To reproduce: run-webkit-tests --debug --guard-malloc svg/custom/js-update-bounce.svg Crashes with: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0xb9d5cffc 0x014c5709 in WebCore::Settings::isJavaScriptEnabled (this=0xb9d5cf74) at Settings.h:82 82 bool isJavaScriptEnabled() const { return m_isJavaScriptEnabled; } (gdb) bt #0 0x014c5709 in WebCore::Settings::isJavaScriptEnabled (this=0xb9d5cf74) at Settings.h:82 #1 0x010dac5b in WebCore::Frame::scriptProxy (this=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Frame.cpp:258 #2 0x0126a164 in KJS::Window::retrieve (p=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/bindings/js/kjs_window.cpp:400 #3 0x0126a1ad in KJS::Window::retrieveWindow (f=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/bindings/js/kjs_window.cpp:384 #4 0x010e0480 in WebCore::Frame::~Frame (this=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Frame.cpp:203 warning: internal error: no C/C++ fundamental type 1 #5 0x010e4b63 in WebCore::FrameMac::~FrameMac (this=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/mac/FrameMac.mm:152 #6 0x014c8e5e in WebCore::Shared<WebCore::Frame>::deref (this=0xb9db0fd4) at Shared.h:52 #7 0x014c8e86 in WTF::RefPtr<WebCore::Frame>::~RefPtr (this=0xb9d56ffc) at RefPtr.h:41 #8 0x015537c4 in WebCore::FocusController::~FocusController (this=0xb9d56ff8) at FocusController.h:40 #9 0x015537e7 in WTF::OwnPtr<WebCore::FocusController>::safeDelete (this=0xb9d50fd4) at OwnPtr.h:54 #10 0x01553805 in WTF::OwnPtr<WebCore::FocusController>::~OwnPtr (this=0xb9d50fd4) at OwnPtr.h:34 #11 0x011a1b6c in WebCore::Page::~Page (this=0xb9d50fc8) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Page.cpp:92 #12 0x0025d6c2 in -[WebView(WebPrivate) _close] (self=0xb9b04fac, _cmd=0x90a6b1dc) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebView.mm:647 #13 0x002621e3 in -[WebView close] (self=0xb9b04fac, _cmd=0x90a9bb2c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebView.mm:1764 #14 0x000061a1 in dumpRenderTree (argc=2, argv=0xbffff62c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKitTools/DumpRenderTree/DumpRenderTree.m:431 #15 0x000062d6 in main (argc=2, argv=0xbffff62c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKitTools/DumpRenderTree/DumpRenderTree.m:459
Created attachment 12595 [details] Patch
Comment on attachment 12595 [details] Patch Need a nil check of m_jscript which can be 0 if JavaScript was disabled or never used. Should not have a space in Window*.
The code is inside "if (d->m_jscript && d->m_jscript->haveInterpreter())", so d->m_jscript can never be nil.
Comment on attachment 12595 [details] Patch Resetting review? flag per Comment #3.
Comment on attachment 12595 [details] Patch r=me
Landed in r19023.