RESOLVED FIXED 18936
SQUIRRELFISH: NULL dereference crash @ apple.com/startpage 
https://bugs.webkit.org/show_bug.cgi?id=18936
Summary SQUIRRELFISH: NULL dereference crash @ apple.com/startpage
Geoffrey Garen
Reported 2008-05-07 23:36:32 PDT
TO REPRODUCE: 1. navigate to apple.com/startpage -> crash Top of backtrace: #0 0x00626cc9 in KJS::JSValue::toObject (this=0xc, exec=0xbfffe66c) at value.h:526 #1 0x0063f555 in KJS::Machine::privateExecute (this=0x682760, flag=KJS::Machine::Normal, exec=0xbfffe66c, registerFile=0x180e5450, r=0x42d49b4, scopeChain=0x19e7e870, codeBlock=0x1a3c32c0, exception=0xbfffe728) at /Volumes/Big/ggaren/Labyrinth/OpenSource/JavaScriptCore/VM/Machine.cpp:1342 #2 0x00642193 in KJS::Machine::execute (this=0x682760, functionBodyNode=0x19e6ade0, exec=0x1805005c, function=0x1a0f9b20, thisObj=0x19fa0000, args=@0xbfffe7b8, registerFileStack=0x18050038, scopeChain=0x1a1829f0, exception=0xbfffe728) at /Volumes/Big/ggaren/Labyrinth/OpenSource/JavaScriptCore/VM/Machine.cpp:631 #3 0x00593698 in KJS::FunctionImp::callAsFunction (this=0x1a0f9b20, exec=0x1805005c, thisObj=0x19fa0000, args=@0xbfffe7b8) at function.cpp:86 #4 0x005b71f7 in KJS::JSObject::call (this=0x1a0f9b20, exec=0x1805005c, thisObj=0x19fa0000, args=@0xbfffe7b8) at object.cpp:101 #5 0x0239fe25 in WebCore::ScheduledAction::execute (this=0x1a150bd0, windowWrapper=0x19fa0000) at /Volumes/Big/ggaren/Labyrinth/OpenSource/WebCore/bindings/js/ScheduledAction.cpp:74 #6 0x02473255 in WebCore::JSDOMWindowBase::timerFired (this=0x19fa0020, timer=0x1a13e7b0) at /Volumes/Big/ggaren/Labyrinth/OpenSource/WebCore/bindings/js/JSDOMWindowBase.cpp:1362 #7 0x02473430 in WebCore::DOMWindowTimer::fired (this=0x1a13e7b0) at /Volumes/Big/ggaren/Labyrinth/OpenSource/WebCore/bindings/js/JSDOMWindowBase.cpp:1415 #8 0x023d7332 in WebCore::TimerBase::fireTimers (fireTime=1210227882.1675861, firingTimers=@0xbfffe94c) at /Volumes/Big/ggaren/Labyrinth/OpenSource/WebCore/platform/Timer.cpp:347
Attachments
Add attachment proposed patch, testcase, etc.
Maciej Stachowiak
Comment 1 2008-05-10 05:52:45 PDT
I do not see this crash with current squirrelfish branch (plus my toString pach, which should not matter)
Cameron Zwarich (cpst)
Comment 2 2008-05-11 13:42:57 PDT
I see the crash at http://www.apple.com/startpage/ if I go there from my about:blank home page. I don't see the crash at ArsTechnica. This is with r33031.
Cameron Zwarich (cpst)
Comment 3 2008-05-11 13:45:26 PDT
(In reply to comment #2) > I see the crash at http://www.apple.com/startpage/ if I go there from my > about:blank home page. I don't see the crash at ArsTechnica. This is with > r33031. Oops, I meant I *don't* see the crash on either page.
Geoffrey Garen
Comment 4 2008-05-12 16:58:58 PDT
For a little while, I saw this on Ars Technica and not New York Times, but now I see it on New York Times again. I think it may be related to incidental content, like ads.
Geoffrey Garen
Comment 5 2008-05-12 22:01:19 PDT
(In reply to comment #4) Strike that. I commented in the wrong bug.
Maciej Stachowiak
Comment 6 2008-05-14 20:14:05 PDT
Given the latest comments, I believe this is fixed.
Note You need to log in before you can comment on or make changes to this bug.