13550 – Reproducible Crash in Javascript visiting http://whoissick.org/sickness/

Bug 13550 - Reproducible Crash in Javascript visiting http://whoissick.org/sickness/

Summary: Reproducible Crash in Javascript visiting http://whoissick.org/sickness/

Status:	RESOLVED WORKSFORME

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	JavaScriptCore (show other bugs)
Version:	523.x (Safari 3)
Hardware:	Mac OS X 10.4

Importance:	P1 Normal
Assignee:	Nobody

URL:	http://whoissick.org/sickness/
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2007-04-30 12:18 PDT by Brady Eidson
Modified:	2007-06-19 15:38 PDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brady Eidson 2007-04-30 12:18:14 PDT

0   <<00000000>> 	0x00000000 0 + 0
1   com.apple.WebCore        	0x01239111 KJS::DOMNodeListFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 183 (kjs_dom.cpp:783)
2   com.apple.JavaScriptCore 	0x006afeae KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97)
3   com.apple.JavaScriptCore 	0x006d92b1 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 815 (nodes.cpp:790)
4   com.apple.JavaScriptCore 	0x006a3e85 KJS::AssignExprNode::evaluate(KJS::ExecState*) + 43 (nodes.cpp:1579)
5   com.apple.JavaScriptCore 	0x006d6dc6 KJS::VarDeclNode::evaluate(KJS::ExecState*) + 88 (nodes.cpp:1596)
6   com.apple.JavaScriptCore 	0x006d6d0f KJS::VarDeclListNode::evaluate(KJS::ExecState*) + 51 (nodes.cpp:1644)
7   com.apple.JavaScriptCore 	0x006d6b6d KJS::VarStatementNode::execute(KJS::ExecState*) + 143 (nodes.cpp:1668)
8   com.apple.JavaScriptCore 	0x006d3bdf KJS::SourceElementsNode::execute(KJS::ExecState*) + 225 (nodes.cpp:2523)
9   com.apple.JavaScriptCore 	0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700)
10  com.apple.JavaScriptCore 	0x006d5c25 KJS::ForNode::execute(KJS::ExecState*) + 777 (nodes.cpp:1871)
11  com.apple.JavaScriptCore 	0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529)
12  com.apple.JavaScriptCore 	0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700)
13  com.apple.JavaScriptCore 	0x006acadf KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 39 (function.cpp:319)
14  com.apple.JavaScriptCore 	0x006c7ac1 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 567 (function.cpp:104)
15  com.apple.JavaScriptCore 	0x006afeae KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97)
16  com.apple.JavaScriptCore 	0x006d92b1 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 815 (nodes.cpp:790)
17  com.apple.JavaScriptCore 	0x006a3e85 KJS::AssignExprNode::evaluate(KJS::ExecState*) + 43 (nodes.cpp:1579)
18  com.apple.JavaScriptCore 	0x006d6dc6 KJS::VarDeclNode::evaluate(KJS::ExecState*) + 88 (nodes.cpp:1596)
19  com.apple.JavaScriptCore 	0x006d6d0f KJS::VarDeclListNode::evaluate(KJS::ExecState*) + 51 (nodes.cpp:1644)
20  com.apple.JavaScriptCore 	0x006d6b6d KJS::VarStatementNode::execute(KJS::ExecState*) + 143 (nodes.cpp:1668)
21  com.apple.JavaScriptCore 	0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529)
22  com.apple.JavaScriptCore 	0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700)
23  com.apple.JavaScriptCore 	0x006d6911 KJS::IfNode::execute(KJS::ExecState*) + 377 (nodes.cpp:1742)
24  com.apple.JavaScriptCore 	0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529)
25  com.apple.JavaScriptCore 	0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700)
26  com.apple.JavaScriptCore 	0x006acadf KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 39 (function.cpp:319)
27  com.apple.JavaScriptCore 	0x006c7ac1 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 567 (function.cpp:104)
28  com.apple.JavaScriptCore 	0x006afeae KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97)
29  com.apple.JavaScriptCore 	0x006d9933 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 613 (nodes.cpp:694)
30  com.apple.JavaScriptCore 	0x006d6a07 KJS::ExprStatementNode::execute(KJS::ExecState*) + 143 (nodes.cpp:1723)
31  com.apple.JavaScriptCore 	0x006d3bdf KJS::SourceElementsNode::execute(KJS::ExecState*) + 225 (nodes.cpp:2523)
32  com.apple.JavaScriptCore 	0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700)
33  com.apple.JavaScriptCore 	0x006d696c KJS::IfNode::execute(KJS::ExecState*) + 468 (nodes.cpp:1750)
34  com.apple.JavaScriptCore 	0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529)
35  com.apple.JavaScriptCore 	0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700)
36  com.apple.JavaScriptCore 	0x006d696c KJS::IfNode::execute(KJS::ExecState*) + 468 (nodes.cpp:1750)
37  com.apple.JavaScriptCore 	0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529)
38  com.apple.JavaScriptCore 	0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700)
39  com.apple.JavaScriptCore 	0x006acadf KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 39 (function.cpp:319)
40  com.apple.JavaScriptCore 	0x006c7ac1 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 567 (function.cpp:104)
41  com.apple.JavaScriptCore 	0x006afeae KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97)
42  com.apple.JavaScriptCore 	0x006d92b1 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 815 (nodes.cpp:790)
43  com.apple.JavaScriptCore 	0x006d6a07 KJS::ExprStatementNode::execute(KJS::ExecState*) + 143 (nodes.cpp:1723)
44  com.apple.JavaScriptCore 	0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529)
45  com.apple.JavaScriptCore 	0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700)
46  com.apple.JavaScriptCore 	0x006acadf KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 39 (function.cpp:319)
47  com.apple.JavaScriptCore 	0x006c7ac1 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 567 (function.cpp:104)
48  com.apple.JavaScriptCore 	0x006afeae KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97)
49  com.apple.JavaScriptCore 	0x006bd945 KJS::FunctionProtoFunc::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 1621 (function_object.cpp:139)
50  com.apple.JavaScriptCore 	0x006afeae KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97)
51  com.apple.JavaScriptCore 	0x006d92b1 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 815 (nodes.cpp:790)
52  com.apple.JavaScriptCore 	0x006d6a07 KJS::ExprStatementNode::execute(KJS::ExecState*) + 143 (nodes.cpp:1723)
53  com.apple.JavaScriptCore 	0x006d3bdf KJS::SourceElementsNode::execute(KJS::ExecState*) + 225 (nodes.cpp:2523)
54  com.apple.JavaScriptCore 	0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700)
55  com.apple.JavaScriptCore 	0x006d6911 KJS::IfNode::execute(KJS::ExecState*) + 377 (nodes.cpp:1742)
56  com.apple.JavaScriptCore 	0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529)
57  com.apple.JavaScriptCore 	0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700)
58  com.apple.JavaScriptCore 	0x006acadf KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 39 (function.cpp:319)
59  com.apple.JavaScriptCore 	0x006c7ac1 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 567 (function.cpp:104)
60  com.apple.JavaScriptCore 	0x006afeae KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97)
61  com.apple.JavaScriptCore 	0x006d96b4 KJS::FunctionCallBracketNode::evaluate(KJS::ExecState*) + 1002 (nodes.cpp:748)
62  com.apple.JavaScriptCore 	0x006d6a07 KJS::ExprStatementNode::execute(KJS::ExecState*) + 143 (nodes.cpp:1723)
63  com.apple.JavaScriptCore 	0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529)
64  com.apple.JavaScriptCore 	0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700)
65  com.apple.JavaScriptCore 	0x006d6911 KJS::IfNode::execute(KJS::ExecState*) + 377 (nodes.cpp:1742)
66  com.apple.JavaScriptCore 	0x006d3bdf KJS::SourceElementsNode::execute(KJS::ExecState*) + 225 (nodes.cpp:2523)
67  com.apple.JavaScriptCore 	0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700)
68  com.apple.JavaScriptCore 	0x006acadf KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 39 (function.cpp:319)
69  com.apple.JavaScriptCore 	0x006c7ac1 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 567 (function.cpp:104)
70  com.apple.JavaScriptCore 	0x006afeae KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97)
71  com.apple.JavaScriptCore 	0x006d9933 KJS::FunctionCallResolveNode::evaluate(KJS::ExecState*) + 613 (nodes.cpp:694)
72  com.apple.JavaScriptCore 	0x006d6a07 KJS::ExprStatementNode::execute(KJS::ExecState*) + 143 (nodes.cpp:1723)
73  com.apple.JavaScriptCore 	0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529)
74  com.apple.JavaScriptCore 	0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700)
75  com.apple.JavaScriptCore 	0x006d6911 KJS::IfNode::execute(KJS::ExecState*) + 377 (nodes.cpp:1742)
76  com.apple.JavaScriptCore 	0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529)
77  com.apple.JavaScriptCore 	0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700)
78  com.apple.JavaScriptCore 	0x006c7d21 KJS::TryNode::execute(KJS::ExecState*) + 143 (nodes.cpp:2346)
79  com.apple.JavaScriptCore 	0x006d3bdf KJS::SourceElementsNode::execute(KJS::ExecState*) + 225 (nodes.cpp:2523)
80  com.apple.JavaScriptCore 	0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700)
81  com.apple.JavaScriptCore 	0x006d5c25 KJS::ForNode::execute(KJS::ExecState*) + 777 (nodes.cpp:1871)
82  com.apple.JavaScriptCore 	0x006d3bdf KJS::SourceElementsNode::execute(KJS::ExecState*) + 225 (nodes.cpp:2523)
83  com.apple.JavaScriptCore 	0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700)
84  com.apple.JavaScriptCore 	0x006d6911 KJS::IfNode::execute(KJS::ExecState*) + 377 (nodes.cpp:1742)
85  com.apple.JavaScriptCore 	0x006d3cea KJS::SourceElementsNode::execute(KJS::ExecState*) + 492 (nodes.cpp:2529)
86  com.apple.JavaScriptCore 	0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700)
87  com.apple.JavaScriptCore 	0x006acadf KJS::DeclaredFunctionImp::execute(KJS::ExecState*) + 39 (function.cpp:319)
88  com.apple.JavaScriptCore 	0x006c7ac1 KJS::FunctionImp::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 567 (function.cpp:104)
89  com.apple.JavaScriptCore 	0x006afeae KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 210 (object.cpp:97)
90  com.apple.JavaScriptCore 	0x006d92b1 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 815 (nodes.cpp:790)
91  com.apple.JavaScriptCore 	0x006d6a07 KJS::ExprStatementNode::execute(KJS::ExecState*) + 143 (nodes.cpp:1723)
92  com.apple.JavaScriptCore 	0x006d3bdf KJS::SourceElementsNode::execute(KJS::ExecState*) + 225 (nodes.cpp:2523)
93  com.apple.JavaScriptCore 	0x006aca14 KJS::BlockNode::execute(KJS::ExecState*) + 136 (nodes.cpp:1700)
94  com.apple.JavaScriptCore 	0x006d0e77 KJS::Interpreter::evaluate(KJS::UString const&, int, KJS::UChar const*, int, KJS::JSValue*) + 973 (interpreter.cpp:365)
95  com.apple.WebCore        	0x01247c87 WebCore::KJSProxy::evaluate(WebCore::String const&, int, WebCore::String const&, WebCore::Node*) + 319 (kjs_proxy.cpp:78)
96  com.apple.WebCore        	0x013863b9 WebCore::FrameLoader::executeScript(WebCore::String const&, int, WebCore::Node*, WebCore::String const&) + 99 (FrameLoader.cpp:711)
97  com.apple.WebCore        	0x01386467 WebCore::FrameLoader::executeScript(WebCore::Node*, WebCore::String const&, bool) + 123 (FrameLoader.cpp:699)
98  com.apple.WebCore        	0x0124ec0f KJS::ScheduledAction::execute(KJS::Window*) + 891 (kjs_window.cpp:1937)
99  com.apple.WebCore        	0x01251c08 KJS::Window::timerFired(KJS::DOMWindowTimer*) + 424 (kjs_window.cpp:2054)
100 com.apple.WebCore        	0x01251c75 KJS::DOMWindowTimer::fired() + 47 (kjs_window.cpp:2640)
101 com.apple.WebCore        	0x011e7baa WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*, (unsigned long)0> const&) + 196 (Timer.cpp:322)
102 com.apple.WebCore        	0x011e7c47 WebCore::TimerBase::sharedTimerFired() + 109 (Timer.cpp:355)
103 com.apple.WebCore        	0x011e72fe WebCore::timerFired(__CFRunLoopTimer*, void*) + 22 (SharedTimerMac.cpp:47)
104 com.apple.CoreFoundation 	0x9082e7e2 CFRunLoopRunSpecific + 3341
105 com.apple.CoreFoundation 	0x9082dace CFRunLoopRunInMode + 61
106 com.apple.HIToolbox      	0x92de98d8 RunCurrentEventLoopInMode + 285
107 com.apple.HIToolbox      	0x92de8fe2 ReceiveNextEventCommon + 385
108 com.apple.HIToolbox      	0x92de8e39 BlockUntilNextEventMatchingListInMode + 81
109 com.apple.AppKit         	0x9328f465 _DPSNextEvent + 572
110 com.apple.AppKit         	0x9328f056 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 137
111 com.apple.Safari         	0x00022bc9 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 171 (BrowserApplication.m:161)
112 com.apple.AppKit         	0x93288ddb -[NSApplication run] + 512
113 com.apple.AppKit         	0x9327cd2f NSApplicationMain + 573
114 com.apple.Safari         	0x000aa1f3 main + 95 (main.m:27)
115 com.apple.Safari         	0x00002e76 _start + 216
116 com.apple.Safari         	0x00002d9d start + 41

Comment 1 Brady Eidson 2007-04-30 12:19:06 PDT

<rdar://problem/5171285>

Comment 2 Andrew Wellington 2007-05-13 05:40:00 PDT

I tried to reproduce this with r21441 and couldn't. Are you still seeing it Brady?

Comment 3 Geoffrey Garen 2007-06-19 15:38:47 PDT

DOMNodeListFunc doesn't exist anymore, nor does the crashing page. => Cannot reproduce.