[Webkit-unassigned] [Bug 9477] New: REGRESSION: fast/dom/replaceChild.html crashes on WebKit ToT in debug build

bugzilla-daemon at opendarwin.org bugzilla-daemon at opendarwin.org
Fri Jun 16 22:39:14 PDT 2006 

http://bugzilla.opendarwin.org/show_bug.cgi?id=9477

           Summary: REGRESSION: fast/dom/replaceChild.html crashes on WebKit
                    ToT in debug build
           Product: WebKit
           Version: 420+ (nightly)
          Platform: Macintosh
        OS/Version: Mac OS X 10.4
            Status: NEW
          Keywords: Regression
          Severity: normal
          Priority: P1
         Component: JavaScriptCore
        AssignedTo: webkit-unassigned at opendarwin.org
        ReportedBy: ddkilzer at kilzer.net


Running fast/dom/replaceChild.html on WebKit ToT (r14895) causes a reproducible
crash on my Mac OS X 10.4.6 (8I127/PowerPC) PB G4.

I'm not sure when this bug was introduced.  This doesn't seem to happen when
this test is loaded in the browser, although one of two resources is NOT loaded
per the Activity Window when the test is opened in the browser.

Relevant stack trace bits:

Command: DumpRenderTree
Path:    /Users/ddkilzer/Projects/Cocoa/WebKit/WebKitBuild/Debug/DumpRenderTree
Parent:  perl [10628]

Version: ??? (???)

PID:    10671
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0x2c323130

Thread 0 Crashed:
0   <<00000000>>        0x2c323130 0 + 741486896
1   com.apple.JavaScriptCore    0x12d1bc98 KJS::JSObject::call(KJS::ExecState*,
KJS::JSObject*, KJS::List const&) + 288 (object.cpp:96)
2   com.apple.JavaScriptCore    0x12d11110
KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 908 (nodes.cpp:758)
3   com.apple.JavaScriptCore    0x12d0db0c
KJS::ExprStatementNode::execute(KJS::ExecState*) + 220 (nodes.cpp:1661)
4   com.apple.JavaScriptCore    0x12d0a2e4
KJS::SourceElementsNode::execute(KJS::ExecState*) + 616 (nodes.cpp:2448)
5   com.apple.JavaScriptCore    0x12d07ca0
KJS::BlockNode::execute(KJS::ExecState*) + 216 (nodes.cpp:1638)
6   com.apple.JavaScriptCore    0x12d0d994
KJS::IfNode::execute(KJS::ExecState*) + 500 (nodes.cpp:1680)
7   com.apple.JavaScriptCore    0x12d0a194
KJS::SourceElementsNode::execute(KJS::ExecState*) + 280 (nodes.cpp:2442)
8   com.apple.JavaScriptCore    0x12d07ca0
KJS::BlockNode::execute(KJS::ExecState*) + 216 (nodes.cpp:1638)
9   com.apple.JavaScriptCore    0x12cf633c
KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 92 (function.cpp:333)
10  com.apple.JavaScriptCore    0x12cf5964
KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List
const&) + 668 (function.cpp:104)
11  com.apple.JavaScriptCore    0x12d1bc98 KJS::JSObject::call(KJS::ExecState*,
KJS::JSObject*, KJS::List const&) + 288 (object.cpp:96)
12  com.apple.WebCore           0x01338aa8
KJS::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 748
(kjs_events.cpp:105)
13  com.apple.WebCore           0x0114cb34
WebCore::Document::handleWindowEvent(WebCore::Event*, bool) + 308
(Document.cpp:2208)
14  com.apple.WebCore           0x012fa1ac
WebCore::EventTargetNode::dispatchWindowEvent(WebCore::AtomicString const&,
bool, bool) + 324 (EventTargetNode.cpp:315)
15  com.apple.WebCore           0x0114fb68 WebCore::Document::implicitClose() +
700 (Document.cpp:1179)
16  com.apple.WebCore           0x0111ceb4 WebCore::Frame::checkEmitLoadEvent()
+ 724 (Frame.cpp:858)
17  com.apple.WebCore           0x011224ac WebCore::Frame::checkCompleted() +
528 (Frame.cpp:823)
18  com.apple.WebCore           0x011228d4 WebCore::Frame::finishedParsing() +
44 (Frame.cpp:778)
19  com.apple.WebCore           0x01149c88 WebCore::Document::finishedParsing()
+ 72 (Document.cpp:3223)
20  com.apple.WebCore           0x01040e0c WebCore::HTMLParser::finished() +
300 (HTMLParser.cpp:1345)
21  com.apple.WebCore           0x01046228 WebCore::HTMLTokenizer::end() + 308
(HTMLTokenizer.cpp:1489)
22  com.apple.WebCore           0x010466a4 WebCore::HTMLTokenizer::finish() +
1128 (HTMLTokenizer.cpp:1527)
23  com.apple.WebCore           0x01147abc WebCore::Document::finishParsing() +
84 (Document.cpp:1313)
24  com.apple.WebCore           0x011231d0 WebCore::Frame::endIfNotLoading() +
432 (Frame.cpp:734)
25  com.apple.WebCore           0x01123224 WebCore::Frame::end() + 52
(Frame.cpp:717)
26  com.apple.WebCore           0x01160b64 -[WebCoreFrameBridge end] + 72
(WebCoreFrameBridge.mm:703)
27  com.apple.WebKit            0x00246688 -[WebDataSource(WebPrivate)
_finishedLoading] + 220 (WebDataSource.m:792)
28  com.apple.WebKit            0x002833c0 -[WebMainResourceLoader
didFinishLoading] + 560 (WebMainResourceLoader.m:379)
29  com.apple.WebKit            0x00241788 -[WebLoader
connectionDidFinishLoading:] + 184 (WebLoader.m:575)
30  com.apple.Foundation        0x929a884c
-[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 188
31  com.apple.Foundation        0x929a6ab8
-[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 556
32  com.apple.Foundation        0x929a6810 _sendCallbacks + 156
33  com.apple.CoreFoundation    0x907e44cc __CFRunLoopDoSources0 + 384
34  com.apple.CoreFoundation    0x907e39fc __CFRunLoopRun + 452
35  com.apple.CoreFoundation    0x907e347c CFRunLoopRunSpecific + 268
36  com.apple.Foundation        0x92985164 -[NSRunLoop runMode:beforeDate:] +
172
37  DumpRenderTree              0x00008ac4 dumpRenderTree + 904
(DumpRenderTree.m:744)
38  DumpRenderTree              0x00005d48 main + 3672 (DumpRenderTree.m:321)
39  DumpRenderTree              0x000024f0 _start + 340 (crt.c:272)
40  DumpRenderTree              0x00002398 start + 60


-- 
Configure bugmail: http://bugzilla.opendarwin.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list