Bug 18936 - SQUIRRELFISH: NULL dereference crash @ apple.com/startpage
Summary: SQUIRRELFISH: NULL dereference crash @ apple.com/startpage
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: JavaScriptCore (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.5
: P2 Normal
Assignee: Nobody
URL: http://apple.com/startpage
Keywords:
Depends on:
Blocks:
 
Reported: 2008-05-07 23:36 PDT by Geoffrey Garen
Modified: 2008-05-14 20:14 PDT (History)
0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Geoffrey Garen 2008-05-07 23:36:32 PDT 
TO REPRODUCE:
1. navigate to apple.com/startpage
-> crash

Top of backtrace:

#0  0x00626cc9 in KJS::JSValue::toObject (this=0xc, exec=0xbfffe66c) at value.h:526
#1  0x0063f555 in KJS::Machine::privateExecute (this=0x682760, flag=KJS::Machine::Normal, exec=0xbfffe66c, registerFile=0x180e5450, r=0x42d49b4, scopeChain=0x19e7e870, codeBlock=0x1a3c32c0, exception=0xbfffe728) at /Volumes/Big/ggaren/Labyrinth/OpenSource/JavaScriptCore/VM/Machine.cpp:1342
#2  0x00642193 in KJS::Machine::execute (this=0x682760, functionBodyNode=0x19e6ade0, exec=0x1805005c, function=0x1a0f9b20, thisObj=0x19fa0000, args=@0xbfffe7b8, registerFileStack=0x18050038, scopeChain=0x1a1829f0, exception=0xbfffe728) at /Volumes/Big/ggaren/Labyrinth/OpenSource/JavaScriptCore/VM/Machine.cpp:631
#3  0x00593698 in KJS::FunctionImp::callAsFunction (this=0x1a0f9b20, exec=0x1805005c, thisObj=0x19fa0000, args=@0xbfffe7b8) at function.cpp:86
#4  0x005b71f7 in KJS::JSObject::call (this=0x1a0f9b20, exec=0x1805005c, thisObj=0x19fa0000, args=@0xbfffe7b8) at object.cpp:101
#5  0x0239fe25 in WebCore::ScheduledAction::execute (this=0x1a150bd0, windowWrapper=0x19fa0000) at /Volumes/Big/ggaren/Labyrinth/OpenSource/WebCore/bindings/js/ScheduledAction.cpp:74
#6  0x02473255 in WebCore::JSDOMWindowBase::timerFired (this=0x19fa0020, timer=0x1a13e7b0) at /Volumes/Big/ggaren/Labyrinth/OpenSource/WebCore/bindings/js/JSDOMWindowBase.cpp:1362
#7  0x02473430 in WebCore::DOMWindowTimer::fired (this=0x1a13e7b0) at /Volumes/Big/ggaren/Labyrinth/OpenSource/WebCore/bindings/js/JSDOMWindowBase.cpp:1415
#8  0x023d7332 in WebCore::TimerBase::fireTimers (fireTime=1210227882.1675861, firingTimers=@0xbfffe94c) at /Volumes/Big/ggaren/Labyrinth/OpenSource/WebCore/platform/Timer.cpp:347
Comment 1 Maciej Stachowiak 2008-05-10 05:52:45 PDT 
I do not see this crash with current squirrelfish branch (plus my toString pach, which should not matter)
Comment 2 Cameron Zwarich (cpst) 2008-05-11 13:42:57 PDT 
I see the crash at http://www.apple.com/startpage/ if I go there from my about:blank home page. I don't see the crash at ArsTechnica. This is with r33031.
Comment 3 Cameron Zwarich (cpst) 2008-05-11 13:45:26 PDT 
(In reply to comment #2)
> I see the crash at http://www.apple.com/startpage/ if I go there from my
> about:blank home page. I don't see the crash at ArsTechnica. This is with
> r33031.

Oops, I meant I *don't* see the crash on either page.
Comment 4 Geoffrey Garen 2008-05-12 16:58:58 PDT 
For a little while, I saw this on Ars Technica and not New York Times, but now I see it on New York Times again. I think it may be related to incidental content, like ads.
Comment 5 Geoffrey Garen 2008-05-12 22:01:19 PDT 
(In reply to comment #4)
Strike that. I commented in the wrong bug.
Comment 6 Maciej Stachowiak 2008-05-14 20:14:05 PDT 
Given the latest comments, I believe this is fixed.