[Webkit-unassigned] [Bug 17862] New: Reproducible crash under DocLoader::checkForReload() at marware.com

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sat Mar 15 01:24:50 PDT 2008


http://bugs.webkit.org/show_bug.cgi?id=17862

           Summary: Reproducible crash under DocLoader::checkForReload() at
                    marware.com
           Product: WebKit
           Version: 525+ (Nightly build)
          Platform: Macintosh
               URL: http://www.marware.com/PRODUCTS/Apple-Laptop-
                    Products/Sportfolio-Deluxe-for-MacBook-MacBook-Pro
        OS/Version: Mac OS X 10.5
            Status: NEW
          Severity: Major
          Priority: P1
         Component: Page Loading
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mitz at webkit.org


Opening the URL in r31072, shortly after the page appears WebKit crashes with
this backtrace:

#0  0x01c0a15d in WebCore::StringImpl::length (this=0x4) at
text/StringImpl.h:84
#1  0x01c0e0e3 in WebCore::StringHash::equal (a=0x4, b=0x1a2c6d10) at
StringHash.h:44
#2  0x01c0f3a2 in WTF::IdentityHashTranslator<WebCore::StringImpl*,
WebCore::StringImpl*, WebCore::StringHash>::equal (a=@0x19e8c9a8,
b=@0xbfffcbd8) at HashTable.h:269
#3  0x01c0f48d in WTF::HashTable<WebCore::StringImpl*, WebCore::StringImpl*,
WTF::IdentityExtractor<WebCore::StringImpl*>, WebCore::StringHash,
WTF::HashTraits<WebCore::StringImpl*>, WTF::HashTraits<WebCore::StringImpl*>
>::lookup<WebCore::StringImpl*,
WTF::IdentityHashTranslator<WebCore::StringImpl*, WebCore::StringImpl*,
WebCore::StringHash> > (this=0x3b9e2f4, key=@0xbfffcbd8) at HashTable.h:463
#4  0x01ca092e in WTF::HashTable<WebCore::StringImpl*, WebCore::StringImpl*,
WTF::IdentityExtractor<WebCore::StringImpl*>, WebCore::StringHash,
WTF::HashTraits<WebCore::StringImpl*>, WTF::HashTraits<WebCore::StringImpl*>
>::contains<WebCore::StringImpl*,
WTF::IdentityHashTranslator<WebCore::StringImpl*, WebCore::StringImpl*,
WebCore::StringHash> > (this=0x3b9e2f4, key=@0xbfffcbd8) at HashTable.h:764
#5  0x01ca0956 in WTF::HashTable<WebCore::StringImpl*, WebCore::StringImpl*,
WTF::IdentityExtractor<WebCore::StringImpl*>, WebCore::StringHash,
WTF::HashTraits<WebCore::StringImpl*>, WTF::HashTraits<WebCore::StringImpl*>
>::contains (this=0x3b9e2f4, key=@0xbfffcbd8) at HashTable.h:316
#6  0x01ca0974 in WTF::HashSet<WebCore::String, WebCore::StringHash,
WTF::HashTraits<WebCore::String> >::contains (this=0x3b9e2f4,
value=@0xbfffcbd8) at HashSet.h:258
#7  0x01d28c32 in WebCore::DocLoader::checkForReload (this=0x3b9e2f0,
fullURL=@0xbfffcbd8) at WebCore/loader/DocLoader.cpp:76
#8  0x01d28ff8 in WebCore::DocLoader::requestResource (this=0x3b9e2f0,
type=WebCore::CachedResource::ImageResource, url=@0xbfffcd04, charset=0x0,
skipCanLoadCheck=false, sendResourceLoadCallbacks=true) at
WebCore/loader/DocLoader.cpp:165
#9  0x01d29247 in WebCore::DocLoader::requestImage (this=0x3b9e2f0,
url=@0xbfffcd04) at WebCore/loader/DocLoader.cpp:96
#10 0x01df7634 in WebCore::HTMLImageLoader::updateFromElement (this=0x1a2c6c88)
at WebCore/html/HTMLImageLoader.cpp:104
#11 0x01df6825 in WebCore::HTMLImageElement::parseMappedAttribute
(this=0x1a2c6c40, attr=0x1a2c6bb0) at WebCore/html/HTMLImageElement.cpp:93
#12 0x02174ea2 in WebCore::StyledElement::attributeChanged (this=0x1a2c6c40,
attr=0x1a2c6bb0, preserveDecls=false) at WebCore/dom/StyledElement.cpp:173
#13 0x01d63680 in WebCore::Element::setAttributeMap (this=0x1a2c6c40,
list=0x1a2c6800) at WebCore/dom/Element.cpp:534
#14 0x01e1e7a7 in WebCore::HTMLParser::parseToken (this=0x19e515b0,
t=0xbfffd0f4) at WebCore/html/HTMLParser.cpp:237
#15 0x01e34f10 in WebCore::HTMLTokenizer::processToken (this=0xbfffd0e0) at
WebCore/html/HTMLTokenizer.cpp:1896
#16 0x01e381da in WebCore::HTMLTokenizer::parseTag (this=0xbfffd0e0,
src=@0xbfffda30, state={static EntityShift = 4, m_bits = 8388608}) at
WebCore/html/HTMLTokenizer.cpp:1477
#17 0x01e38dad in WebCore::HTMLTokenizer::write (this=0xbfffd0e0,
str=@0xbfffda70, appendData=true) at WebCore/html/HTMLTokenizer.cpp:1726
#18 0x01e39a76 in WebCore::parseHTMLDocumentFragment (source=@0xbfffdb84,
fragment=0x197fbc00) at WebCore/html/HTMLTokenizer.cpp:2027
#19 0x01de2b6c in WebCore::HTMLElement::createContextualFragment
(this=0x19e37480, html=@0xbfffdb84) at WebCore/html/HTMLElement.cpp:244
#20 0x01de30cb in WebCore::HTMLElement::setInnerHTML (this=0x19e37480,
html=@0xbfffdb84, ec=@0xbfffdb6c) at WebCore/html/HTMLElement.cpp:336
#21 0x01ec3902 in WebCore::JSHTMLElement::putValueProperty (this=0x1a6620c0,
exec=0xbfffde00, token=5, value=0x1a662040) at
WebKitBuild/Debug/DerivedSources/WebCore/JSHTMLElement.cpp:244
#22 0x01ec43d6 in KJS::lookupPut<WebCore::JSHTMLElement> (exec=0xbfffde00,
propertyName=@0x197fbe8c, value=0x1a662040, table=0x25d09bc,
thisObj=0x1a6620c0) at lookup.h:245
#23 0x01ec440f in KJS::lookupPut<WebCore::JSHTMLElement, WebCore::JSElement>
(exec=0xbfffde00, propertyName=@0x197fbe8c, value=0x1a662040, table=0x25d09bc,
thisObj=0x1a6620c0) at lookup.h:260
#24 0x01ec3af3 in WebCore::JSHTMLElement::put (this=0x1a6620c0,
exec=0xbfffde00, propertyName=@0x197fbe8c, value=0x1a662040) at
WebKitBuild/Debug/DerivedSources/WebCore/JSHTMLElement.cpp:210
#25 0x01eeba44 in KJS::lookupPut<WebCore::JSHTMLTableCellElement,
WebCore::JSHTMLElement> (exec=0xbfffde00, propertyName=@0x197fbe8c,
value=0x1a662040, table=0x25d897c, thisObj=0x1a6620c0) at lookup.h:261
#26 0x01eeb057 in WebCore::JSHTMLTableCellElement::put (this=0x1a6620c0,
exec=0xbfffde00, propertyName=@0x197fbe8c, value=0x1a662040) at
WebKitBuild/Debug/DerivedSources/WebCore/JSHTMLTableCellElement.cpp:223
#27 0x005e015d in KJS::AssignDotNode::evaluate (this=0x197fbe80,
exec=0xbfffde00) at nodes.cpp:3431
#28 0x005df825 in KJS::ExprStatementNode::execute (this=0x197fbea0,
exec=0xbfffde00) at nodes.cpp:3750
#29 0x005c07ed in statementListExecute (statements=@0x17d3c080,
exec=0xbfffde00) at nodes.cpp:3703
#30 0x005c087a in KJS::BlockNode::execute (this=0x17d3c070, exec=0xbfffde00) at
nodes.cpp:3728
#31 0x005ce5e0 in KJS::FunctionBodyNode::execute (this=0x17d3c070,
exec=0xbfffde00) at nodes.cpp:4647
#32 0x005cedb8 in KJS::FunctionImp::callAsFunction (this=0x19bd5500,
exec=0xbfffe070, thisObj=0x19bd0000, args=@0xbfffdec8) at function.cpp:76
#33 0x005d8ade in KJS::JSObject::call (this=0x19bd5500, exec=0xbfffe070,
thisObj=0x19bd0000, args=@0xbfffdec8) at object.cpp:96
#34 0x0062f0ec in
KJS::ExpressionNode::resolveAndCall<(KJS::ExpressionNode::CallerType)1>
(this=0x1a297f60, exec=0xbfffe070, ident=@0x1a297f68, args=0x1a299750) at
nodes.cpp:997
#35 0x0062f1be in KJS::FunctionCallResolveNode::inlineEvaluate
(this=0x1a297f60, exec=0xbfffe070) at nodes.cpp:1061
#36 0x005fcd68 in KJS::FunctionCallResolveNode::evaluate (this=0x1a297f60,
exec=0xbfffe070) at nodes.cpp:1066
#37 0x005df825 in KJS::ExprStatementNode::execute (this=0x1a29d100,
exec=0xbfffe070) at nodes.cpp:3750
#38 0x005c07ed in statementListExecute (statements=@0x1a2bdf20,
exec=0xbfffe070) at nodes.cpp:3703
#39 0x005c087a in KJS::BlockNode::execute (this=0x1a2bdf10, exec=0xbfffe070) at
nodes.cpp:3728
#40 0x005ce5e0 in KJS::FunctionBodyNode::execute (this=0x1a2bdf10,
exec=0xbfffe070) at nodes.cpp:4647
#41 0x005cedb8 in KJS::FunctionImp::callAsFunction (this=0x1a661c40,
exec=0x417b51c, thisObj=0x19bd0000, args=@0xbfffe14c) at function.cpp:76
#42 0x005d8ade in KJS::JSObject::call (this=0x1a661c40, exec=0x417b51c,
thisObj=0x19bd0000, args=@0xbfffe14c) at object.cpp:96
#43 0x021d973a in WebCore::JSAbstractEventListener::handleEvent
(this=0x17dee920, ele=0x1a2b29b0, isWindowEvent=true) at
WebCore/bindings/js/kjs_events.cpp:105
#44 0x01d2e573 in WebCore::Document::handleWindowEvent (this=0x40c9800,
evt=0x1a2b29b0, useCapture=false) at WebCore/dom/Document.cpp:2519
#45 0x01d76944 in WebCore::EventTargetNode::dispatchWindowEvent
(this=0x40c9800, eventType=@0x2623634, canBubbleArg=false, cancelableArg=false)
at WebCore/dom/EventTargetNode.cpp:140
#46 0x01d32940 in WebCore::Document::implicitClose (this=0x40c9800) at
WebCore/dom/Document.cpp:1519
#47 0x01da5fea in WebCore::FrameLoader::checkCallImplicitClose (this=0x40c4400)
at WebCore/loader/FrameLoader.cpp:1319
#48 0x01db1938 in WebCore::FrameLoader::checkCompleted (this=0x40c4400) at
WebCore/loader/FrameLoader.cpp:1272
#49 0x01db1a83 in WebCore::FrameLoader::loadDone (this=0x40c4400) at
WebCore/loader/FrameLoader.cpp:1239
#50 0x01d28900 in WebCore::DocLoader::setLoadInProgress (this=0x3b9e2f0,
load=false) at WebCore/loader/DocLoader.cpp:211
#51 0x021dd7ff in WebCore::Loader::Host::didFinishLoading (this=0x1978ca60,
loader=0x4429c00) at WebCore/loader/loader.cpp:273
#52 0x02178295 in WebCore::SubresourceLoader::didFinishLoading (this=0x4429c00)
at WebCore/loader/SubresourceLoader.cpp:193
#53 0x02079a80 in WebCore::ResourceLoader::didFinishLoading (this=0x4429c00) at
WebCore/loader/ResourceLoader.cpp:372
#54 0x0207722b in -[WebCoreResourceHandleAsDelegate
connectionDidFinishLoading:] (self=0x1a298c40, _cmd=0x901495c4, con=0x1a298d10)
at WebCore/platform/network/mac/ResourceHandleMac.mm:521


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.



More information about the webkit-unassigned mailing list