[Webkit-unassigned] [Bug 11863] New: REGRESSION: Reproducible crash in GMail after composing new message, clicking in body, then closing window

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Dec 17 16:27:55 PST 2006 

http://bugs.webkit.org/show_bug.cgi?id=11863

           Summary: REGRESSION: Reproducible crash in GMail after composing
                    new message, clicking in body, then closing window
           Product: WebKit
           Version: 420+ (nightly)
          Platform: Macintosh
               URL: http://mail.google.com/mail/
        OS/Version: Mac OS X 10.4
            Status: NEW
          Keywords: Regression, GoogleBug
          Severity: Normal
          Priority: P1
         Component: Page Loading
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: ddkilzer at kilzer.net


Summary:

Logging into GMail, composing a new message, clicking in the body textarea,
then immediately closing the window causes a crash a few seconds after the
window closes.

Steps to reproduce (taken from Bug 11859 Comment #2):

1. Start WebKit nightly r18244 or r18260.
2. Log into GMail.
3. Click "Compose Mail" link.
4. Click once in the message body textarea.
5. Close the window immediately after clicking.
6. Wait about 5 seconds.
7. WebKit crashes.

Expected results:

WebKit should not crash.

Actual results:

WebKit crashes.

Regression:

Regression from earlier WebKit builds that worked with GMail's wysiwyg editor.

Notes:

The "top" of the stack trace appears to varie (e.g. where the crash occurs),
but it always occurs.  Here's a stack trace from a locally-built debug build of
WebKit r18269 with Safari 2.0.4 (419.3) on Mac OS X 10.4.8 (8L127).


Date/Time:      2006-12-17 18:07:12.628 -0600
OS Version:     10.4.8 (Build 8L127)
Report Version: 4

Command: Safari
Path:    /Applications/Safari.app/Contents/MacOS/Safari
Parent:  bash [16966]

Version:        2.0.4 (419.3)
Build Version:  1
Project Name:   WebBrowser
Source Version: 4190300

PID:    27003
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0x0fad7723

Thread 0 Crashed:
0   com.apple.WebCore           0x0149b690
WebCore::Editor::isContinuousSpellCheckingEnabled() + 88 (Editor.cpp:1131)
1   com.apple.WebCore           0x0112e0d4
WebCore::FrameMac::respondToChangedSelection(WebCore::Selection const&, bool) +
108 (FrameMac.mm:839)
2   com.apple.WebCore           0x01296aac
WebCore::SelectionController::setSelection(WebCore::Selection const&, bool,
bool, bool) + 1612 (SelectionController.cpp:139)
3   com.apple.WebCore           0x01297270
WebCore::SelectionController::clear() + 56 (SelectionController.cpp:667)
4   com.apple.WebCore           0x014b9520 WebCore::FrameLoader::clear(bool) +
360 (FrameLoader.cpp:736)
5   com.apple.WebCore           0x014bc410
WebCore::FrameLoader::cancelAndClear() + 76 (FrameLoader.cpp:705)
6   com.apple.WebCore           0x0112f760 WebCore::FrameMac::~FrameMac
[in-charge deleting]() + 184 (FrameMac.mm:151)
7   com.apple.WebCore           0x015c7914
WebCore::Shared<WebCore::Frame>::deref() + 228 (Shared.h:52)
8   com.apple.WebCore           0x0164b394
WTF::RefPtr<WebCore::Frame>::operator=(WebCore::Frame*) + 108 (RefPtr.h:107)
9   com.apple.WebCore           0x014e88e0 WebCore::EventHandler::clear() + 112
(EventHandler.cpp:117)
10  com.apple.WebCore           0x014b953c WebCore::FrameLoader::clear(bool) +
388 (FrameLoader.cpp:737)
11  com.apple.WebCore           0x014bc410
WebCore::FrameLoader::cancelAndClear() + 76 (FrameLoader.cpp:705)
12  com.apple.WebCore           0x0112f760 WebCore::FrameMac::~FrameMac
[in-charge deleting]() + 184 (FrameMac.mm:151)
13  com.apple.WebCore           0x015c7914
WebCore::Shared<WebCore::Frame>::deref() + 228 (Shared.h:52)
14  com.apple.WebCore           0x01128120
WebCore::Frame::lifeSupportTimerFired(WebCore::Timer<WebCore::Frame>*) + 76
(Frame.cpp:904)
15  com.apple.WebCore           0x0164dd3c
WebCore::Timer<WebCore::Frame>::fired() + 152 (Timer.h:96)
16  com.apple.WebCore           0x012aa820
WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*,
(unsigned long)0> const&) + 236 (Timer.cpp:322)
17  com.apple.WebCore           0x012aa8ec
WebCore::TimerBase::sharedTimerFired() + 132 (Timer.cpp:355)
18  com.apple.WebCore           0x012a9c98
WebCore::timerFired(__CFRunLoopTimer*, void*) + 60 (SharedTimerMac.cpp:47)
19  com.apple.CoreFoundation    0x907f0550 __CFRunLoopDoTimer + 184
20  com.apple.CoreFoundation    0x907dcec8 __CFRunLoopRun + 1680
21  com.apple.CoreFoundation    0x907dc47c CFRunLoopRunSpecific + 268
22  com.apple.HIToolbox         0x93208740 RunCurrentEventLoopInMode + 264
23  com.apple.HIToolbox         0x93207d4c ReceiveNextEventCommon + 244
24  com.apple.HIToolbox         0x93207c40
BlockUntilNextEventMatchingListInMode + 96
25  com.apple.AppKit            0x9370bae4 _DPSNextEvent + 384
26  com.apple.AppKit            0x9370b7a8 -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
27  com.apple.Safari            0x00006740 0x1000 + 22336
28  com.apple.AppKit            0x93707cec -[NSApplication run] + 472
29  com.apple.AppKit            0x937f887c NSApplicationMain + 452
30  com.apple.Safari            0x0005c77c 0x1000 + 374652
31  com.apple.Safari            0x0005c624 0x1000 + 374308


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list