[Webkit-unassigned] [Bug 39008] REGRESSION (r58950): Webkit crashes on clicking back button when in hotmail

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu May 13 21:18:28 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=39008





--- Comment #5 from Joseph Pecoraro <joepeck at webkit.org>  2010-05-13 21:18:27 PST ---
After commenting out (but logging) when I hit the above ASSERT it looks like that doesn't cause a crash.

Doing some more "stress testing" of back & forward I hit the following ASSERT. The other assert didn't appear to have been hit.

ASSERTION FAILED: !cachedPage || cachedPage->document() == m_frame->document()
(/Users/pecoraro/Code/webkit-open-source/WebCore/loader/HistoryController.cpp:197 void WebCore::HistoryController::invalidateCurrentItemCachedPage())

Program received signal EXC_BAD_ACCESS, Could not access memory.
Reason: KERN_INVALID_ADDRESS at address: 0x00000000bbadbeef
0x000000010177e9bf in WebCore::HistoryController::invalidateCurrentItemCachedPage (this=0x1130249c0) at /Users/pecoraro/Code/webkit-open-source/WebCore/loader/HistoryController.cpp:197
197        ASSERT(!cachedPage || cachedPage->document() == m_frame->document());
(gdb) bt
#0  0x000000010177e9bf in WebCore::HistoryController::invalidateCurrentItemCachedPage (this=0x1130249c0) at /Users/pecoraro/Code/webkit-open-source/WebCore/loader/HistoryController.cpp:197
#1  0x0000000101712167 in WebCore::FrameLoader::receivedMainResourceError (this=0x113024850, error=@0x7fff5fbfe540, isComplete=true) at /Users/pecoraro/Code/webkit-open-source/WebCore/loader/FrameLoader.cpp:3311
#2  0x0000000101b38aba in WebCore::MainResourceLoader::didCancel (this=0x10807ce00, error=@0x7fff5fbfe540) at /Users/pecoraro/Code/webkit-open-source/WebCore/loader/MainResourceLoader.cpp:104
#3  0x0000000101d1db93 in WebCore::ResourceLoader::cancel (this=0x10807ce00, error=@0x7fff5fbfe5a0) at /Users/pecoraro/Code/webkit-open-source/WebCore/loader/ResourceLoader.cpp:362
#4  0x0000000101d1d2be in WebCore::ResourceLoader::cancel (this=0x10807ce00) at /Users/pecoraro/Code/webkit-open-source/WebCore/loader/ResourceLoader.cpp:352
#5  0x00000001015df406 in WebCore::DocumentLoader::stopLoading (this=0x108043e00, databasePolicy=WebCore::DatabasePolicyStop) at /Users/pecoraro/Code/webkit-open-source/WebCore/loader/DocumentLoader.cpp:232
#6  0x000000010170dbcf in WebCore::FrameLoader::stopAllLoaders (this=0x113024850, databasePolicy=WebCore::DatabasePolicyStop) at /Users/pecoraro/Code/webkit-open-source/WebCore/loader/FrameLoader.cpp:2214
#7  0x0000000101b98d8e in WebCore::Page::goToItem (this=0x111e50450, item=0x11abd14a0, type=WebCore::FrameLoadTypeForward) at /Users/pecoraro/Code/webkit-open-source/WebCore/page/Page.cpp:305
#8  0x0000000101b98f2a in WebCore::Page::goForward (this=0x111e50450) at /Users/pecoraro/Code/webkit-open-source/WebCore/page/Page.cpp:248
#9  0x0000000100f2be53 in -[WebView goForward] (self=0x111e4eb10, _cmd=0x7fff8423c7d8) at /Users/pecoraro/Code/webkit-open-source/WebKit/mac/WebView/WebView.mm:3161
#10 0x0000000100f21637 in -[WebView(WebIBActions) goForward:] (self=0x111e4eb10, _cmd=0x7fff879dd1b6, sender=0x105a8ef10) at /Users/pecoraro/Code/webkit-open-source/WebKit/mac/WebView/WebView.mm:3859
#11 0x000000010009180f in ?? ()
#12 0x00007fff83c818ea in -[NSApplication sendAction:to:from:] ()
#13 0x00000001000498cd in ?? ()
#14 0x00007fff83c81849 in -[NSControl sendAction:to:] ()
#15 0x00007fff83d0d8d0 in -[NSSegmentedCell _sendActionFrom:] ()
#16 0x00007fff83d0d1af in -[NSCell trackMouse:inRect:ofView:untilMouseUp:] ()
#17 0x00007fff83d0c6c7 in -[NSSegmentedCell trackMouse:inRect:ofView:untilMouseUp:] ()
#18 0x00007fff83d0bc59 in -[NSControl mouseDown:] ()
#19 0x00007fff83c25f1b in -[NSWindow sendEvent:] ()
#20 0x00000001000456c3 in ?? ()
#21 0x000000010011eb72 in ?? ()
#22 0x00007fff83b5b662 in -[NSApplication sendEvent:] ()
#23 0x0000000100030e66 in ?? ()
#24 0x00007fff83af20aa in -[NSApplication run] ()
#25 0x00007fff83aead7c in NSApplicationMain ()
#26 0x0000000100001d78 in ?? ()
Current language:  auto; currently c++
(gdb) p cachedPage
$1 = ('WebCore::CachedPage' *) 0x11ac59c60
(gdb) p cachedPage->document()
$2 = (class WebCore::Document *) 0x1142bcc00
(gdb) p m_frame->document()
$3 = (class WebCore::Document *) 0x106992600


I still haven't been able to reproduce the exact same crash with my ToT Debug build (r59438). =)

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list