Bug 18389 - REGRESSION (r31746?): Crash in JSDOMWindowWrapper::mark loading digg.com
Summary: REGRESSION (r31746?): Crash in JSDOMWindowWrapper::mark loading digg.com
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.5
: P2 Normal
Assignee: Nobody
URL: http://digg.com
Keywords:
: 18390 (view as bug list)
Depends on:
Blocks:
 
Reported: 2008-04-09 10:27 PDT by Adam Roben (:aroben)
Modified: 2008-04-09 17:25 PDT (History)
2 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Roben (:aroben) 2008-04-09 10:27:51 PDT
I'm seeing a crash in JSDOMWindowWrapper::mark when loading digg.com. Presumably this is a regression caused by r31746 <http://trac.webkit.org/projects/webkit/changeset/31746>

Backtrace:

#0	0x023aba32 in WebCore::JSDOMWindowWrapper::mark at JSDOMWindowWrapper.cpp:63
#1	0x005ce4c4 in KJS::Collector::markStackObjectsConservatively at collector.cpp:520
#2	0x005ce517 in KJS::Collector::markCurrentThreadConservatively at collector.cpp:548
#3	0x005ce66a in KJS::Collector::markStackObjectsConservatively at collector.cpp:693
#4	0x005dc3e7 in KJS::Collector::collect at collector.cpp:936
#5	0x0062c5d5 in KJS::Collector::heapAllocate<(KJS::Collector::HeapType)0> at collector.cpp:245
#6	0x005dc491 in KJS::Collector::allocate at collector.cpp:292
#7	0x005dc4a5 in KJS::JSCell::operator new at value.cpp:85
#8	0x0065342f in KJS::JSGlobalObject::reset at JSGlobalObject.cpp:253
#9	0x0065543c in KJS::JSGlobalObject::init at JSGlobalObject.cpp:146
#10	0x02384edd in KJS::JSGlobalObject::JSGlobalObject at JSGlobalObject.h:153
#11	0x0237efdb in WebCore::JSDOMWindowBase::JSDOMWindowBase at JSDOMWindowBase.cpp:197
#12	0x01fec810 in WebCore::JSDOMWindow::JSDOMWindow at JSDOMWindow.cpp:428
#13	0x01fec83c in WebCore::JSDOMWindow::JSDOMWindow at JSDOMWindow.cpp:430
#14	0x023342cc in WebCore::KJSProxy::initScript at kjs_proxy.cpp:148
#15	0x01fbacc8 in WebCore::KJSProxy::initScriptIfNeeded at kjs_proxy.h:86
#16	0x01ee2a81 in WebCore::KJSProxy::windowWrapper at kjs_proxy.h:51
#17	0x0237d872 in WebCore::toJSDOMWindow at JSDOMWindowBase.cpp:1432
#18	0x0232e222 in WebCore::allowsAccessFromFrame at kjs_binding.cpp:347
#19	0x0232e288 in WebCore::checkNodeSecurity at kjs_binding.cpp:340
#20	0x02019059 in WebCore::JSHTMLIFrameElement::getValueProperty at JSHTMLIFrameElement.cpp:180
#21	0x02019852 in KJS::staticValueGetter<WebCore::JSHTMLIFrameElement> at lookup.h:109
#22	0x00619d62 in KJS::PropertySlot::getValue at property_slot.h:49
#23	0x005cd952 in KJS::JSObject::get at object.cpp:164
#24	0x00647f07 in KJS::DotAccessorNode::inlineEvaluate at nodes.cpp:961
#25	0x005f9bdc in KJS::DotAccessorNode::evaluate at nodes.cpp:966
#26	0x005f71e2 in KJS::AssignLocalVarNode::evaluate at nodes.cpp:3554
#27	0x005f668d in KJS::ExprStatementNode::execute at nodes.cpp:3993
#28	0x005d9af9 in statementListExecute at nodes.cpp:3946
#29	0x005d9b86 in KJS::BlockNode::execute at nodes.cpp:3971
#30	0x005f65db in KJS::IfNode::execute at nodes.cpp:4030
#31	0x005d9af9 in statementListExecute at nodes.cpp:3946
#32	0x005d9b86 in KJS::BlockNode::execute at nodes.cpp:3971
#33	0x005f6556 in KJS::IfElseNode::execute at nodes.cpp:4048
#34	0x005d9af9 in statementListExecute at nodes.cpp:3946
#35	0x005d9b86 in KJS::BlockNode::execute at nodes.cpp:3971
#36	0x005f65db in KJS::IfNode::execute at nodes.cpp:4030
#37	0x005d9af9 in statementListExecute at nodes.cpp:3946
#38	0x005d9b86 in KJS::BlockNode::execute at nodes.cpp:3971
#39	0x005f6556 in KJS::IfElseNode::execute at nodes.cpp:4048
#40	0x005d9af9 in statementListExecute at nodes.cpp:3946
#41	0x005d9b86 in KJS::BlockNode::execute at nodes.cpp:3971
#42	0x005e7940 in KJS::FunctionBodyNode::execute at nodes.cpp:4890
#43	0x005e8092 in KJS::FunctionImp::callAsFunction at function.cpp:77
#44	0x005efc86 in KJS::JSObject::call at object.cpp:96
#45	0x00649442 in KJS::FunctionCallDotNode::inlineEvaluate at nodes.cpp:1495
#46	0x00606e66 in KJS::FunctionCallDotNode::evaluate at nodes.cpp:1500
#47	0x005f668d in KJS::ExprStatementNode::execute at nodes.cpp:3993
#48	0x005d9af9 in statementListExecute at nodes.cpp:3946
#49	0x005d9b86 in KJS::BlockNode::execute at nodes.cpp:3971
#50	0x005e7940 in KJS::FunctionBodyNode::execute at nodes.cpp:4890
#51	0x005e8092 in KJS::FunctionImp::callAsFunction at function.cpp:77
#52	0x005efc86 in KJS::JSObject::call at object.cpp:96
#53	0x00649442 in KJS::FunctionCallDotNode::inlineEvaluate at nodes.cpp:1495
#54	0x00606e66 in KJS::FunctionCallDotNode::evaluate at nodes.cpp:1500
#55	0x005f668d in KJS::ExprStatementNode::execute at nodes.cpp:3993
#56	0x005d9af9 in statementListExecute at nodes.cpp:3946
#57	0x005d9b86 in KJS::BlockNode::execute at nodes.cpp:3971
#58	0x005e7aee in KJS::ProgramNode::execute at nodes.cpp:4878
#59	0x00615e6e in KJS::Interpreter::evaluate at interpreter.cpp:103
#60	0x02334652 in WebCore::KJSProxy::evaluate at kjs_proxy.cpp:86
#61	0x01ef223d in WebCore::FrameLoader::executeScript at FrameLoader.cpp:783
#62	0x01f7720a in WebCore::HTMLTokenizer::scriptExecution at HTMLTokenizer.cpp:540
#63	0x01f78919 in WebCore::HTMLTokenizer::scriptHandler at HTMLTokenizer.cpp:480
#64	0x01f78f61 in WebCore::HTMLTokenizer::parseSpecial at HTMLTokenizer.cpp:330
#65	0x01f7af3d in WebCore::HTMLTokenizer::parseTag at HTMLTokenizer.cpp:1492
#66	0x01f7b8e9 in WebCore::HTMLTokenizer::write at HTMLTokenizer.cpp:1727
#67	0x01f77776 in WebCore::HTMLTokenizer::notifyFinished at HTMLTokenizer.cpp:2008
#68	0x01dcb0f4 in WebCore::CachedScript::checkNotify at CachedScript.cpp:95
#69	0x01dcb255 in WebCore::CachedScript::data at CachedScript.cpp:85
#70	0x02336312 in WebCore::Loader::Host::didFinishLoading at loader.cpp:268
#71	0x022ce077 in WebCore::SubresourceLoader::didFinishLoading at SubresourceLoader.cpp:193
#72	0x021c867e in WebCore::ResourceLoader::didFinishLoading at ResourceLoader.cpp:370
#73	0x021c5dd3 in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] at ResourceHandleMac.mm:521
Comment 1 Jeff Johnson 2008-04-09 11:26:39 PDT
*** Bug 18390 has been marked as a duplicate of this bug. ***
Comment 2 Sam Weinig 2008-04-09 17:25:06 PDT
Fixed in r31766.