17136 – Crash in ICU beneath xsltUnicodeSortFunction with Windows r29908 nightly

Bug 17136 - Crash in ICU beneath xsltUnicodeSortFunction with Windows r29908 nightly

Summary: Crash in ICU beneath xsltUnicodeSortFunction with Windows r29908 nightly

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Tools / Tests (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Windows Vista

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Duplicates (1):	17894 (view as bug list)
Depends on:
Blocks:

Reported:	2008-02-01 08:12 PST by Adam Plumb
Modified:	2008-03-18 09:09 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
crash dump txt file (8.31 KB, text/plain) 2008-02-01 08:13 PST, Adam Plumb	no flags	Details
crash dump file (53.20 KB, application/octet-stream) 2008-02-01 08:14 PST, Adam Plumb	no flags	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Adam Plumb 2008-02-01 08:12:50 PST

I'm using Safari 3.0.4 with the latest nightly build (r29908) when I load the webapp I'm working on, it crashes almost immediately.  The webapp makes use of xslt transformations using sarissa, and has some ajax calls in the first page.

Comment 1 Adam Plumb 2008-02-01 08:13:49 PST

Created attachment 18847 [details]
crash dump txt file

Comment 2 Adam Plumb 2008-02-01 08:14:20 PST

Created attachment 18848 [details]
crash dump file

Comment 3 Adam Plumb 2008-02-01 08:18:01 PST

I just tried nightly build r29603 and the same thing happens.

Comment 4 Adam Plumb 2008-02-01 08:24:37 PST

Just tried webkit nightly r28586 and the webapp loads fine without problems.

Comment 5 Adam Roben (:aroben) 2008-02-01 08:28:53 PST

Here's the backtrace:

 	icuin36.dll!_ucol_strcoll_3_6()  + 0x280 bytes	C++
>	WebKit.dll!WebCore::xsltUnicodeSortFunction(_xsltTransformContext * ctxt=, _xmlNode * * sorts=, int nbsorts=)  Line 264	C++
 	msvcr80.dll!_free()  + 0xcd bytes	
 	00000001()	
 	kernel32.dll!_HeapFree@12()  + 0x14 bytes	
 	msvcr80.dll!_free()  + 0xcd bytes	
 	libxml2.dll!_xmlXPathFreeParserContext()  + 0x2d bytes	C
 	libxml2.dll!_xmlXPathCompiledEval()  + 0xd1 bytes	C
 	libxslt.dll!_xsltForEach()  + 0x230 bytes	C
 	libxslt.dll!_xsltApplyOneTemplate()  + 0x2a3 bytes	C
 	libxslt.dll!_xsltProcessOneNode()  + 0x193 bytes	C
 	libxslt.dll!_xsltApplyStripSpaces()  + 0x302 bytes	C
 	libxslt.dll!_xsltProcessOneNode()  + 0xdb bytes	C
 	libxslt.dll!_xsltNewTransformContext()  + 0x7d9 bytes	C
 	WebKit.dll!WebCore::XSLTProcessor::transformToString(WebCore::Node * sourceNode=0x02d486b8, WebCore::String & mimeType={...}, WebCore::String & resultString={...}, WebCore::String & resultEncoding={...})  Line 378	C++
 	WebKit.dll!WebCore::XSLTProcessor::transformToDocument(WebCore::Node * sourceNode=0x00000000)  Line 404 + 0x31 bytes	C++
 	WebKit.dll!KJS::jsXSLTProcessorPrototypeFunctionTransformToDocument(KJS::ExecState * exec=0x0012f2c0, KJS::JSObject * thisObj=0x043da200, const KJS::List & args={...})  Line 115	C++
 	WebKit.dll!KJS::PrototypeFunction::callAsFunction(KJS::ExecState * exec=0x0012f2c0, KJS::JSObject * thisObj=0x043da200, const KJS::List & args={...})  Line 882 + 0x14 bytes	C++
 	WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x043da200, const KJS::List & args={...})  Line 99	C++
 	WebKit.dll!KJS::FunctionCallDotNode::evaluate(KJS::ExecState * exec=0x0012f2c0)  Line 1230 + 0x13 bytes	C++
 	WebKit.dll!KJS::AssignLocalVarNode::evaluate(KJS::ExecState * exec=0x0012f2c0)  Line 3276	C++
 	WebKit.dll!KJS::ConstStatementNode::execute(KJS::ExecState * exec=0x0012f2c0)  Line 3736	C++
 	WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000)  Line 3673	C++
 	WebKit.dll!KJS::BlockNode::execute(KJS::ExecState * exec=0x0012f2c0)  Line 3697 + 0xc bytes	C++
 	WebKit.dll!KJS::IfElseNode::execute(KJS::ExecState * exec=0x0012f2c0)  Line 3774 + 0xa bytes	C++
 	WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000)  Line 3673	C++
 	WebKit.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x00000005)  Line 4616 + 0x8 bytes	C++
 	WebKit.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x0012f3fc, KJS::JSObject * thisObj=0x039c0000, const KJS::List & args={...})  Line 76 + 0xf bytes	C++
 	WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x039c0000, const KJS::List & args={...})  Line 99	C++
 	WebKit.dll!KJS::FunctionCallResolveNode::evaluate(KJS::ExecState * exec=0x0012f3fc)  Line 1040 + 0x1e bytes	C++
 	WebKit.dll!KJS::AssignLocalVarNode::evaluate(KJS::ExecState * exec=0x0012f3fc)  Line 3276	C++
 	WebKit.dll!KJS::ConstStatementNode::execute(KJS::ExecState * exec=0x0012f3fc)  Line 3736	C++
 	WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000)  Line 3673	C++
 	WebKit.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x00000002)  Line 4616 + 0x8 bytes	C++
 	WebKit.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x0012f524, KJS::JSObject * thisObj=0x039c0000, const KJS::List & args={...})  Line 76 + 0xf bytes	C++
 	WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x039c0000, const KJS::List & args={...})  Line 99	C++
 	WebKit.dll!KJS::FunctionCallResolveNode::evaluate(KJS::ExecState * exec=0x0012f524)  Line 1040 + 0x1e bytes	C++
 	WebKit.dll!KJS::ExprStatementNode::execute(KJS::ExecState * exec=0x0012f524)  Line 3720	C++
 	WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000)  Line 3673	C++
 	WebKit.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x00000001)  Line 4616 + 0x8 bytes	C++
 	WebKit.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x0012f64c, KJS::JSObject * thisObj=0x039c0000, const KJS::List & args={...})  Line 76 + 0xf bytes	C++
 	WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x039c0000, const KJS::List & args={...})  Line 99	C++
 	WebKit.dll!KJS::FunctionCallResolveNode::evaluate(KJS::ExecState * exec=0x0012f64c)  Line 1040 + 0x1e bytes	C++
 	WebKit.dll!KJS::ExprStatementNode::execute(KJS::ExecState * exec=0x0012f64c)  Line 3720	C++
 	WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000)  Line 3673	C++
 	WebKit.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x00000000)  Line 4616 + 0x8 bytes	C++
 	WebKit.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x0012f774, KJS::JSObject * thisObj=0x039c0000, const KJS::List & args={...})  Line 76 + 0xf bytes	C++
 	WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x039c0000, const KJS::List & args={...})  Line 99	C++
 	WebKit.dll!KJS::FunctionCallResolveNode::evaluate(KJS::ExecState * exec=0x0012f774)  Line 1040 + 0x1e bytes	C++
 	WebKit.dll!KJS::ExprStatementNode::execute(KJS::ExecState * exec=0x0012f774)  Line 3720	C++
 	WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000)  Line 3673	C++
 	WebKit.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x00000000)  Line 4616 + 0x8 bytes	C++
 	WebKit.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x0012f8f0, KJS::JSObject * thisObj=0x039c0000, const KJS::List & args={...})  Line 76 + 0xf bytes	C++
 	WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x039c0000, const KJS::List & args={...})  Line 99	C++
 	WebKit.dll!KJS::FunctionCallValueNode::evaluate(KJS::ExecState * exec=)  Line 975 + 0xf bytes	C++
 	WebKit.dll!KJS::AssignDotNode::evaluate(KJS::ExecState * exec=0x0012f8f0)  Line 3393	C++
 	WebKit.dll!KJS::ExprStatementNode::execute(KJS::ExecState * exec=0x0012f8f0)  Line 3720	C++
 	WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000)  Line 3673	C++
 	WebKit.dll!KJS::BlockNode::execute(KJS::ExecState * exec=0x0012f8f0)  Line 3697 + 0xc bytes	C++
 	WebKit.dll!KJS::TryNode::execute(KJS::ExecState * exec=0x0012f8f0)  Line 4291	C++
 	WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000)  Line 3673	C++
 	WebKit.dll!KJS::BlockNode::execute(KJS::ExecState * exec=0x0012f8f0)  Line 3697 + 0xc bytes	C++
 	WebKit.dll!KJS::IfNode::execute(KJS::ExecState * exec=0x0012f8f0)  Line 3756 + 0xb bytes	C++
 	WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000)  Line 3673	C++
 	WebKit.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x00000003)  Line 4616 + 0x8 bytes	C++
 	WebKit.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x0012fa24, KJS::JSObject * thisObj=0x044304c0, const KJS::List & args={...})  Line 76 + 0xf bytes	C++
 	WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x044304c0, const KJS::List & args={...})  Line 99	C++
 	WebKit.dll!KJS::FunctionCallDotNode::evaluate(KJS::ExecState * exec=0x0012fa24)  Line 1230 + 0x13 bytes	C++
 	WebKit.dll!KJS::ExprStatementNode::execute(KJS::ExecState * exec=0x0012fa24)  Line 3720	C++
 	WebKit.dll!KJS::IfNode::execute(KJS::ExecState * exec=0x0012fa24)  Line 3756 + 0xb bytes	C++
 	WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000)  Line 3673	C++
 	WebKit.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x00000001)  Line 4616 + 0x8 bytes	C++
 	WebKit.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x0012fbec, KJS::JSObject * thisObj=0x044304c0, const KJS::List & args={...})  Line 76 + 0xf bytes	C++
 	WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x044304c0, const KJS::List & args={...})  Line 99	C++
 	WebKit.dll!KJS::functionProtoFuncApply(KJS::ExecState * exec=, KJS::JSObject * thisObj=, const KJS::List & args=)  Line 110 + 0x13 bytes	C++
 	WebKit.dll!KJS::PrototypeFunction::callAsFunction(KJS::ExecState * exec=0x0012fbec, KJS::JSObject * thisObj=0x04381620, const KJS::List & args={...})  Line 882 + 0x14 bytes	C++
 	WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x04381620, const KJS::List & args={...})  Line 99	C++
 	WebKit.dll!KJS::FunctionCallDotNode::evaluate(KJS::ExecState * exec=0x0012fbec)  Line 1230 + 0x13 bytes	C++
 	WebKit.dll!KJS::ReturnNode::execute(KJS::ExecState * exec=0x0012fbec)  Line 4078	C++
 	WebKit.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x00000000)  Line 3673	C++
 	WebKit.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x00000000)  Line 4616 + 0x8 bytes	C++
 	WebKit.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x7fefaea0, KJS::JSObject * thisObj=0x043df580, const KJS::List & args={...})  Line 76 + 0xf bytes	C++
 	WebKit.dll!KJS::JSObject::call(KJS::ExecState * exec=0x00000000, KJS::JSObject * thisObj=0x043df580, const KJS::List & args={...})  Line 99	C++
 	WebKit.dll!WebCore::JSAbstractEventListener::handleEvent(WebCore::Event * ele=, bool isWindowEvent=)  Line 116	C++
 	pthreadVC2.dll!_pthread_once()  + 0x1e bytes	C
 	WebKit.dll!WebCore::currentTime()  Line 54	C++
 	WebKit.dll!WebCore::XMLHttpRequest::didFinishLoading(WebCore::SubresourceLoader * loader=0x7ff269c0)  Line 699	C++
 	WebKit.dll!WebCore::SubresourceLoader::didFinishLoading()  Line 193 + 0xe bytes	C++
 	WebKit.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal=0x7fca22a0)  Line 373	C++
 	WebKit.dll!WebCore::didFinishLoading(_CFURLConnection * conn=0x000b0432, const void * clientInfo=0x000004cf)  Line 112	C++

Comment 6 Adam Roben (:aroben) 2008-02-01 08:41:58 PST

<rdar://problem/5719597>

Comment 7 Alexey Proskuryakov 2008-02-01 11:42:20 PST

The nightly archive only includes two ICU Dlls of three - it also needs to include the largest one, icudt36.dll.

Comment 8 Alexey Proskuryakov 2008-03-18 01:58:37 PDT

*** Bug 17894 has been marked as a duplicate of this bug. ***

Comment 9 Mark Rowe (bdash) 2008-03-18 09:09:51 PDT

Please install Safari 3.1 to resolve this issue.  It was released earlier today and contains the updated ICU DLLs that fix this crash.