r26843 crashes when opening this page. 0 com.apple.JavaScriptCore 0x004923f4 KJS::Collector::allocate(unsigned long) + 20 1 com.apple.JavaScriptCore 0x00493578 KJS::jsString(KJS::UString const&) + 216 2 com.apple.JavaScriptCore 0x00494058 KJS::NativeErrorImp::construct(KJS::ExecState*, KJS::List const&) + 168 3 com.apple.JavaScriptCore 0x004958d8 KJS::Error::create(KJS::ExecState*, KJS::ErrorType, KJS::UString const&, int, int, KJS::UString const&) + 968 4 com.apple.JavaScriptCore 0x00495c80 KJS::throwError(KJS::ExecState*, KJS::ErrorType, char const*) + 80 5 com.apple.JavaScriptCore 0x004aca28 KJS::JSObject::defaultValue(KJS::ExecState*, KJS::JSType) const + 1160 6 com.apple.JavaScriptCore 0x004a5ec4 KJS::equal(KJS::ExecState*, KJS::JSValue*, KJS::JSValue*) + 532 7 com.apple.JavaScriptCore 0x004a5ed4 KJS::equal(KJS::ExecState*, KJS::JSValue*, KJS::JSValue*) + 548 8 com.apple.JavaScriptCore 0x004a5ed4 KJS::equal(KJS::ExecState*, KJS::JSValue*, KJS::JSValue*) + 548 9 com.apple.JavaScriptCore 0x004a5ed4 KJS::equal(KJS::ExecState*, KJS::JSValue*, KJS::JSValue*) + 548 10 com.apple.JavaScriptCore 0x004a5ed4 KJS::equal(KJS::ExecState*, KJS::JSValue*, KJS::JSValue*) + 548
Created attachment 16800 [details] test case (will crash) Looks like the new limit for JS stack set in <http://trac.webkit.org/projects/webkit/changeset/25161> is too large indeed. The problem in the original page is caused by a script that accurately preserves window.onload while setting it to its own function. This script is included twice, which causes infinite recursion - must be a pretty common situation. function onLoad() { ... if (savedOnload) savedOnload(); } savedOnload = window.onload; window.onload = onLoad;
Hmm, changing KJS_MAX_STACK back to 100 doesn't fix the problem for me.
This doesn't have anything to do with JS stack - the infinite recursion is in native code.
Crashes on the earliest known WebKit nightly (r11976) with Safari 2.0.4 (419.3) on Mac OS X 10.4.11 (8S165). Does NOT crash with Safari 2.0.4 (419.3) with original WebKit on 10.4.11.
<rdar://problem/5619353>
Got a fix.
Created attachment 17664 [details] patch
Comment on attachment 17664 [details] patch r=me
Committed revision 28370.