[Webkit-unassigned] [Bug 39008] REGRESSION (r58950): Webkit crashes on clicking back button when in hotmail

Thu May 13 20:15:28 PDT 2010

https://bugs.webkit.org/show_bug.cgi?id=39008

--- Comment #4 from Joseph Pecoraro <joepeck at webkit.org>  2010-05-13 20:15:27 PST ---
I created a Hotmail account, and using the nightly mentioned by the originator (r59204) I habe able to reproduce this problem a few times. Just hammering back / forward and jumping between the Inbox and New message screens. I haven't been able to get concrete steps, so maybe this is based on advertisements.

It took a lot longer, but I finally hit an ASSERT in a debug build:

ASSERTION FAILED: item->documentSequenceNumber() == history()->currentItem()->documentSequenceNumber()
(/Users/pecoraro/Code/webkit-open-source/WebCore/loader/FrameLoader.cpp:3647 void WebCore::FrameLoader::navigateWithinDocument(WebCore::HistoryItem*))

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x00000000bbadbeef
0x00000001017150b8 in WebCore::FrameLoader::navigateWithinDocument (this=0x1118b1850, item=0x105abb6e0) at /Users/pecoraro/Code/webkit-open-source/WebCore/loader/FrameLoader.cpp:3647
3647        ASSERT(item->documentSequenceNumber() == history()->currentItem()->documentSequenceNumber());
(gdb) bt
#0  0x00000001017150b8 in WebCore::FrameLoader::navigateWithinDocument (this=0x1118b1850, item=0x105abb6e0) at /Users/pecoraro/Code/webkit-open-source/WebCore/loader/FrameLoader.cpp:3647
#1  0x00000001017182f0 in WebCore::FrameLoader::loadItem (this=0x1118b1850, item=0x105abb6e0, loadType=WebCore::FrameLoadTypeBack) at /Users/pecoraro/Code/webkit-open-source/WebCore/loader/FrameLoader.cpp:3786
#2  0x000000010177f25c in WebCore::HistoryController::recursiveGoToItem (this=0x1118b19c0, item=0x105abb6e0, fromItem=0x119ee8870, type=WebCore::FrameLoadTypeBack) at /Users/pecoraro/Code/webkit-open-source/WebCore/loader/HistoryController.cpp:598
#3  0x000000010177f3b8 in WebCore::HistoryController::goToItem (this=0x1118b19c0, targetItem=0x105abb6e0, type=WebCore::FrameLoadTypeBack) at /Users/pecoraro/Code/webkit-open-source/WebCore/loader/HistoryController.cpp:231
#4  0x0000000101b98da6 in WebCore::Page::goToItem (this=0x111006a80, item=0x105abb6e0, type=WebCore::FrameLoadTypeBack) at /Users/pecoraro/Code/webkit-open-source/WebCore/page/Page.cpp:308
#5  0x0000000101b98f5e in WebCore::Page::goBack (this=0x111006a80) at /Users/pecoraro/Code/webkit-open-source/WebCore/page/Page.cpp:237
#6  0x0000000100f2becd in -[WebView goBack] (self=0x111005180, _cmd=0x7fff8423c7cc) at /Users/pecoraro/Code/webkit-open-source/WebKit/mac/WebView/WebView.mm:3153
#7  0x0000000100f2165d in -[WebView(WebIBActions) goBack:] (self=0x111005180, _cmd=0x7fff879dd1c1, sender=0x10868b570) at /Users/pecoraro/Code/webkit-open-source/WebKit/mac/WebView/WebView.mm:3854
#8  0x0000000100090540 in ?? ()
#9  0x00007fff83c818ea in -[NSApplication sendAction:to:from:] ()
#10 0x00000001000498cd in ?? ()
#11 0x00007fff83c81849 in -[NSControl sendAction:to:] ()
#12 0x00007fff83d0d8d0 in -[NSSegmentedCell _sendActionFrom:] ()
#13 0x00007fff83d0d1af in -[NSCell trackMouse:inRect:ofView:untilMouseUp:] ()
#14 0x00007fff83d0c6c7 in -[NSSegmentedCell trackMouse:inRect:ofView:untilMouseUp:] ()
#15 0x00007fff83d0bc59 in -[NSControl mouseDown:] ()
#16 0x00007fff83c25f1b in -[NSWindow sendEvent:] ()
#17 0x00000001000456c3 in ?? ()
#18 0x000000010011eb72 in ?? ()
#19 0x00007fff83b5b662 in -[NSApplication sendEvent:] ()
#20 0x0000000100030e66 in ?? ()
#21 0x00007fff83af20aa in -[NSApplication run] ()
#22 0x00007fff83aead7c in NSApplicationMain ()
#23 0x0000000100001d78 in ?? ()

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.