[Webkit-unassigned] [Bug 18803] CRASH: ContainerNode::willRemove() called on deleted node
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 29 16:46:58 PDT 2008
http://bugs.webkit.org/show_bug.cgi?id=18803
eric at webkit.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |mjs at apple.com,
| |darin at apple.com
Summary|Reproducible Safari crash |CRASH:
| |ContainerNode::willRemove()
| |called on deleted node
------- Comment #4 from eric at webkit.org 2008-04-29 16:46 PDT -------
If you run Safari under MallocScribble (on the mac), it's very easy to
reproduce this given the test case.
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000055555555
Crashed Thread: 0
Thread 0 Crashed:
0 com.apple.WebCore 0x025fb4da
WebCore::ContainerNode::willRemove() + 20 (ContainerNode.cpp:347)
1 com.apple.WebCore 0x02775ee7
WebCore::HTMLFrameOwnerElement::willRemove() + 67
(HTMLFrameOwnerElement.cpp:50)
2 com.apple.WebCore 0x025fb4eb
WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:346)
3 com.apple.WebCore 0x025fb4eb
WebCore::ContainerNode::willRemove() + 37 (ContainerNode.cpp:346)
4 com.apple.WebCore 0x025fcc4f
WebCore::willRemoveChild(WebCore::Node*) + 77 (ContainerNode.cpp:363)
5 com.apple.WebCore 0x025fcc8c
WebCore::ContainerNode::removeChildren() + 48 (ContainerNode.cpp:464)
6 com.apple.WebCore 0x026896ea WebCore::Document::clear() +
70 (Document.cpp:1702)
7 com.apple.WebCore 0x0268f246
WebCore::Document::implicitOpen() + 28 (Document.cpp:1438)
8 com.apple.WebCore 0x0269251f WebCore::Document::open() +
379 (Document.cpp:1416)
9 com.apple.WebCore 0x02858355
WebCore::JSHTMLDocument::open(KJS::ExecState*, KJS::List const&) + 301
(JSHTMLDocumentCustom.cpp:116)
10 com.apple.WebCore 0x02856c3c
WebCore::jsHTMLDocumentPrototypeFunctionOpen(KJS::ExecState*, KJS::JSObject*,
KJS::List const&) + 96 (JSHTMLDocument.cpp:276)
11 com.apple.JavaScriptCore 0x0044dd5c
KJS::PrototypeFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*,
KJS::List const&) + 34 (function.cpp:906)
12 com.apple.JavaScriptCore 0x0046fffa
KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 222
(object.cpp:99)
13 com.apple.JavaScriptCore 0x004d2ad6
KJS::FunctionCallDotNode::inlineEvaluate(KJS::ExecState*) + 802
(nodes.cpp:1495)
14 com.apple.JavaScriptCore 0x00486a4a
KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 30 (nodes.cpp:1501)
15 com.apple.JavaScriptCore 0x00477559
KJS::ExprStatementNode::execute(KJS::ExecState*) + 43 (nodes.cpp:3993)
16 com.apple.JavaScriptCore 0x00459a5b
KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>&,
KJS::ExecState*) + 85 (nodes.cpp:3946)
17 com.apple.JavaScriptCore 0x00459ae8
KJS::BlockNode::execute(KJS::ExecState*) + 26 (nodes.cpp:3972)
18 com.apple.JavaScriptCore 0x00467cb2
KJS::FunctionBodyNode::execute(KJS::ExecState*) + 34 (nodes.cpp:4891)
19 com.apple.JavaScriptCore 0x004684bc
KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List
const&) + 134 (function.cpp:78)
20 com.apple.JavaScriptCore 0x0046fffa
KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 222
(object.cpp:99)
21 com.apple.JavaScriptCore 0x004d2ad6
KJS::FunctionCallDotNode::inlineEvaluate(KJS::ExecState*) + 802
(nodes.cpp:1495)
22 com.apple.JavaScriptCore 0x00486a4a
KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 30 (nodes.cpp:1501)
23 com.apple.JavaScriptCore 0x00477559
KJS::ExprStatementNode::execute(KJS::ExecState*) + 43 (nodes.cpp:3993)
24 com.apple.JavaScriptCore 0x00459a5b
KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>, 0ul>&,
KJS::ExecState*) + 85 (nodes.cpp:3946)
25 com.apple.JavaScriptCore 0x00459ae8
KJS::BlockNode::execute(KJS::ExecState*) + 26 (nodes.cpp:3972)
26 com.apple.JavaScriptCore 0x00467cb2
KJS::FunctionBodyNode::execute(KJS::ExecState*) + 34 (nodes.cpp:4891)
27 com.apple.JavaScriptCore 0x004684bc
KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List
const&) + 134 (function.cpp:78)
28 com.apple.JavaScriptCore 0x0046fffa
KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 222
(object.cpp:99)
29 com.apple.WebCore 0x02bd922e
WebCore::JSAbstractEventListener::handleEvent(WebCore::Event*, bool) + 670
(kjs_events.cpp:100)
30 com.apple.WebCore 0x02689c09
WebCore::Document::handleWindowEvent(WebCore::Event*, bool) + 281
(Document.cpp:2614)
31 com.apple.WebCore 0x026e9964
WebCore::EventTargetNode::dispatchWindowEvent(WebCore::AtomicString const&,
bool, bool) + 332 (EventTargetNode.cpp:149)
32 com.apple.WebCore 0x0268ef43
WebCore::Document::implicitClose() + 675 (Document.cpp:1550)
33 com.apple.WebCore 0x02721b5c
WebCore::FrameLoader::checkCallImplicitClose() + 226 (FrameLoader.cpp:1330)
34 com.apple.WebCore 0x0272da2a
WebCore::FrameLoader::checkCompleted() + 268 (FrameLoader.cpp:1285)
35 com.apple.WebCore 0x0272d330
WebCore::FrameLoader::completed() + 148 (FrameLoader.cpp:1996)
36 com.apple.WebCore 0x0272da80
WebCore::FrameLoader::checkCompleted() + 354 (FrameLoader.cpp:1289)
37 com.apple.WebCore 0x0273049a
WebCore::FrameLoader::finishedParsing() + 90 (FrameLoader.cpp:1233)
38 com.apple.WebCore 0x0268cf64
WebCore::Document::finishedParsing() + 204 (Document.cpp:3699)
39 com.apple.WebCore 0x027e882f
WebCore::ImageTokenizer::finish() + 577 (ImageDocument.cpp:129)
40 com.apple.WebCore 0x02687122
WebCore::Document::finishParsing() + 40 (Document.cpp:1693)
41 com.apple.WebCore 0x0272dbee
WebCore::FrameLoader::endIfNotLoadingMainResource() + 118
(FrameLoader.cpp:1060)
42 com.apple.WebCore 0x0272dc23 WebCore::FrameLoader::end()
+ 27 (FrameLoader.cpp:1045)
43 com.apple.WebCore 0x026b3488
WebCore::DocumentLoader::finishedLoading() + 76 (DocumentLoader.cpp:337)
44 com.apple.WebCore 0x02728d56
WebCore::FrameLoader::finishedLoading() + 72 (FrameLoader.cpp:2893)
45 com.apple.WebCore 0x0291aedb
WebCore::MainResourceLoader::didFinishLoading() + 207
(MainResourceLoader.cpp:320)
46 com.apple.WebCore 0x02a2f290
WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle*) + 24
(ResourceLoader.cpp:390)
47 com.apple.WebCore 0x02a2c9f5
-[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] + 101
(ResourceHandleMac.mm:521)
48 com.apple.Foundation 0x94c8e8b7
-[NSURLConnection(NSURLConnectionReallyInternal) sendDidFinishLoading] + 87
49 com.apple.Foundation 0x94c8e844
_NSURLConnectionDidFinishLoading + 68
50 com.apple.CFNetwork 0x9059a7f3 sendDidFinishLoadingCallback
+ 148
51 com.apple.CFNetwork 0x90597920
_CFURLConnectionSendCallbacks + 1994
52 com.apple.CFNetwork 0x905970d9 muxerSourcePerform + 283
53 com.apple.CoreFoundation 0x90b2562e CFRunLoopRunSpecific + 3166
54 com.apple.CoreFoundation 0x90b25d18 CFRunLoopRunInMode + 88
55 com.apple.HIToolbox 0x926296a0 RunCurrentEventLoopInMode +
283
56 com.apple.HIToolbox 0x926294b9 ReceiveNextEventCommon + 374
57 com.apple.HIToolbox 0x9262932d
BlockUntilNextEventMatchingListInMode + 106
58 com.apple.AppKit 0x90c3f7d9 _DPSNextEvent + 657
59 com.apple.AppKit 0x90c3f08e -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
60 com.apple.Safari 0x00007f2e 0x1000 + 28462
61 com.apple.AppKit 0x90c380c5 -[NSApplication run] + 795
62 com.apple.AppKit 0x90c0530a NSApplicationMain + 574
63 com.apple.Safari 0x000b9906 0x1000 + 755974
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list