UPDATE: I’ve belatedly realize that although I quote the bug, I probably make it sound like this bug relates to all dynamic CSS, which is not the case. In general it’s probably pretty rare to find random CSS code on the web that will trip the bug. That said, if you are using Apple’s excellent Dashcode tool to create your HTML/CSS/JS, it’s actually pretty hard NOT to trip the bug.
Recently I was using a WebKit to serve up some static content in my Snow Leopard only, garbage collected app, when I ran into a crash with a call stack winding through WebKit and ending in an errant CFRelease.
The crash manifested whenever I tried to change CSS properties from JavaScript called back from my Objective-C code (via the WebKit WebScriptObject interface). Pretty quickly, I realized that I could also get the crash to happen from JavaScript code changing CSS properties in a vanilla JavaScript timer callback, or pretty much any JavaScript code post page load / initial page render for that matter.
A good bit of WebKit source spelunking later revealed this little gem:
http://trac.webkit.org/changeset/50918
Thankfully, there is more than just the opaque reference to rdar://problem/7390716 (wonder what that bug is) and we get a reference to:
https://bugs.webkit.org/show_bug.cgi?id=31429
Which bottom lines to this little beauty:
“Crash when a CSS transition is run on a CSS transform in a GC supported or GC required build.”
Sweet. I am alone in thinking that this means there is pretty much no way to use WebKit in a garbage collected (or even garbage collection supported for that matter) Mac application?
Oh, well, score one for open source; custom local build of WebKit.framework here I come!
