[Webkit-unassigned] [Bug 13059] New: REGRESSION: Crash in HTMLFormElement when clicking link trying to open in same window.

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Mar 13 12:40:50 PDT 2007


http://bugs.webkit.org/show_bug.cgi?id=13059

           Summary: REGRESSION: Crash in HTMLFormElement when clicking link
                    trying to open in same window.
           Product: WebKit
           Version: 522+ (nightly)
          Platform: Macintosh PowerPC
               URL: http://www.maclife.com/forums
        OS/Version: Mac OS X 10.4
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P1
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: jon at jonshier.com


As of r20152, ToT crashes when clicking one of the forum links at
http://www.maclife.com/forums which would open in the same window or tab.
Command-clicking the link to open it in a new tab and copy-pasting the link
into a new tab does not crash. This does not occur in the latest nightly
(r20136) and so I think it may be caused by the changes in r20148.


Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_PROTECTION_FAILURE (0x0002) at 0x00000000

Thread 0 Crashed:
0   <<00000000>>        0x00000000 0 + 0
1   com.apple.WebCore                   0x010aba08
WebCore::HTMLFormElement::~HTMLFormElement [in-charge deleting]() + 72
(HashTable.h:272)
2   com.apple.WebCore                   0x010d8824
WebCore::ContainerNode::removeAllChildren() + 292 (ContainerNode.cpp:94)
3   com.apple.WebCore                   0x010d1d4c
WebCore::Document::removedLastRef() + 540 (HashMap.h:345)
4   com.apple.WebCore                   0x01304c60 WebCore::Event::~Event
[in-charge deleting]() + 144 (RefPtr.h:41)
5   com.apple.WebCore                   0x0125a764 KJS::DOMEvent::~DOMEvent
[not-in-charge]() + 116 (Shared.h:52)
6   com.apple.JavaScriptCore            0x004745b0 KJS::Collector::collect() +
464 (collector.cpp:662)
7   com.apple.WebCore                   0x012671ec WebCore::KJSProxy::~KJSProxy
[in-charge]() + 108 (JSLock.h:59)
8   com.apple.WebCore                   0x010beb90
WebCore::FramePrivate::~FramePrivate [in-charge]() + 48 (FastMalloc.h:65)
9   com.apple.WebCore                   0x010bf208 WebCore::Frame::~Frame
[in-charge deleting]() + 424 (FastMalloc.h:65)
10  com.apple.WebCore                   0x0120014c
WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*,
(unsigned long)0> const&) + 156 (Timer.cpp:322)
11  com.apple.WebCore                   0x012001e0
WebCore::TimerBase::sharedTimerFired() + 112 (Timer.cpp:355)
12  com.apple.CoreFoundation            0x907f2578 __CFRunLoopDoTimer + 184
13  com.apple.CoreFoundation            0x907deef8 __CFRunLoopRun + 1680
14  com.apple.CoreFoundation            0x907de4ac CFRunLoopRunSpecific + 268
15  com.apple.HIToolbox                 0x93298b20 RunCurrentEventLoopInMode +
264
16  com.apple.HIToolbox                 0x932981b4 ReceiveNextEventCommon + 380
17  com.apple.HIToolbox                 0x93298020
BlockUntilNextEventMatchingListInMode + 96
18  com.apple.AppKit                    0x9379eae4 _DPSNextEvent + 384
19  com.apple.AppKit                    0x9379e7a8 -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
20  com.apple.SafariDev                 0x00006740 0x1000 + 22336
21  com.apple.AppKit                    0x9379acec -[NSApplication run] + 472
22  com.apple.AppKit                    0x9388b87c NSApplicationMain + 452
23  com.apple.SafariDev                 0x0005c77c 0x1000 + 374652
24  com.apple.SafariDev                 0x0005c624 0x1000 + 374308


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list