RESOLVED WORKSFORME 18816
ASSERTION FAILED: !vb->isUndefined() loading unl.edu 
https://bugs.webkit.org/show_bug.cgi?id=18816
Summary ASSERTION FAILED: !vb->isUndefined() loading unl.edu
Brian Shumate
Reported 2008-04-30 12:49:38 PDT
When visiting the UNL website at www.unl.edu, Webkit crashes. This should be reproducible on WebKit nightly build r32698
Attachments
Add attachment proposed patch, testcase, etc.
Matt Lilek
Comment 1 2008-04-30 12:59:11 PDT
Confirmed with r32736; regression from Safari 3.1.1 (5525.18) ASSERTION FAILED: !vb->isUndefined() (/Users/matt/Code/WebKit/JavaScriptCore/kjs/array_instance.cpp:496 bool KJS::CompareWithCompareFunctionArguments::operator()(KJS::JSValue*, KJS::JSValue*)) Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x004a3b99 KJS::CompareWithCompareFunctionArguments::operator()(KJS::JSValue*, KJS::JSValue*) + 145 (array_instance.cpp:496) 1 com.apple.JavaScriptCore 0x004a429b void std::__unguarded_linear_insert<KJS::JSValue**, KJS::JSValue*, KJS::CompareWithCompareFunctionArguments>(KJS::JSValue**, KJS::JSValue*, KJS::CompareWithCompareFunctionArguments) + 69 (stl_algo.h:2108) 2 com.apple.JavaScriptCore 0x004a4383 void std::__insertion_sort<KJS::JSValue**, KJS::CompareWithCompareFunctionArguments>(KJS::JSValue**, KJS::JSValue**, KJS::CompareWithCompareFunctionArguments) + 145 (stl_algo.h:2156) 3 com.apple.JavaScriptCore 0x004a4428 void std::__final_insertion_sort<KJS::JSValue**, KJS::CompareWithCompareFunctionArguments>(KJS::JSValue**, KJS::JSValue**, KJS::CompareWithCompareFunctionArguments) + 144 (stl_algo.h:2240) 4 com.apple.JavaScriptCore 0x004a44a4 void std::sort<KJS::JSValue**, KJS::CompareWithCompareFunctionArguments>(KJS::JSValue**, KJS::JSValue**, KJS::CompareWithCompareFunctionArguments) + 122 (stl_algo.h:2608) 5 com.apple.JavaScriptCore 0x00448c14 KJS::ArrayInstance::sort(KJS::ExecState*, KJS::JSObject*) + 104 (array_instance.cpp:518) 6 com.apple.JavaScriptCore 0x004490be KJS::arrayProtoFuncSort(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 194 (array_object.cpp:371) 7 com.apple.JavaScriptCore 0x00426650 KJS::PrototypeFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 34 (function.cpp:906) 8 com.apple.JavaScriptCore 0x004484b6 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 222 (object.cpp:99) 9 com.apple.JavaScriptCore 0x004a6940 KJS::FunctionCallDotNode::inlineEvaluate(KJS::ExecState*) + 802 (nodes.cpp:1495) 10 com.apple.JavaScriptCore 0x0045edca KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 30 (nodes.cpp:1501)
Cameron Zwarich (cpst)
Comment 2 2008-06-09 03:00:23 PDT
This no longer occurs, even with COLLECT_ON_EVERY_ALLOCATION. I don't have a debug build of r32698 to check, so maybe the page changed and it doesn't even occur with that revision anymore. Should we close this?
Alexey Proskuryakov
Comment 3 2008-06-09 14:14:56 PDT
This code has changed a lot since r32698, with many bugs fixed, so it is likely that the root cause of this was addressed.
Note You need to log in before you can comment on or make changes to this bug.