[Webkit-unassigned] [Bug 12670] New: REGRESSION: Many 3rd Party Apps crash in WebCore::DocumentLoader::frameLoader()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Feb 6 23:35:56 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=12670
Summary: REGRESSION: Many 3rd Party Apps crash in
WebCore::DocumentLoader::frameLoader()
Product: WebKit
Version: 420+ (nightly)
Platform: Macintosh
OS/Version: Mac OS X 10.4
Status: NEW
Keywords: InRadar
Severity: Normal
Priority: P1
Component: Page Loading
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: mjs at apple.com
2006-12-06 13:00:21 CrashTracer System:
PLEASE NOTE: This crash was automatically generated based on user crash
reports. Go here to learn how to deal with it:
http://howto.apple.com/db.cgi?CrashTracer
* APPLICATION: Safari
* CRASH: com.apple.WebCore: WebCore::DocumentLoader::frameLoader const + 6
* MORE INFORMATION:
http://crashtracer.apple.com/detail.php?crash_id=5906767&app=Safari&build=9A300
(may not immediately have data)
This crash was escalated to Radar by the CrashTracer System because an internal
user (mweiher at apple.com) explicitly requested it. The user provided the
following comments:
Browsing new.bbc.co.uk, closing a tab while other background tabs were loading
Possible third-party binary images occurring in over 75% in processes that
crashed here:
100.00% (2 of 2) com.yourcompany.yourcocoaframework
1 occurrences of version ??? (1.0)
/Volumes/Data/jul/Library/Frameworks/iMatorKit.framework/iMatorKit
1 occurrences of version ??? (1.0)
/Volumes/Data/jul/Library/Frameworks/iMatorUI.framework/iMatorUI
Summary of a selection of backtraces attributed to this bug. The stack frame
considered to be the unique "crash point" is highlighted ==> like this <==.
This frame is used for aggregation when filing these bugs and does not
necessarily imply fault.
==> 2 com.apple.WebCore: WebCore::DocumentLoader::frameLoader const + 6
<==
1 com.apple.WebKit:
WebFrameLoaderClient::dispatchDidFinishLoading + 28
+-1 com.apple.WebCore: WebCore::FrameLoader::didFinishLoad + 79
+---1 com.apple.WebCore:
WebCore::ResourceLoader::didFinishLoadingOnePart + 52
+-----1 com.apple.WebCore:
WebCore::ResourceLoader::didFinishLoading + 30
+-------1 com.apple.WebCore:
WebCore::SubresourceLoader::didFinishLoading + 149
+---------1 com.apple.WebCore: -[WebCoreResourceLoaderAsDelegate
connectionDidFinishLoading:] + 37
+-----------1 com.apple.Foundation:
-[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 176
+-------------1 com.apple.Foundation:
-[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 748
+---------------1 com.apple.Foundation: _sendCallbacks + 201
+-----------------1 com.apple.CoreFoundation:
CFRunLoopRunSpecific + 1213
+-------------------1 com.apple.CoreFoundation:
CFRunLoopRunInMode + 61
+---------------------1 com.apple.HIToolbox:
RunCurrentEventLoopInMode + 285
+-----------------------1 com.apple.HIToolbox:
ReceiveNextEventCommon + 385
+-------------------------1 com.apple.HIToolbox:
BlockUntilNextEventMatchingListInMode + 81
+---------------------------1 com.apple.AppKit: _DPSNextEvent +
572
+-----------------------------1 com.apple.AppKit: -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] + 137
+-------------------------------1 com.apple.Safari: 0x6f96
+---------------------------------1 com.apple.AppKit:
-[NSApplication run] + 512
+-----------------------------------1 com.apple.AppKit:
NSApplicationMain + 573
+-------------------------------------1 com.apple.Safari: 0x5f7de
+---------------------------------------1 com.apple.Safari:
0x5f6f9
+-----------------------------------------1 Main thread
pruning: 1 com.apple.WebKit:
WebFrameLoaderClient::dispatchDidFinishLoading + 29
Overall this crash was reported 2 times in OS builds 8L2127 to 9A300, Safari
versions 521.30 to 17930. Of these crashes, 1 was in the latest OS build,
9A300, and 1 was in the latest Safari version, 17930.
2006-12-08 19:33:24 Stephanie Lewis:
Couldn't reproduce
2006-12-13 12:53:35 Brady Eidson:
This code path can't exist any longer - this was likely a null deref introduced
in loader refactoring. 9A300 is eons behind in WebKit loader-land.
Closing
2007-01-05 09:56:57 Reese Schreiber:
The following application: http://mekentosj.com/papers/ crashes on launch under
9A334 and CrashReporter links me to this bug (it happens ever time):
Process: Papers [1444]
Path: /Volumes/Papers Public
Preview/Papers.app/Contents/MacOS/Papers
Version: 1.0b1 (1.0b1)
Code Type: X86 (Native)
Parent Process: launchd [156]
Date/Time: 2007-01-05 09:56:35.093 -0800
OS Version: Mac OS X 10.5 (9A334)
Report Version: 6
Exception Type: EXC_RPC_ALERT
Exception Codes: 0xff000001, 0x000005a4
Crashed Thread: 0
Thread 0 Crashed:
0 com.apple.WebCore 0x948edc36
WebCore::DocumentLoader::frameLoader() const + 6
1 com.apple.WebKit 0x9d900080
WebFrameLoaderClient::dispatchWillSendRequest(WebCore::DocumentLoader*,
objc_object*, NSURLRequest*, NSURLResponse*) + 32
2 com.apple.WebCore 0x948f29a5
WebCore::FrameLoader::willSendRequest(WebCore::ResourceLoader*,
NSMutableURLRequest*, NSURLResponse*) + 85
3 com.apple.WebCore 0x948f8365
WebCore::ResourceLoader::willSendRequest(NSURLRequest*, NSURLResponse*) + 165
4 com.apple.WebCore 0x948f96eb
WebCore::MainResourceLoader::willSendRequest(NSURLRequest*, NSURLResponse*) +
155
5 com.apple.WebCore 0x948f7415
-[WebCoreResourceLoaderAsDelegate connection:willSendRequest:redirectResponse:]
+ 53
6 com.apple.Foundation 0x9133c0b2
-[NSURLConnection(NSURLConnectionInternal_ClientThread)
_sendWillSendRequestCallback:] + 978
7 com.apple.Foundation 0x9133b9bf
-[NSURLConnection(NSURLConnectionInternal_ClientThread) _sendCallbacks] + 655
8 com.apple.Foundation 0x9121b729 _sendCallbacks + 297
9 com.apple.CoreFoundation 0x9efa3c0d CFRunLoopRunSpecific + 3229
10 com.apple.CoreFoundation 0x9efa2f5d CFRunLoopRunInMode + 61
11 com.apple.HIToolbox 0x917f1c87 RunCurrentEventLoopInMode +
305
12 com.apple.HIToolbox 0x917f1320 ReceiveNextEventCommon + 175
13 com.apple.HIToolbox 0x917f1253
BlockUntilNextEventMatchingListInMode + 106
14 com.apple.AppKit 0x91dbbe23 _DPSNextEvent + 657
15 com.apple.AppKit 0x91dbb776 -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
16 com.apple.AppKit 0x91db5178 -[NSApplication run] + 795
17 com.apple.AppKit 0x91da8d30 NSApplicationMain + 663
18 com.mekentosj.papers 0x00002402 _start + 216
19 com.mekentosj.papers 0x00002329 start + 41
20 ??? 0x00000001 0 + 1
Thread 1:
0 libSystem.B.dylib 0x900057a7 mach_msg_trap + 7
1 com.apple.CoreFoundation 0x9efa34fe CFRunLoopRunSpecific + 1422
2 com.apple.CoreFoundation 0x9efa2f5d CFRunLoopRunInMode + 61
3 com.apple.Foundation 0x9133d850
+[NSURLConnection(NSURLConnectionInternal_LoaderThread) _resourceLoadLoop:] +
272
4 com.apple.Foundation 0x9133397d -[NSThread main] + 45
5 com.apple.Foundation 0x91333634 __main__ + 308
6 libSystem.B.dylib 0x900170e7 _pthread_body + 27
Thread 2:
0 libSystem.B.dylib 0x90029c7f syscall_thread_switch + 7
1 com.apple.AppKit 0x91e8a869 -[NSUIHeartBeat
_heartBeatThread:] + 1552
2 com.apple.Foundation 0x9133397d -[NSThread main] + 45
3 com.apple.Foundation 0x91333634 __main__ + 308
4 libSystem.B.dylib 0x900170e7 _pthread_body + 27
Thread 0 crashed with X86 Thread State (32-bit):
eax: 0x00000000 ebx: 0x9d90006b ecx: 0x006089b0 edx: 0x00418ef0
edi: 0x00418ef0 esi: 0x0060dd00 ebp: 0xbfffeb98 esp: 0xbfffeb98
ss: 0x0000001f efl: 0x00010286 eip: 0x948edc36 cs: 0x00000017
ds: 0x0000001f es: 0x0000001f fs: 0x00000000 gs: 0x00000037
Binary Images:
0x1000 - 0xebfe5 +com.mekentosj.papers ??? (1.0b1) /Volumes/Papers
Public Preview/Papers.app/Contents/MacOS/Papers
0x742000 - 0x7c7fef com.apple.RawCamera.bundle 2.0 (2.0)
/System/Library/CoreServices/RawCamera.bundle/Contents/MacOS/RawCamera
0x8fe00000 - 0x8fe4d521 dyld 0.0 (???) /usr/lib/dyld
0x90000000 - 0x9013cfec libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib
0x901a0000 - 0x901a2fe3 libmathCommon.A.dylib ??? (???)
/usr/lib/system/libmathCommon.A.dylib
0x901f7000 - 0x90246fea com.apple.CoreText 2.0.0 (???)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreText.framework/Versions/A/CoreText
0x90395000 - 0x904d3fc3 libicucore.A.dylib ??? (???)
/usr/lib/libicucore.A.dylib
0x90516000 - 0x9059cff9 libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib
0x905c7000 - 0x905e7ff1 libauto.dylib ??? (???) /usr/lib/libauto.dylib
0x905f0000 - 0x905f7fed libgcc_s.1.dylib ??? (???) /usr/lib/libgcc_s.1.dylib
0x905fa000 - 0x90660fdb libstdc++.6.dylib ??? (???) /usr/lib/libstdc++.6.dylib
0x90862000 - 0x90862fff com.apple.ApplicationServices 30 (30)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/ApplicationServices
0x90919000 - 0x909b7003 com.apple.DesktopServices 1.4 (1.4)
/System/Library/PrivateFrameworks/DesktopServicesPriv.framework/Versions/A/DesktopServicesPriv
0x90a74000 - 0x90a7cfff com.apple.DiskArbitration 2.2 (2.2)
/System/Library/Frameworks/DiskArbitration.framework/Versions/A/DiskArbitration
0x90a83000 - 0x90a8afff libbsm.dylib ??? (???) /usr/lib/libbsm.dylib
0x90a8e000 - 0x90a9cffd libz.1.dylib ??? (???) /usr/lib/libz.1.dylib
0x90a9f000 - 0x90c78fc3 com.apple.security 5.0 (29968)
/System/Library/Frameworks/Security.framework/Versions/A/Security
0x90d92000 - 0x90d92fff com.apple.CoreServices 26 (26)
/System/Library/Frameworks/CoreServices.framework/Versions/A/CoreServices
0x90d94000 - 0x90df8fd7 com.apple.CFNetwork 166 (166)
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CFNetwork.framework/Versions/A/CFNetwork
0x90e1e000 - 0x90e5a047 com.apple.Metadata 10.5.0 (310)
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/Metadata.framework/Versions/A/Metadata
0x90eac000 - 0x90eacff3 com.apple.Carbon 135 (135)
/System/Library/Frameworks/Carbon.framework/Versions/A/Carbon
0x90eba000 - 0x90ec6fe7 com.apple.opengl 1.5.0 (1.5.0)
/System/Library/Frameworks/OpenGL.framework/Versions/A/OpenGL
0x90f5b000 - 0x90f5bffb com.apple.Cocoa 6.5 (???)
/System/Library/Frameworks/Cocoa.framework/Versions/A/Cocoa
0x90f5f000 - 0x90fe5ff5 com.apple.SearchKit 1.2.0 (1.2.0)
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/SearchKit.framework/Versions/A/SearchKit
0x91040000 - 0x9104ffff com.apple.LangAnalysis 1.6.4 (1.6.4)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/LangAnalysis.framework/Versions/A/LangAnalysis
0x91061000 - 0x9106dfef com.apple.speech.synthesis.framework 3.6.18 (3.6.18)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/SpeechSynthesis.framework/Versions/A/SpeechSynthesis
0x910ef000 - 0x91122fff com.apple.SystemConfiguration 1.9.0 (1.9.0)
/System/Library/Frameworks/SystemConfiguration.framework/Versions/A/SystemConfiguration
0x91137000 - 0x91197fff libsqlite3.0.dylib ??? (???)
/usr/lib/libsqlite3.0.dylib
0x911a3000 - 0x91432fff com.apple.Foundation 6.5 (624.2)
/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation
0x91550000 - 0x91632fd7 libxml2.2.dylib ??? (???) /usr/lib/libxml2.2.dylib
0x9164f000 - 0x9173cfc4 libiconv.2.dylib ??? (???) /usr/lib/libiconv.2.dylib
0x9174c000 - 0x9176aff2 libGL.dylib ??? (???)
/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGL.dylib
0x91775000 - 0x917d1fc7 libGLU.dylib ??? (???)
/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLU.dylib
0x917e8000 - 0x91ae6fe6 com.apple.HIToolbox 1.5.0 (???)
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HIToolbox.framework/Versions/A/HIToolbox
0x91c5f000 - 0x91cb6fd7 com.apple.HIServices 1.6.0 (???)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/HIServices.framework/Versions/A/HIServices
0x91da4000 - 0x92514fe7 com.apple.AppKit 6.5 (888.2)
/System/Library/Frameworks/AppKit.framework/Versions/C/AppKit
0x92c61000 - 0x92cbdff3 libvMisc.dylib ??? (???)
/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvMisc.dylib
0x92cc6000 - 0x93084fe7 libLAPACK.dylib ??? (???)
/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libLAPACK.dylib
0x933c3000 - 0x933e7fff libxslt.1.dylib ??? (???) /usr/lib/libxslt.1.dylib
0x933ee000 - 0x933fefff com.apple.DSObjCWrappers.Framework 1.2 (1.2)
/System/Library/PrivateFrameworks/DSObjCWrappers.framework/Versions/A/DSObjCWrappers
0x93406000 - 0x93410fff com.apple.audio.SoundManager 3.9.2 (3.9.2)
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CarbonSound.framework/Versions/A/CarbonSound
0x93423000 - 0x93423ffd com.apple.Accelerate 1.4 (Accelerate 1.4)
/System/Library/Frameworks/Accelerate.framework/Versions/A/Accelerate
0x93425000 - 0x934d3fe2 com.apple.vImage 3.0 (3.0)
/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vImage.framework/Versions/A/vImage
0x934dd000 - 0x934ddffd com.apple.Accelerate.vecLib 3.4 (vecLib 3.4)
/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/vecLib
0x934df000 - 0x93506fff libvDSP.dylib ??? (???)
/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libvDSP.dylib
0x93618000 - 0x936abfdf com.apple.ink.framework 101.3 (80)
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Ink.framework/Versions/A/Ink
0x939dd000 - 0x93a62ff2 com.apple.JavaScriptCore 521.32 (521.32)
/System/Library/Frameworks/JavaScriptCore.framework/Versions/A/JavaScriptCore
0x93cd2000 - 0x93cd6fff libGIF.dylib ??? (???)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libGIF.dylib
0x93cd8000 - 0x93cf5fd7 libJPEG.dylib ??? (???)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libJPEG.dylib
0x93dc1000 - 0x93ddbff3 libPng.dylib ??? (???)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libPng.dylib
0x93de0000 - 0x93de2ffb libRadiance.dylib ??? (???)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libRadiance.dylib
0x93de4000 - 0x93e21fef libTIFF.dylib ??? (???)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/Resources/libTIFF.dylib
0x93e27000 - 0x93e6fff3 libGLImage.dylib ??? (???)
/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLImage.dylib
0x93e73000 - 0x942b0f7d libGLProgrammability.dylib ??? (???)
/System/Library/Frameworks/OpenGL.framework/Versions/A/Libraries/libGLProgrammability.dylib
0x94585000 - 0x94a3ffff com.apple.WebCore 521.32.1 (521.32.1)
/System/Library/Frameworks/WebKit.framework/Versions/A/Frameworks/WebCore.framework/Versions/A/WebCore
0x954d6000 - 0x95536fef com.apple.PDFKit 1.1 (1.1)
/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/PDFKit.framework/Versions/A/PDFKit
0x95721000 - 0x957e0fe3 com.apple.CoreData 100 (145)
/System/Library/Frameworks/CoreData.framework/Versions/A/CoreData
0x95a2b000 - 0x95afbfdf com.apple.ColorSync 4.5.0 (4.5.0)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ColorSync.framework/Versions/A/ColorSync
0x95bdb000 - 0x95bdffef com.apple.IMUtils 4.0 (533)
/System/Library/Frameworks/InstantMessage.framework/Frameworks/IMUtils.framework/Versions/A/IMUtils
0x95db5000 - 0x95e3ffe7 com.apple.ApplicationServices.ATS 3.0 (???)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ATS.framework/Versions/A/ATS
0x96801000 - 0x9693afef com.apple.ImageIO.framework 2.0.0 (2.0.0)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/ImageIO.framework/Versions/A/ImageIO
0x97089000 - 0x97090ff7 com.apple.agl 2.6.1 (AGL-2.6.1)
/System/Library/Frameworks/AGL.framework/Versions/A/AGL
0x9710d000 - 0x97411fef com.apple.QuartzCore 1.5.0 (1.5.0)
/System/Library/Frameworks/QuartzCore.framework/Versions/A/QuartzCore
0x976b0000 - 0x976b1079 com.apple.MonitorPanelFramework 1.2.0 (1.2.0)
/System/Library/PrivateFrameworks/MonitorPanel.framework/Versions/A/MonitorPanel
0x98051000 - 0x981adfcf com.apple.QuartzComposer 2.0 (53.1)
/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzComposer.framework/Versions/A/QuartzComposer
0x983a0000 - 0x983a0ff3 com.apple.quartzframework 1.5 (1.5)
/System/Library/Frameworks/Quartz.framework/Versions/A/Quartz
0x996da000 - 0x996f3fff com.apple.IMFramework 4.0 (533)
/System/Library/Frameworks/InstantMessage.framework/Versions/A/InstantMessage
0x9b391000 - 0x9b3f5fe7 com.apple.htmlrendering 66.1 (1.1.3)
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/HTMLRendering.framework/Versions/A/HTMLRendering
0x9b9be000 - 0x9b9d9fdf com.apple.coreui 0.1 (30)
/System/Library/PrivateFrameworks/CoreUI.framework/Versions/A/CoreUI
0x9b9ed000 - 0x9ba1effb com.apple.quartzfilters 1.5.0 (1.5.0)
/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/QuartzFilters.framework/Versions/A/QuartzFilters
0x9bbb6000 - 0x9bbc7ff7 com.apple.CoreVideo 1.4 (1.4)
/System/Library/Frameworks/CoreVideo.framework/Versions/A/CoreVideo
0x9c041000 - 0x9c12dff9 com.apple.imageKit 1.0 (1.0)
/System/Library/Frameworks/Quartz.framework/Versions/A/Frameworks/ImageKit.framework/Versions/A/ImageKit
0x9c1e3000 - 0x9c1f0073 com.apple.backup.framework 1.0 (1.0)
/System/Library/PrivateFrameworks/Backup.framework/Versions/A/Backup
0x9c241000 - 0x9c2b3fef com.apple.QTKit 7.2 (7.2)
/System/Library/Frameworks/QTKit.framework/Versions/A/QTKit
0x9c681000 - 0x9c6a7fff com.apple.shortcut 1 (1.0)
/System/Library/PrivateFrameworks/Shortcut.framework/Versions/A/Shortcut
0x9c909000 - 0x9c94efef com.apple.TundraServices 1.0 (1.0)
/System/Library/PrivateFrameworks/TundraServices.framework/Versions/A/TundraServices
0x9d068000 - 0x9d070ff9 com.apple.helpdata 1.0 (6)
/System/Library/PrivateFrameworks/HelpData.framework/Versions/A/HelpData
0x9d1d8000 - 0x9d217fff com.apple.QuickLookFramework 1.0 (50.0)
/System/Library/Frameworks/QuickLook.framework/Versions/A/QuickLook
0x9d880000 - 0x9d923fd0 com.apple.WebKit 521.32 (521.32)
/System/Library/Frameworks/WebKit.framework/Versions/A/WebKit
0x9dd25000 - 0x9dd27fff com.apple.securityhi 3.0 (30221)
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SecurityHI.framework/Versions/A/SecurityHI
0x9dee1000 - 0x9defdfeb com.apple.openscripting 1.2.6 (???)
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/OpenScripting.framework/Versions/A/OpenScripting
0x9df1e000 - 0x9df20fff com.apple.DisplayServicesFW 1.8.4 (1.8.4)
/System/Library/PrivateFrameworks/DisplayServices.framework/Versions/A/DisplayServices
0x9e0cf000 - 0x9e10afe7 libRIP.A.dylib ??? (???)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libRIP.A.dylib
0x9e112000 - 0x9e118fef libCGATS.A.dylib ??? (???)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCGATS.A.dylib
0x9e11d000 - 0x9e129fcb libCSync.A.dylib ??? (???)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/Resources/libCSync.A.dylib
0x9e12f000 - 0x9e14dfff libresolv.9.dylib ??? (???) /usr/lib/libresolv.9.dylib
0x9e154000 - 0x9e179feb libssl.0.9.7.dylib ??? (???)
/usr/lib/libssl.0.9.7.dylib
0x9e185000 - 0x9e194fff libsasl2.2.dylib ??? (???) /usr/lib/libsasl2.2.dylib
0x9e198000 - 0x9e1c4fdf com.apple.LDAPFramework 1.4.3 (78)
/System/Library/Frameworks/LDAP.framework/Versions/A/LDAP
0x9e1ca000 - 0x9e1e7fcf com.apple.DirectoryService.Framework 3.5 (3.5)
/System/Library/Frameworks/DirectoryService.framework/Versions/A/DirectoryService
0x9e1f1000 - 0x9e364fc3 com.apple.AddressBook.framework 4.1 (647.1)
/System/Library/Frameworks/AddressBook.framework/Versions/A/AddressBook
0x9e3fe000 - 0x9e420fef com.apple.FigCore 1.0 (1.0)
/System/Library/PrivateFrameworks/FigCore.framework/Versions/A/FigCore
0x9e42c000 - 0x9e6edfc3 com.apple.QuickTime 7.2.0 (7.2.0)
/System/Library/Frameworks/QuickTime.framework/Versions/A/QuickTime
0x9e76a000 - 0x9e770fff com.apple.print.framework.Print 5.5 (207)
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Print.framework/Versions/A/Print
0x9e776000 - 0x9e7b8fcf com.apple.NavigationServices 3.5 (147)
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/NavigationServices.framework/Versions/A/NavigationServices
0x9e7e5000 - 0x9e7fdfff com.apple.ImageCapture 4.0 (5.0.0)
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/ImageCapture.framework/Versions/A/ImageCapture
0x9e812000 - 0x9e815fff com.apple.help 1.1 (34)
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/Help.framework/Versions/A/Help
0x9e818000 - 0x9e81cff7 com.apple.CommonPanels 1.2.4 (81)
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/CommonPanels.framework/Versions/A/CommonPanels
0x9e820000 - 0x9e894fd7 com.apple.audio.CoreAudio 3.1.0 (3.1)
/System/Library/Frameworks/CoreAudio.framework/Versions/A/CoreAudio
0x9e8e0000 - 0x9e904fdf libcups.2.dylib ??? (???) /usr/lib/libcups.2.dylib
0x9e90b000 - 0x9ed64ff7 libBLAS.dylib ??? (???)
/System/Library/Frameworks/Accelerate.framework/Versions/A/Frameworks/vecLib.framework/Versions/A/libBLAS.dylib
0x9edb1000 - 0x9ee66fef libcrypto.0.9.7.dylib ??? (???)
/usr/lib/libcrypto.0.9.7.dylib
0x9eeac000 - 0x9ef0eff6 com.apple.LaunchServices 237 (237)
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/LaunchServices
0x9ef3f000 - 0x9ef6afff com.apple.AE 376 (376)
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/AE.framework/Versions/A/AE
0x9ef7e000 - 0x9f083fff com.apple.CoreFoundation 6.5 (424)
/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation
0x9f16f000 - 0x9f215ff3 com.apple.CoreServices.OSServices 154 (154)
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/OSServices.framework/Versions/A/OSServices
0x9f263000 - 0x9f525feb com.apple.CoreServices.CarbonCore 736 (736)
/System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/CarbonCore.framework/Versions/A/CarbonCore
0x9f572000 - 0x9f619fdc com.apple.QD 3.11.32 (???)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/QD.framework/Versions/A/QD
0x9f63d000 - 0x9f6b5fe8 com.apple.print.framework.PrintCore 5.5 (207)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/PrintCore.framework/Versions/A/PrintCore
0x9f6ed000 - 0x9fd6ffc3 com.apple.CoreGraphics 1.300.0 (???)
/System/Library/Frameworks/ApplicationServices.framework/Versions/A/Frameworks/CoreGraphics.framework/Versions/A/CoreGraphics
0x9fe04000 - 0x9fe0dff9 com.apple.speech.recognition.framework 3.7.8 (3.7.8)
/System/Library/Frameworks/Carbon.framework/Versions/A/Frameworks/SpeechRecognition.framework/Versions/A/SpeechRecognition
0x9fe14000 - 0x9fe96fff com.apple.framework.IOKit 1.5.0 (???)
/System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
0x9feb0000 - 0x9feb0ffc com.apple.audio.units.AudioUnit 1.5 (1.5)
/System/Library/Frameworks/AudioUnit.framework/Versions/A/AudioUnit
0x9feb2000 - 0x9ffa7fe2 com.apple.audio.toolbox.AudioToolbox 1.5 (1.5)
/System/Library/Frameworks/AudioToolbox.framework/Versions/A/AudioToolbox
0xfffe8000 - 0xfffebfff libobjc.A.dylib ??? (???) /usr/lib/libobjc.A.dylib
0xffff0000 - 0xffff1780 libSystem.B.dylib ??? (???) /usr/lib/libSystem.B.dylib
2007-01-09 13:28:02 Frederik Seiffert:
<rdar://problem/4915671> might be a duplicate. Should I try in anything newer
than 9A321?
2007-01-10 17:29:58 Stephanie Lewis:
The application mentioned above is reproducible in Leopard 9A334, moving back
into Leopard.
2007-01-15 13:57:30 Alice Liu:
Safari blocker reviewed
2007-01-16 18:19:49 Frederik Seiffert:
Same thing with Papers (available at <http://mekentosj.com/papers/papers.dmg>):
crashes on load.
2007-01-29 22:02:39 Stephanie Lewis:
also iSale 4962983, this bug is blocking work
2007-02-01 00:07:25 Brady Eidson:
I cannot reproduce with Papers
iSale is protected against GDB with ptrace, which is just lameness. ugh
2007-02-01 00:11:34 Brady Eidson:
Found the way around the ptrace crap -
break ptrace if *(int *)($esp + 4) == 31
Lets you return early and actually launch!
That said, I do indeed see a crash on launch with iSale!
Top of the BT is -
#1 0x00491e75 in WebFrameLoaderClient::dispatchDidFinishLoading
(this=0x11f576a0, loader=0x0, identifier=1) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:348
#2 0x01535efb in WebCore::FrameLoader::didFinishLoad (this=0x2b40200,
loader=0x2b49200) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/FrameLoader.cpp:4124
#3 0x01548a31 in WebCore::ResourceLoader::didFinishLoadingOnePart
(this=0x2b49200) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/ResourceLoader.cpp:238
#4 0x01548aa0 in WebCore::ResourceLoader::didFinishLoading (this=0x2b49200) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/ResourceLoader.cpp:225
#5 0x01547434 in WebCore::MainResourceLoader::didFinishLoading
(this=0x2b49200) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/MainResourceLoader.cpp:302
#6 0x01548ba6 in WebCore::ResourceLoader::didFinishLoading (this=0x2b49200) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/ResourceLoader.cpp:323
#7 0x01527ac5 in -[WebCoreResourceHandleAsDelegate
connectionDidFinishLoading:] (self=0x11f60a40, _cmd=0x90a9d160, con=0x11f60e70)
at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/platform/network/mac/ResourceHandleMac.mm:367
#8 0x9265be00 in -[NSURLConnection(NSURLConnectionInternal)
_sendDidFinishLoadingCallback] ()
#9 0x92659ea5 in -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] ()
2007-02-01 00:12:17 Brady Eidson:
ACCK - left off frame 0
#0 0x0045cecd in WebViewGetResourceLoadDelegate (webView=0x0) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebKit/WebView/WebView.mm:900
#1 0x00491e75 in WebFrameLoaderClient::dispatchDidFinishLoading
(this=0x11f576a0, loader=0x0, identifier=1) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebKit/WebCoreSupport/WebFrameLoaderClient.mm:348
#2 0x01535efb in WebCore::FrameLoader::didFinishLoad (this=0x2b40200,
loader=0x2b49200) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/FrameLoader.cpp:4124
#3 0x01548a31 in WebCore::ResourceLoader::didFinishLoadingOnePart
(this=0x2b49200) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/ResourceLoader.cpp:238
#4 0x01548aa0 in WebCore::ResourceLoader::didFinishLoading (this=0x2b49200) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/ResourceLoader.cpp:225
#5 0x01547434 in WebCore::MainResourceLoader::didFinishLoading
(this=0x2b49200) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/MainResourceLoader.cpp:302
#6 0x01548ba6 in WebCore::ResourceLoader::didFinishLoading (this=0x2b49200) at
/Volumes/Data/Users/bradeeoh/local_svn/OpenSource/WebCore/loader/ResourceLoader.cpp:323
2007-02-01 00:17:38 Brady Eidson:
Found another app seeing this. WOW... Since it's easier than either Papers
(not reproducible) and iSale (requires ptrace mangling), I'll be working with
CSSEdit from here on out
2007-02-01 00:41:45 Brady Eidson:
If I plug a short chain of potential null derefs exposed in this case, I stop
this crash. But behavior is incorrect. For example in the CSSEdit case, while
importing a page, it will no longer crash but the progress bar will freeze
halfway as if its not getting any delegate callbacks (which it isn't)
In the iSale case, I can successfully launch but just about any action I take
after the launch causes another crash with some bizarre data loading anomalies
(calling didReceiveData with valid data, but data length 0)
So, I don't think plugging the potential null derefs is the right thing to do.
The real problem here is that WebFrameLoaderClient::dispatchDidFinishLoading
gets called with a null loader (which leads to the null derefs later while
trying to find the webkit objects mapped to that loader)
Will explore more tomorrow
<rdar://problem/4868242>
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list