[Webkit-unassigned] [Bug 34522] New: Reproducible crash reloading the page

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Feb 3 05:11:28 PST 2010 

https://bugs.webkit.org/show_bug.cgi?id=34522

           Summary: Reproducible crash reloading the page
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh Intel
               URL: http://www.holdenweb.com
        OS/Version: Mac OS X 10.6
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: chris at improbable.org


Created an attachment (id=48018)
 --> (https://bugs.webkit.org/attachment.cgi?id=48018)
Saved copy of the HTML

Some people reported sporadic crashes in Safari and WebKit while loading
http://www.holdenweb.com. It's sporadic in normal usage but repeatedly
reloading the page will cause a crash fairly quickly. The crashes usually show
up somewhere in CFNetwork (_NSURLConnectionDidFinishLoading shows up
frequently):

Reproducing is pretty simple:

1. Load the attached HTML file or visit http://www.holdenweb.com/
2. Hit Command-R until WebKit crashes

This has not reproduced in Chrome.

Sample crash log:

Application Specific Information:
*** error for object 0x12717c3f0: incorrect checksum for freed object - object
was probably modified after being freed.


Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   libSystem.B.dylib                 0x00007fff84656fe6 __kill + 10
1   libSystem.B.dylib                 0x00007fff846f7e32 abort + 83
2   libSystem.B.dylib                 0x00007fff846e6ae5 szone_error + 519
3   libSystem.B.dylib                 0x00007fff846126e3
tiny_free_list_remove_ptr + 251
4   libSystem.B.dylib                 0x00007fff84611ced szone_free + 2062
5   com.apple.CoreGraphics            0x00007fff821d3a21 CGImageBlockRelease +
35
6   com.apple.CoreGraphics            0x00007fff821d39c8 CGImageBlockSetRelease
+ 39
7   com.apple.CoreGraphics            0x00007fff821e7e6f imageProvider_rewind +
34
8   com.apple.CoreGraphics            0x00007fff82162c9e CGAccessSessionRelease
+ 29
9   com.apple.ImageIO.framework       0x00007fff84e2f71e writeOne + 3798
10  com.apple.ImageIO.framework       0x00007fff84e2e4bb
_CGImagePluginWriteTIFF + 321
11  com.apple.ImageIO.framework       0x00007fff84e2e362
CGImageDestinationFinalize + 130
12  com.apple.WebCore                 0x0000000100a59c84
WebCore::BitmapImage::getTIFFRepresentation() + 340
13  com.apple.WebCore                 0x0000000100a59aaa
WebCore::BitmapImage::getNSImage() + 58
14  com.apple.WebKit                  0x0000000100352179
webGetNSImage(WebCore::Image*, CGSize) + 57
15  com.apple.WebKit                  0x000000010039452a
-[WebView(WebViewInternal) _dispatchDidReceiveIconFromWebFrame:] + 186
16  com.apple.WebCore                 0x0000000100a519b9
WebCore::IconLoader::finishLoading(WebCore::KURL const&,
WTF::PassRefPtr<WebCore::SharedBuffer>) + 169
17  com.apple.WebCore                 0x0000000100a51ac2
WebCore::IconLoader::didFinishLoading(WebCore::SubresourceLoader*) + 226
18  com.apple.WebCore                 0x0000000100facced
WebCore::SubresourceLoader::didFinishLoading() + 45
19  com.apple.Foundation              0x00007fff85f65b78
_NSURLConnectionDidFinishLoading + 113
20  com.apple.CFNetwork               0x00007fff88ae88f4
URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue*)
+ 174
21  com.apple.CFNetwork               0x00007fff88b492b8
URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent,
XClientEventParams>*, long) + 254
22  com.apple.CFNetwork               0x00007fff88b49524
URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent,
XClientEventParams>*, long) + 874
23  com.apple.CFNetwork               0x00007fff88ad3611
URLConnectionClient::processEvents() + 121
24  com.apple.CFNetwork               0x00007fff88ad33ec
MultiplexerSource::perform() + 160
25  com.apple.CoreFoundation          0x00007fff83a53271 __CFRunLoopDoSources0
+ 1361
26  com.apple.CoreFoundation          0x00007fff83a51469 __CFRunLoopRun + 873
27  com.apple.CoreFoundation          0x00007fff83a50c2f CFRunLoopRunSpecific +
575
28  com.apple.HIToolbox               0x00007fff8139ea4e
RunCurrentEventLoopInMode + 333
29  com.apple.HIToolbox               0x00007fff8139e853 ReceiveNextEventCommon
+ 310
30  com.apple.HIToolbox               0x00007fff8139e70c
BlockUntilNextEventMatchingListInMode + 59
31  com.apple.AppKit                  0x00007fff82d431f2 _DPSNextEvent + 708
32  com.apple.AppKit                  0x00007fff82d42b41 -[NSApplication
nextEventMatchingMask:untilDate:inMode:dequeue:] + 155
33  com.apple.Safari                  0x000000010000ba00 0x100000000 + 47616
34  com.apple.AppKit                  0x00007fff82d08747 -[NSApplication run] +
395
35  com.apple.AppKit                  0x00007fff82d01468 NSApplicationMain +
364
36  com.apple.Safari                  0x0000000100001a28 0x100000000 + 6696

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list