[Webkit-unassigned] [Bug 9176] New: repro crash in WebCore::StringImpl::hash() const + 28 (StringImpl.h:67)

bugzilla-daemon at opendarwin.org bugzilla-daemon at opendarwin.org
Tue May 30 15:11:10 PDT 2006 

http://bugzilla.opendarwin.org/show_bug.cgi?id=9176

           Summary: repro crash in WebCore::StringImpl::hash() const + 28
                    (StringImpl.h:67)
           Product: WebKit
           Version: 420+ (nightly)
          Platform: Macintosh
               URL: http://www.move.com/?poe=move
        OS/Version: Mac OS X 10.4
            Status: NEW
          Keywords: InRadar
          Severity: major
          Priority: P1
         Component: WebKit Misc.
        AssignedTo: webkit-unassigned at opendarwin.org
        ReportedBy: alice.liu at apple.com


This bug is also in Radar as <rdar://4567325>

* SUMMARY
Safari TOT crashes immediately upon loading http://www.move.com/?poe=move

I looked for a dup of this in bugzilla and didn't find one.  Then again, i'm
not that great at searching the bugzilla database. 


* STEPS TO REPRODUCE
load http://www.move.com/?poe=move

* REGRESSION
not crashing on shipping versions of Safari

* NOTES

Command: Safari
Path:    /Build/symroots/Debug/Safari.app/Contents/MacOS/Safari
Parent:  WindowServer [6799]

Version: 2.0.1 (420+)

PID:    7166
Thread: 0

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x0000000c

Thread 0 Crashed:
0   com.apple.WebCore           0x020f8fe8 WebCore::StringImpl::hash() const +
28 (StringImpl.h:67)
1   com.apple.WebCore           0x02108878
WTF::StrHash<WebCore::String>::hash(WebCore::String const&) + 44
(xml_tokenizer.cpp:182)
2   com.apple.WebCore           0x021749ac WTF::HashMapTranslator<(bool)0,
std::pair<WebCore::String, WebCore::CachedObject*>,
WTF::PairHashTraits<WTF::HashTraits<WebCore::StringImpl*>, WTF::HashTraits<int>
>, WTF::StrHash<WebCore::String> >::hash(WebCore::String const&) + 32
(HashMap.h:140)
3   com.apple.WebCore           0x0217541c
std::pair<std::pair<std::pair<WebCore::StringImpl*, int>*, bool>, unsigned>
WTF::HashTable<WebCore::StringImpl*, std::pair<WebCore::StringImpl*, int>,
WTF::PairFirstExtractor<std::pair<WebCore::StringImpl*, int> >,
WTF::StrHash<WebCore::StringImpl*>,
WTF::PairHashTraits<WTF::HashTraits<WebCore::StringImpl*>, WTF::HashTraits<int>
>, WTF::HashTraits<WebCore::StringImpl*> >::lookup<WebCore::String,
WTF::HashMapTranslator<(bool)0, std::pair<WTF::HashTable<WebCore::StringImpl*,
std::pair<WebCore::StringImpl*, int>,
WTF::PairFirstExtractor<std::pair<WebCore::StringImpl*, int> >,
WTF::StrHash<WebCore::StringImpl*>,
WTF::PairHashTraits<WTF::HashTraits<WebCore::StringImpl*>, WTF::HashTraits<int>
>, WTF::HashTraits<WebCore::StringImpl*> >::lookup, WebCore::CachedObject*>,
WTF::PairHashTraits<WTF::HashTraits<WebCore::StringImpl*>, WTF::HashTraits<int>
>, WTF::StrHash<WTF::HashTable<WebCore::StringImpl*,
std::pair<WebCore::StringImpl*, int>,
WTF::PairFirstExtractor<std::pair<WebCore::StringImpl*, int> >,
WTF::StrHash<WebCore::StringImpl*>,
WTF::PairHashTraits<WTF::HashTraits<WebCore::StringImpl*>, WTF::HashTraits<int>
>, WTF::HashTraits<WebCore::StringImpl*> >::lookup> > >(WebCore::String const&)
+ 108 (HashTable.h:385)
4   com.apple.WebCore           0x02175b28
std::pair<WTF::HashTableIterator<WebCore::StringImpl*,
std::pair<WebCore::StringImpl*, int>,
WTF::PairFirstExtractor<std::pair<WebCore::StringImpl*, int> >,
WTF::StrHash<WebCore::StringImpl*>,
WTF::PairHashTraits<WTF::HashTraits<WebCore::StringImpl*>, WTF::HashTraits<int>
>, WTF::HashTraits<WebCore::StringImpl*> >, bool>
WTF::HashTable<WebCore::StringImpl*, std::pair<WebCore::StringImpl*, int>,
WTF::PairFirstExtractor<std::pair<WebCore::StringImpl*, int> >,
WTF::StrHash<WebCore::StringImpl*>,
WTF::PairHashTraits<WTF::HashTraits<WebCore::StringImpl*>, WTF::HashTraits<int>
>, WTF::HashTraits<WebCore::StringImpl*> >::add<WebCore::String,
WebCore::CachedObject*, WTF::HashMapTranslator<(bool)0,
std::pair<WTF::HashTable<WebCore::StringImpl*, std::pair<WebCore::StringImpl*,
int>, WTF::PairFirstExtractor<std::pair<WebCore::StringImpl*, int> >,
WTF::StrHash<WebCore::StringImpl*>,
WTF::PairHashTraits<WTF::HashTraits<WebCore::StringImpl*>, WTF::HashTraits<int>
>, WTF::HashTraits<WebCore::StringImpl*> >::add, WebCore::CachedObject>,
WTF::PairHashTraits<WTF::HashTraits<WebCore::StringImpl*>, WTF::HashTraits<int>
>, WTF::StrHash<WTF::HashTable<WebCore::StringImpl*,
std::pair<WebCore::StringImpl*, int>,
WTF::PairFirstExtractor<std::pair<WebCore::StringImpl*, int> >,
WTF::StrHash<WebCore::StringImpl*>,
WTF::PairHashTraits<WTF::HashTraits<WebCore::StringImpl*>, WTF::HashTraits<int>
>, WTF::HashTraits<WebCore::StringImpl*> >::add> > >(WebCore::String const&,
WebCore::CachedObject* const&) + 92 (HashTable.h:427)
5   com.apple.WebCore           0x02175d00 WTF::HashMap<WebCore::String,
WebCore::CachedObject*, WTF::StrHash<WebCore::String>,
WTF::HashTraits<WebCore::String>, WTF::HashTraits<WebCore::CachedObject*>
>::inlineAdd(WebCore::String const&, WebCore::CachedObject* const&) + 76
(HashMap.h:255)
6   com.apple.WebCore           0x02175d70 WTF::HashMap<WebCore::String,
WebCore::CachedObject*, WTF::StrHash<WebCore::String>,
WTF::HashTraits<WebCore::String>, WTF::HashTraits<WebCore::CachedObject*>
>::set(WebCore::String const&, WebCore::CachedObject* const&) + 60
(HashMap.h:263)
7   com.apple.WebCore           0x01e30920
WebCore::Cache::updateCacheStatus(WebCore::DocLoader*, WebCore::String const&,
WebCore::CachedObject*) + 140 (Cache.cpp:119)
8   com.apple.WebCore           0x01e313e4
WebCore::Cache::requestStyleSheet(WebCore::DocLoader*, WebCore::String const&,
bool, long, DeprecatedString const&) + 880 (Cache.cpp:227)
9   com.apple.WebCore           0x01e35058
WebCore::DocLoader::requestStyleSheet(WebCore::String const&, DeprecatedString
const&) + 212 (DocLoader.cpp:113)
10  com.apple.WebCore           0x0203da2c WebCore::HTMLLinkElement::process()
+ 1128 (HTMLLinkElement.cpp:183)
11  com.apple.WebCore           0x0203db90
WebCore::HTMLLinkElement::insertedIntoDocument() + 44 (HTMLLinkElement.cpp:198)
12  com.apple.WebCore           0x01e196d0
WebCore::ContainerNode::addChild(WTF::PassRefPtr<WebCore::Node>) + 436
(ContainerNode.cpp:565)
13  com.apple.WebCore           0x01cf5c14
WebCore::HTMLParser::insertNode(WebCore::Node*, bool) + 264
(HTMLParser.cpp:262)
14  com.apple.WebCore           0x01cf7814
WebCore::HTMLParser::parseToken(WebCore::Token*) + 1388 (HTMLParser.cpp:215)
15  com.apple.WebCore           0x01cfb1b4
WebCore::HTMLTokenizer::processToken() + 564 (HTMLTokenizer.cpp:1581)
16  com.apple.WebCore           0x01cfe794
WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString&,
WebCore::HTMLTokenizer::State) + 7124 (HTMLTokenizer.cpp:1160)
17  com.apple.WebCore           0x01cff3a8
WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) + 1720
(HTMLTokenizer.cpp:1386)
18  com.apple.WebCore           0x01de802c WebCore::Frame::write(char const*,
int) + 1192 (Frame.cpp:685)
19  com.apple.WebCore           0x01dda7d4 WebCore::Frame::addData(char const*,
int) + 340 (Frame.cpp:2646)
20  com.apple.WebCore           0x01e1ffa0 -[WebCoreFrameBridge addData:] + 224
(WebCoreFrameBridge.mm:557)
21  com.apple.WebKit            0x01235890 -[WebFrameBridge
receivedData:textEncodingName:] + 236 (WebFrameBridge.m:490)
22  com.apple.WebKit            0x0125daec -[WebHTMLRepresentation
receivedData:withDataSource:] + 248 (WebHTMLRepresentation.m:138)
23  com.apple.WebKit            0x012468a0 -[WebDataSource(WebPrivate)
_commitLoadWithData:] + 164 (WebDataSource.m:766)
24  com.apple.WebKit            0x01246aec -[WebDataSource(WebPrivate)
_receivedData:] + 196 (WebDataSource.m:781)
25  com.apple.WebKit            0x01280c50 -[WebMainResourceLoader addData:] +
136 (WebMainResourceLoader.m:162)
26  com.apple.WebKit            0x012411d0 -[WebLoader
didReceiveData:lengthReceived:] + 108 (WebLoader.m:461)
27  com.apple.WebKit            0x012821cc -[WebMainResourceLoader
didReceiveData:lengthReceived:] + 680 (WebMainResourceLoader.m:371)
28  com.apple.WebKit            0x01241b18 -[WebLoader
connection:didReceiveData:lengthReceived:] + 188 (WebLoader.m:561)
29  com.apple.Foundation        0x929715d4
-[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564
30  com.apple.Foundation        0x9296fa74
-[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 488
31  com.apple.Foundation        0x9296f810 _sendCallbacks + 156
32  com.apple.CoreFoundation    0x907dc4cc __CFRunLoopDoSources0 + 384
33  com.apple.CoreFoundation    0x907db9fc __CFRunLoopRun + 452
34  com.apple.CoreFoundation    0x907db47c CFRunLoopRunSpecific + 268
35  com.apple.HIToolbox         0x931e5740 RunCurrentEventLoopInMode + 264
36  com.apple.HIToolbox         0x931e4dd4 ReceiveNextEventCommon + 380
37  com.apple.HIToolbox         0x931e4c40
BlockUntilNextEventMatchingListInMode + 96
38  com.apple.AppKit            0x936e8ae4 _DPSNextEvent + 384
39  com.apple.AppKit            0x936e87a8 -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
40  com.apple.Safari            0x00032ca4 -[BrowserApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] + 292
(BrowserApplication.m:155)
41  com.apple.AppKit            0x936e4cec -[NSApplication run] + 472
42  com.apple.AppKit            0x937d587c NSApplicationMain + 452
43  com.apple.Safari            0x00102c2c main + 420 (main.m:36)
44  com.apple.Safari            0x00002f9c _start + 340 (crt.c:272)
45  com.apple.Safari            0x00002e44 start + 60


-------------------------------------------

<GMT30-May-2006 22:08:51GMT> Alice Liu:
migrating to bugzilla.


-- 
Configure bugmail: http://bugzilla.opendarwin.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list