[Webkit-unassigned] [Bug 12645] New: ASSERTION: Navigating 'back' in frameset: !_private->previousItem

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Feb 6 23:18:38 PST 2007 

http://bugs.webkit.org/show_bug.cgi?id=12645

           Summary: ASSERTION: Navigating 'back' in frameset: !_private-
                    >previousItem
           Product: WebKit
           Version: 420+ (nightly)
          Platform: Macintosh
        OS/Version: Mac OS X 10.4
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P1
         Component: Page Loading
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mjs at apple.com


2006-12-22 23:01:48 Geoff Garen:
* STEPS TO REPRODUCE
1. Load attached testcase.
2. Click google, then yahoo, then slashdot
3. Hit 'back'
--> assertion failure

2006-12-22 23:03:14 Geoff Garen:
ASSERTION FAILED: !_private->previousItem
(/Users/ggaren/Labyrinth/OpenSource/WebKit/WebView/WebFrame.mm:594
-[WebFrame(WebInternal) _recursiveGoToItem:fromItem:withLoadType:])
Program received signal:  "EXC_BAD_ACCESS".
(gdb) bt
#0  0x00436262 in -[WebFrame(WebInternal)
_recursiveGoToItem:fromItem:withLoadType:] (self=0x170a0590, _cmd=0x90a836d8,
item=0x17794080, fromItem=0x179b9f30, type=WebCore::FrameLoadTypeBack) at
/Users/ggaren/Labyrinth/OpenSource/WebKit/WebView/WebFrame.mm:594
#1  0x004364e1 in -[WebFrame(WebInternal)
_recursiveGoToItem:fromItem:withLoadType:] (self=0x2979080, _cmd=0x90a836d8,
item=0x177b1450, fromItem=0x19170150, type=WebCore::FrameLoadTypeBack) at
/Users/ggaren/Labyrinth/OpenSource/WebKit/WebView/WebFrame.mm:615
#2  0x00433d6e in -[WebFrame(WebInternal) _goToItem:withLoadType:]
(self=0x2979080, _cmd=0x90a75f78, item=0x177b1450,
type=WebCore::FrameLoadTypeBack) at
/Users/ggaren/Labyrinth/OpenSource/WebKit/WebView/WebFrame.mm:639
#3  0x004643d4 in -[WebView(WebPrivate) _goToItem:withLoadType:]
(self=0x2984120, _cmd=0x90a75f78, item=0x177b1450, type=WebFrameLoadTypeBack)
at /Users/ggaren/Labyrinth/OpenSource/WebKit/WebView/WebView.mm:823
#4  0x0046a6c4 in -[WebView goBack] (self=0x2984120, _cmd=0x90aa7630) at
/Users/ggaren/Labyrinth/OpenSource/WebKit/WebView/WebView.mm:2184
#5  0x0046cbd7 in -[WebView(WebIBActions) goBack:] (self=0x2984120,
_cmd=0x90aa7638, sender=0x29322b0) at
/Users/ggaren/Labyrinth/OpenSource/WebKit/WebView/WebView.mm:2776
#6  0x9335cd88 in -[NSApplication sendAction:to:from:] ()
#7  0x00024d52 in -[BrowserApplication sendAction:to:from:] (self=0x2922910,
_cmd=0x90abf2ac, theAction=0x90aa7638, theTarget=0x0, sender=0x29322b0) at
/Users/ggaren/Labyrinth/Internal/WebBrowser/BrowserApplication.m:85
#8  0x9340ace7 in -[NSMenu performActionForItemAtIndex:] ()
#9  0x9340aa29 in -[NSCarbonMenuImpl
performActionWithHighlightingForItemAtIndex:] ()
#10 0x9340a680 in -[NSMenu performKeyEquivalent:] ()
#11 0x9340a121 in -[NSApplication _handleKeyEquivalent:] ()
#12 0x9333dd87 in -[NSApplication sendEvent:] ()
#13 0x000250e1 in -[BrowserApplication sendEvent:] (self=0x2922910,
_cmd=0x90abf484, event=0x19e5c830) at
/Users/ggaren/Labyrinth/Internal/WebBrowser/BrowserApplication.m:137
#14 0x93268dfe in -[NSApplication run] ()
#15 0x9325cd2f in NSApplicationMain ()
#16 0x000bce0f in main (argc=1, argv=0xbffffb44) at
/Users/ggaren/Labyrinth/Internal/WebBrowser/main.m:26
#17 0x000022e6 in _start ()
#18 0x0000220d in start ()
(gdb)

2007-01-02 14:39:45 Stephanie Lewis:
Safari BRB Reviewed

2007-01-02 19:50:26 Brady Eidson:
Same ASSERT reproduces in my BF rewrite, carried over from WebKit.  I am
exploring now!

2007-01-02 19:52:50 Brady Eidson:
New Backtrace - 
Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0xbbadbeef
0x01397f80 in WebCore::FrameLoader::recursiveGoToItem (this=0x290a800,
item=0x16460fe0, fromItem=0x162aead0, type=WebCore::FrameLoadTypeBack) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/FrameLoader.cpp:2928
2928            ASSERT(!m_previousHistoryItem);
(gdb) ba
#0  0x01397f80 in WebCore::FrameLoader::recursiveGoToItem (this=0x290a800,
item=0x16460fe0, fromItem=0x162aead0, type=WebCore::FrameLoadTypeBack) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/FrameLoader.cpp:2928
#1  0x01398171 in WebCore::FrameLoader::recursiveGoToItem (this=0x285a600,
item=0x16460a50, fromItem=0x162994d0, type=WebCore::FrameLoadTypeBack) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/FrameLoader.cpp:2948
#2  0x01398297 in WebCore::FrameLoader::goToItem (this=0x285a600,
targetItem=0x16460a50, type=WebCore::FrameLoadTypeBack) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/FrameLoader.cpp:2899
#3  0x0119dc1c in WebCore::Page::goToItem (this=0x217b480, item=0x16460a50,
type=WebCore::FrameLoadTypeBack) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/page/Page.cpp:132
#4  0x0119dcb7 in WebCore::Page::goBack (this=0x217b480) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/page/Page.cpp:108
#5  0x00465f71 in -[WebView goBack] (self=0x2177f90, _cmd=0x90aa8670) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebKit/WebView/WebView.mm:2158
#6  0x004683c7 in -[WebView(WebIBActions) goBack:] (self=0x2177f90,
_cmd=0x90aa8678, sender=0x21b6090) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebKit/WebView/WebView.mm:2741
#7  0x000428ad in -[BrowserWindowController goBack:] (self=0x21996d0,
_cmd=0x90aa8678, sender=0x21b6090) at
/Volumes/Data/Users/bradeeoh/local_svn/Internal/WebBrowser/BrowserWindowController.m:470
#8  0x9336ad88 in -[NSApplication sendAction:to:from:] ()
#9  0x000250d4 in -[BrowserApplication sendAction:to:from:] (self=0x21203b0,
_cmd=0x90ac02ec, theAction=0x90aa8678, theTarget=0x21996d0, sender=0x21b6090)
at
/Volumes/Data/Users/bradeeoh/local_svn/Internal/WebBrowser/BrowserApplication.m:85
#10 0x9336ace1 in -[NSControl sendAction:to:] ()
#11 0x9336ce91 in -[NSCell _sendActionFrom:] ()
#12 0x9337f671 in -[NSCell trackMouse:inRect:ofView:untilMouseUp:] ()
#13 0x9339d25d in -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:] ()
#14 0x9339cb0d in -[NSControl mouseDown:] ()
#15 0x00058831 in -[ButtonWithMenu mouseDown:] (self=0x21b6090,
_cmd=0x90ab4a3c, event=0x1685e590) at
/Volumes/Data/Users/bradeeoh/local_svn/Internal/WebBrowser/ButtonWithMenu.m:78
#16 0x9335a3af in -[NSWindow sendEvent:] ()
#17 0x000c2cd2 in -[Window sendEvent:] (self=0x21ae870, _cmd=0x90ac04c4,
event=0x1685e590) at
/Volumes/Data/Users/bradeeoh/local_svn/Internal/WebBrowser/Window.m:83
#18 0x9334c350 in -[NSApplication sendEvent:] ()
#19 0x00025463 in -[BrowserApplication sendEvent:] (self=0x21203b0,
_cmd=0x90ac04c4, event=0x1685e590) at
/Volumes/Data/Users/bradeeoh/local_svn/Internal/WebBrowser/BrowserApplication.m:137
#20 0x93276dfe in -[NSApplication run] ()
#21 0x9326ad2f in NSApplicationMain ()
#22 0x000bd36b in main (argc=2, argv=0xbffffc78) at
/Volumes/Data/Users/bradeeoh/local_svn/Internal/WebBrowser/main.m:26

2007-01-02 19:59:44 Brady Eidson:
Note, can repro with only google->yahoo->back - the 3rd isn't necc.

2007-02-02 13:11:29 Brady Eidson:
After landing my BFL rewrite (a month ago now, just after my last comment) this
still reproduces on the new code.
I'm exploring now.

2007-02-02 13:38:19 Brady Eidson:
On a whim, I reconstructed the attach frameset.html as an iframe test case, and
it works just fine.  A few webkit cohorts on the couches here tell me that
framesets and iframes are on in the frame tree the same way but there are other
differences... I just hafta learn what those differences are - why is the
iframe-case getting its BF history saved correctly but framesets aren't?

<rdar://problem/4900071>


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list