bc) at .../WebCore/bridge/mac/WebCoreFrameBridge.mm:1558 #9 0x0033a44c in -[WebFrameBridge windowObjectCleared] (self=0x10bf9260, _cmd=0x90a3e15c) at .../WebKit/WebCoreSupport.subproj/WebFrameBridge.m:1495 #10 0x01a2eb40 in MacFrame::partClearedInBegin (this=0xd9bd000) at .../WebCore/bridge/mac/ MacFrame.mm:1185 #11 0x01a2aa3c in Frame::begin (this=0xd9bd000, url=@0xd9bd934, xOffset=0, yOffset=0) at .../ WebCore/page/Frame.cpp:755 #12 0x01a222d0 in Frame::receivedFirstData (this=0xd9bd000) at .../WebCore/page/Frame.cpp:659 #13 0x01a2292c in Frame::setEncoding (this=0xd9bd000, name=@0xbfffe058, userChosen=false) at .../WebCore/page/Frame.cpp:3218 #14 0x01a68f68 in -[WebCoreFrameBridge setEncoding:userChosen:] (self=0x10bf9260, _cmd=0x90a30488, encoding=0xd3bb2f0, userChosen=0 '\0') at .../WebCore/bridge/mac/ WebCoreFrameBridge.mm:670 #15 0x003340ac in -[WebFrameBridge receivedData:textEncodingName:] (self=0x10bf9260, _cmd=0x90a28aa8, data=0x1253e6a0, textEncodingName=0xd3bb2f0) at .../WebKit/ WebCoreSupport.subproj/WebFrameBridge.m:470 #16 0x0036db88 in -[WebHTMLRepresentation receivedData:withDataSource:] (self=0xd32fe20, _cmd=0x90a28ac8, data=0x1253e6a0, dataSource=0x1253cdd0) at .../WebKit/WebView.subproj/ WebHTMLRepresentation.m:120 #17 0x003586b0 in -[WebDataSource(WebPrivate) _commitLoadWithData:] (self=0x1253cdd0, _cmd=0x402830, data=0x1253e6a0) at .../WebKit/WebView.subproj/WebDataSource.m:1032 #18 0x00356d70 in -[WebDataSource(WebPrivate) _receivedData:] (self=0x1253cdd0, _cmd=0x909f1a40, data=0x1253e6a0) at .../WebKit/WebView.subproj/WebDataSource.m:777 #19 0x003924d0 in -[WebMainResourceLoader addData:] (self=0x1253d930, _cmd=0x90a04a60, data=0x1253e6a0) at .../WebKit/WebView.subproj/WebMainResourceLoader.m:162 #20 0x00350be4 in -[WebLoader didReceiveData:lengthReceived:] (self=0x1253d930, _cmd=0x90a0fb9c, data=0x1253e6a0, lengthReceived=9551) at .../WebKit/WebView.subproj/ WebLoader.m:533 #21 0x00393ab4 in -[WebMainResourceLoader didReceiveData:lengthReceived:] (self=0x1253d930, _cmd=0x90a0fb9c, data=0x1253e6a0, lengthReceived=9551) at .../WebKit/WebView.subproj/ WebMainResourceLoader.m:377 #22 0x00351748 in -[WebLoader connection:didReceiveData:lengthReceived:] (self=0x1253d930, _cmd=0x90a0b9cc, con=0xd3bb280, data=0x1253e6a0, lengthReceived=9551) at .../WebKit/ WebView.subproj/WebLoader.m:644 #23 0x92906a64 in -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] () #24 0x92904f04 in -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] () #25 0x92904ca0 in _sendCallbacks () #26 0x9075ea68 in __CFRunLoopDoSources0 () #27 0x9075df98 in __CFRunLoopRun () #28 0x9075da18 in CFRunLoopRunSpecific () #29 0x9317c1e0 in RunCurrentEventLoopInMode () #30 0x9317b7ec in ReceiveNextEventCommon () #31 0x9317b6e0 in BlockUntilNextEventMatchingListInMode () #32 0x9367a104 in _DPSNextEvent () #33 0x93679dc8 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] () #34 0x9367630c in -[NSApplication run] () #35 0x93766e68 in NSApplicationMain () #36 0x00002888 in ?? () #37 0x000a4da0 in ?? ()

Attachments
Message that triggers the crash (3.71 KB, application/octet-stream) 2006-01-16 13:13 PST, Mark Rowe (bdash)	no flags	Details
patch that should fix the crash (1.15 KB, patch) 2006-01-17 09:17 PST, Darin Adler	ggaren: review-	Details Formatted Diff Diff
Crash log. (5.33 KB, text/plain) 2006-01-17 09:52 PST, Mark Rowe (bdash)	no flags	Details
fix the root cause of the crash (3.29 KB, patch) 2006-01-17 21:14 PST, Darin Adler	sullivan: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Mark Rowe (bdash)

Comment 1 2006-01-16 13:13:44 PST

Created attachment 5725 [details] Message that triggers the crash Extract this tarball, and then go File -> Import Mailboxes in Mail, choose Other, browse to the crashing-message folder, and hit Choose. Hit Continue to import the 'message' mailbox. You should then be able to trigger the bug using the imported message as described in the original comment.

Darin Adler

Comment 2 2006-01-17 09:17:12 PST

Created attachment 5737 [details] patch that should fix the crash

Darin Adler

Comment 3 2006-01-17 09:17:37 PST

Comment on attachment 5737 [details] patch that should fix the crash Very straightforward. Someone should test this fix.

Mark Rowe (bdash)

Comment 4 2006-01-17 09:52:26 PST

Created attachment 5738 [details] Crash log. After applying the patch I no longer see an assertion failure, but do see a crash due to a null pointer dereference. The steps to reproduce are exactly the same.

Geoffrey Garen

Comment 5 2006-01-17 11:51:19 PST

Comment on attachment 5737 [details] patch that should fix the crash Patch looks good, but r- because bdash says it doesn't fix the bug.

Darin Adler

Comment 6 2006-01-17 12:16:01 PST

Could you add a backtrace of the new crash?

Mark Rowe (bdash)

Comment 7 2006-01-17 16:50:30 PST

Darin, the new backtrace is attached as "Crash log".

Mark Rowe (bdash)

Comment 8 2006-01-17 20:58:36 PST

As Darin pointed out on IRC this problem can be reproduced in Safari by disabling Javascript and then browsing between two pages.

Darin Adler

Comment 9 2006-01-17 21:14:13 PST

Created attachment 5752 [details] fix the root cause of the crash

Darin Adler

Comment 10 2006-01-17 21:14:55 PST

Comment on attachment 5752 [details] fix the root cause of the crash There's some stuff here that's using JavaScript without checking if it's enabled; the fix is to check.

Darin Adler

Comment 11 2006-01-17 21:16:42 PST

*** This bug has been marked as a duplicate of 6377 ***

John Sullivan

Comment 12 2006-01-17 21:42:24 PST

Comment on attachment 5752 [details] fix the root cause of the crash Looks fine, assuming you tested.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 6377

Priority P1

Severity Normal

Classification Unclassified

Version 420+

Hardware Mac

OS OS X 10.4

Product WebKit

Component JavaScriptCore

Assignee

Darin Adler

Reported

2006-01-16 13:10 PST

Modified

2006-01-17 21:42 PST History

CC List

1 user Show

URL

Keywords

Depends on

Blocks