[Webkit-unassigned] [Bug 49667] New: REGRESSION: Crash in WebCore when moving JIRA bug to another project

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Nov 17 08:55:03 PST 2010 

https://bugs.webkit.org/show_bug.cgi?id=49667

           Summary: REGRESSION: Crash in WebCore when moving JIRA bug to
                    another project
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh Intel
        OS/Version: Mac OS X 10.6
            Status: UNCONFIRMED
          Severity: Major
          Priority: P2
         Component: WebCore JavaScript
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rex_4539 at yahoo.com


Safari 5.0.2 (6533.18.5, r72146)
JIRA 4.1.2#531

Reproducibility: always

Steps:
1. Open an existing JIRA bug.
2. More Actions -> Move
3. Choose a different project and click on "Next" button.

What happened:
3. Crash.

Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   ???                               0x000000011a8c0c60 0 + 4740353120
1   com.apple.WebCore                 0x0000000100dce28e WebCore::Document::resetFormElementsOwner(WebCore::HTMLFormElement*) + 46
2   com.apple.WebCore                 0x0000000100d0077c WebCore::ContainerNode::removedFromDocument() + 76
3   com.apple.WebCore                 0x0000000100d0077c WebCore::ContainerNode::removedFromDocument() + 76
4   com.apple.WebCore                 0x0000000100d0077c WebCore::ContainerNode::removedFromDocument() + 76
5   com.apple.WebCore                 0x0000000100d03cbb void WebCore::Private::addChildNodesToDeletionQueue<WebCore::Node, WebCore::ContainerNode>(WebCore::Node*&, WebCore::Node*&, WebCore::ContainerNode*) + 107
6   com.apple.WebCore                 0x0000000100d03d7e void WebCore::removeAllChildrenInContainer<WebCore::Node, WebCore::ContainerNode>(WebCore::ContainerNode*) + 142
7   com.apple.WebCore                 0x0000000100ddcd13 WebCore::Document::removedLastRef() + 339
8   com.apple.WebCore                 0x0000000100ec2262 WebCore::DynamicNodeList::~DynamicNodeList() + 114
9   com.apple.WebCore                 0x00000001017cff9f WebCore::TagNodeList::~TagNodeList() + 127
10  com.apple.WebCore                 0x0000000101315faf WebCore::JSNodeList::~JSNodeList() + 239
11  com.apple.JavaScriptCore          0x000000010079bc5c JSC::Heap::sweep() + 284
12  com.apple.JavaScriptCore          0x000000010079e61b JSC::Heap::collectAllGarbage() + 75
13  com.apple.WebCore                 0x0000000100f58295 WebCore::collect(void*) + 21
14  com.apple.WebCore                 0x00000001017ec357 WebCore::ThreadTimers::sharedTimerFiredInternal() + 151
15  com.apple.WebCore                 0x00000001016f9f35 WebCore::timerFired(__CFRunLoopTimer*, void*) + 53
16  com.apple.CoreFoundation          0x00007fff832c7be8 __CFRunLoopRun + 6488
17  com.apple.CoreFoundation          0x00007fff832c5dbf CFRunLoopRunSpecific + 575
18  com.apple.HIToolbox               0x00007fff8265991a RunCurrentEventLoopInMode + 333
19  com.apple.HIToolbox               0x00007fff8265971f ReceiveNextEventCommon + 310
20  com.apple.HIToolbox               0x00007fff826595d8 BlockUntilNextEventMatchingListInMode + 59
21  com.apple.AppKit                  0x00007fff87ffae64 _DPSNextEvent + 718
22  com.apple.AppKit                  0x00007fff87ffa7a9 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 155
23  com.apple.Safari                  0x00000001000165d4 0x100000000 + 91604
24  com.apple.AppKit                  0x00007fff87fc048b -[NSApplication run] + 395
25  com.apple.AppKit                  0x00007fff87fb91a8 NSApplicationMain + 364
26  com.apple.Safari                  0x000000010000a4a0 0x100000000 + 42144

Expected result:
WebKit does not crash.

Notes:
Regression was introduced with r72146.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list