[Webkit-unassigned] [Bug 53856] New: Regression / Crash(Chromium): Navigating to the initial page doesn't work and crashes Chromium
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Feb 5 08:44:50 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=53856
Summary: Regression / Crash(Chromium): Navigating to the
initial page doesn't work and crashes Chromium
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
URL: https://bugs.webkit.org/attachment.cgi?id=58498
OS/Version: Windows Vista
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: History
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: peter at chromium.org
CC: fishd at chromium.org
The initial testcase from bug 40451 does not navigate back to the initial page:
https://bugs.webkit.org/attachment.cgi?id=58425&action=edit
The reduced test-case (v2) doesn't either, but doesn't do so in Firefox and/or Opera either.
Reproduction steps:
1. Open the test-case.
2. Click on "Artists" in the iframe.
3. Navigate backwards.
Behavior WebKit nightly (r77737):
It's impossible to go back to the initial content without refreshing. Opera and Firefox work fine here.
Behavior Chromium (73930):
Same as above, with one addition: when navigating forward again, it crashes on Windows Vista SP2 (64-bit) with the following call stack:
> chrome.dll!WebCore::HistoryController::recursiveSetProvisionalItem(WebCore::HistoryItem * item=0x043036e0, WebCore::HistoryItem * fromItem=0x07629320, WebCore::FrameLoadType type=FrameLoadTypeIndexedBackForward) Line 629 C++
chrome.dll!WebCore::HistoryController::goToItem(WebCore::HistoryItem * targetItem=0x043036e0, WebCore::FrameLoadType type=FrameLoadTypeIndexedBackForward) Line 250 C++
chrome.dll!WebKit::WebFrameImpl::loadHistoryItem(const WebKit::WebHistoryItem & item={...}) Line 908 C++
chrome.dll!RenderView::OnNavigate(const ViewMsg_Navigate_Params & params={...}) Line 1437 + 0x24 bytes C++
chrome.dll!IPC::MessageWithTuple<Tuple1<ViewMsg_Navigate_Params> >::Dispatch<RenderView,RenderView,void (__thiscall RenderView::*)(ViewMsg_Navigate_Params const &)>(const IPC::Message * msg=0x04efca90, RenderView * obj=0x04703400, RenderView * sender=0x04703400, void (const ViewMsg_Navigate_Params &)* func=0x5dcb6d00) Line 934 C++
chrome.dll!RenderView::OnMessageReceived(const IPC::Message & message={...}) Line 987 + 0x1e bytes C++
chrome.dll!MessageRouter::RouteMessage(const IPC::Message & msg={...}) Line 46 + 0xa bytes C++
chrome.dll!MessageRouter::OnMessageReceived(const IPC::Message & msg={...}) Line 38 + 0x5 bytes C++
chrome.dll!ChildThread::OnMessageReceived(const IPC::Message & msg={...}) Line 168 + 0xb bytes C++
chrome.dll!RunnableMethod<SafeBrowsingService,void (__thiscall SafeBrowsingService::*)(SafeBrowsingService::UnsafeResource const &),Tuple1<SafeBrowsingService::UnsafeResource> >::Run() Line 331 + 0xf bytes C++
chrome.dll!MessageLoop::RunTask(Task * task=0x04efca80) Line 363 C++
chrome.dll!MessageLoop::DoWork() Line 564 + 0x8 bytes C++
chrome.dll!base::MessagePumpForUI::DoRunLoop() Line 202 C++
chrome.dll!base::MessagePumpWin::Run(base::MessagePump::Delegate * delegate=0x0492fabc) Line 79 + 0x42 bytes C++
chrome.dll!MessageLoop::RunInternal() Line 337 + 0xb bytes C++
chrome.dll!MessageLoop::Run() Line 235 C++
chrome.dll!base::Thread::Run(MessageLoop * message_loop=0x0492fabc) Line 129 C++
chrome.dll!base::Thread::ThreadMain() Line 167 C++
chrome.dll!base::`anonymous namespace'::ThreadFunc(void * params=0x042f1a98) Line 38 C++
This is reproducible with the reduced test-case as well:
https://bugs.webkit.org/attachment.cgi?id=58498
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list