RESOLVED FIXED9748
Reproducible crash on EBAY.com (multiple, including Collector::collect()) 
https://bugs.webkit.org/show_bug.cgi?id=9748
Summary Reproducible crash on EBAY.com (multiple, including Collector::collect())
corey
Reported 2006-07-05 21:22:24 PDT
I AM SO SICK OF THIS CRAPPY ISSIUE WITH MYSPACE AND EBAY!!!!  i cant browse ebay for more then 2 mins without it crashing! same with mysace it is so annoying!!! those are the two sites i go to the most!!!!!! please help, why is it crashing?!??!
Attachments
Crash log (WebCore::Frame::page()) (38.09 KB, text/plain)
2006-07-06 01:49 PDT, jonathanjohnsson 		no flags
Details
Crash log 2 (WebCore::Frame::disconnectOwnerElement()) (25.24 KB, text/plain)
2006-07-06 02:11 PDT, jonathanjohnsson 		no flags
Details
Crash log 3 (Coveted unreproducible Collector::collect() crash) (40.01 KB, text/plain)
2006-07-07 13:51 PDT, Geoffrey Garen 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2006-07-06 01:38:42 PDT
You have already filed a bug about MySpace today (bug 9741), so I'm removing it from the summary. Please provide the additional information requested there. Please provide the same details about eBay in this bug.
jonathanjohnsson
Comment 2 2006-07-06 01:48:09 PDT
I just tried browsing ebay.com to see if there were any issues, and I actually crashed within a minute. Now I'll try to list how to reproduce it reliably. Changing to P1, as this is a crash.
jonathanjohnsson
Comment 3 2006-07-06 01:49:11 PDT
Created attachment 9221 [details] Crash log (WebCore::Frame::page())
jonathanjohnsson
Comment 4 2006-07-06 02:10:32 PDT
I've found two ways to crash WebKit r15181 on ebay.com: Crash 1 (the Crash log attachment) Go to the following pages, in order: 1. http://cgi.ebay.com/Old-Estate-African-Sculpture-Statue-Africa-Gabon-Punu_W0QQitemZ330003588514QQihZ014QQcategoryZ37947QQrdZ1QQcmdZViewItem 2. http://www.ebay.com/ 3. http://hub.ebay.com/buy 4. Crash. Crash 2 (the Crash log 2 attachment) 1. Go to the above pages, in order, but omit number 2. 2. Close the window  3. Crash.
jonathanjohnsson
Comment 5 2006-07-06 02:11:59 PDT
Created attachment 9222 [details] Crash log 2 (WebCore::Frame::disconnectOwnerElement())
Joost de Valk (AlthA)
Comment 6 2006-07-06 03:12:39 PDT
Confirming the same behavior as Jonathan, seems a big problem. Changing summary to reflect contents of the bug. Reporter: thx for the bug, for future bugs, you might want to read this: http://webkit.opendarwin.org/quality/reporting.html, as bugs filed with more details are usually solved faster :).  Adding HitListCandidate keyword, as this should really be on there, imho. CC-ing Geoff for that reason.
Geoffrey Garen
Comment 7 2006-07-07 00:08:28 PDT
Hmmm... I can't seem to repro.
Joost de Valk (AlthA)
Comment 8 2006-07-07 00:36:24 PDT
I can, comment #4 states it: 1 follow the url 2 click the ebay icon top left 3 click buy in the menu 4. page starts to load, and then webkit crashes.
Geoffrey Garen
Comment 9 2006-07-07 13:49:45 PDT
Awesome. Thanks. I was copying the URLs directly; it looks like you actually have to click inside the page to make it crash. I've seen the first two crash logs, and also the coveted unreproducible Collector::collect() crash. This is a really exciting bug!
Geoffrey Garen
Comment 10 2006-07-07 13:51:16 PDT
Created attachment 9256 [details] Crash log 3 (Coveted unreproducible Collector::collect() crash)
Alice Liu
Comment 11 2006-07-07 14:01:00 PDT
<rdar://problem/4618213>
Mark Rowe (bdash)
Comment 12 2006-07-13 04:03:52 PDT
I can no longer reproduce this with ToT (r15404). After a binary search through recent revisions, r15218 is the last in which I can reproduce the crash. Revision 15219 is the fix for bug 9777 (Reproducible crash in Loading/Frames in ToT). It seems that patch either fixed or masked this bug from appearing.
tim bates
Comment 13 2006-07-18 03:14:21 PDT
I can't cause a crash using either of these methods under rev15498, despite repeated attempts. > Crash 1 (the Crash log attachment) > Go to the following pages, in order: > 1. > http://cgi.ebay.com/Old-Estate-African-Sculpture-Statue-Africa-Gabon-Punu_W0QQitemZ330003588514QQihZ014QQcategoryZ37947QQrdZ1QQcmdZViewItem > 2. http://www.ebay.com/ > 3. http://hub.ebay.com/buy > 4. Crash.  > Crash 2 (the Crash log 2 attachment) > 1. Go to the above pages, in order, but omit number 2. > 2. Close the window  > 3. Crash. >
Joost de Valk (AlthA)
Comment 14 2006-07-18 03:30:55 PDT
Can't reproduce either, closing as fixed.
Geoffrey Garen
Comment 15 2006-07-18 10:47:53 PDT
FYI, I also confirmed that this is fixed.
Geoffrey Garen
Comment 16 2006-07-19 12:09:37 PDT
*** Bug 5379 has been marked as a duplicate of this bug. ***
Geoffrey Garen
Comment 17 2006-07-21 09:41:43 PDT
*** Bug 10044 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.