Bug 19037 - Crash in WebCore::currentCallFrame when clicking Step Out
Summary: Crash in WebCore::currentCallFrame when clicking Step Out
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Web Inspector (Deprecated) (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Timothy Hatcher
URL: http://webkit.org/demos/drosera
Keywords: HasReduction, InRadar
Depends on:
Blocks:
 
Reported: 2008-05-13 16:31 PDT by Adam Roben (:aroben)
Modified: 2008-05-14 09:00 PDT (History)
2 users (show)

See Also:


Attachments
Proposed patch (5.45 KB, patch)
2008-05-13 18:33 PDT, Timothy Hatcher
mitz: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Adam Roben (:aroben) 2008-05-13 16:31:27 PDT
I'm seeing a crash in WebCore::currentCallFrame when clicking the Step Out button.

Steps to reproduce:
1. Go to http://webkit.org/demos/drosera
2. Open and attach the Inspector's debugger
3. Put a breakpoint in the rot13 function
4. Click the button labelled "Nested Functions"
5. Click Step Out twice

InspectorController::currentCallFrame seems to be returning 0.
>	WebKit_debug.dll!WebCore::JavaScriptCallFrame::isValid()  Line 43 + 0x13 bytes	C++
 	WebKit_debug.dll!WebCore::currentCallFrame(const OpaqueJSContext * ctx=0x0012ed14, OpaqueJSValue * __formal=0x087321c0, OpaqueJSValue * thisObject=0x08720d80, OpaqueJSValue * __formal=0x087321c0, OpaqueJSValue * __formal=0x087321c0, OpaqueJSValue * __formal=0x087321c0)  Line 831 + 0x8 bytes	C++
 	WebKit_debug.dll!KJS::JSCallbackFunction::callAsFunction(KJS::ExecState * exec=0x0012ed14, KJS::JSObject * thisObj=0x08720d80, const KJS::List & args={...})  Line 65 + 0x35 bytes	C++
 	WebKit_debug.dll!KJS::JSObject::call(KJS::ExecState * exec=0x0012ed14, KJS::JSObject * thisObj=0x08720d80, const KJS::List & args={...})  Line 99 + 0x1b bytes	C++
 	WebKit_debug.dll!KJS::FunctionCallDotNode::inlineEvaluate(KJS::ExecState * exec=0x0012ed14)  Line 1495 + 0x14 bytes	C++
 	WebKit_debug.dll!KJS::FunctionCallDotNode::evaluate(KJS::ExecState * exec=0x0012ed14)  Line 1501	C++
 	WebKit_debug.dll!KJS::AssignLocalVarNode::evaluate(KJS::ExecState * exec=0x0012ed14)  Line 3554 + 0x21 bytes	C++
 	WebKit_debug.dll!KJS::VarStatementNode::execute(KJS::ExecState * exec=0x0012ed14)  Line 4009 + 0x21 bytes	C++
 	WebKit_debug.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x0012ed14)  Line 3946 + 0x29 bytes	C++
 	WebKit_debug.dll!KJS::BlockNode::execute(KJS::ExecState * exec=0x0012ed14)  Line 3971 + 0x10 bytes	C++
 	WebKit_debug.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x0012ed14)  Line 4891	C++
 	WebKit_debug.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x0012eec8, KJS::JSObject * thisObj=0x0874e460, const KJS::List & args={...})  Line 78 + 0x21 bytes	C++
 	WebKit_debug.dll!KJS::JSObject::call(KJS::ExecState * exec=0x0012eec8, KJS::JSObject * thisObj=0x0874e460, const KJS::List & args={...})  Line 99 + 0x1b bytes	C++
 	WebKit_debug.dll!KJS::FunctionCallDotNode::inlineEvaluate(KJS::ExecState * exec=0x0012eec8)  Line 1495 + 0x14 bytes	C++
 	WebKit_debug.dll!KJS::FunctionCallDotNode::evaluate(KJS::ExecState * exec=0x0012eec8)  Line 1501	C++
 	WebKit_debug.dll!KJS::ExprStatementNode::execute(KJS::ExecState * exec=0x0012eec8)  Line 3993 + 0x21 bytes	C++
 	WebKit_debug.dll!KJS::statementListExecute(WTF::Vector<WTF::RefPtr<KJS::StatementNode>,0> & statements={...}, KJS::ExecState * exec=0x0012eec8)  Line 3946 + 0x29 bytes	C++
 	WebKit_debug.dll!KJS::BlockNode::execute(KJS::ExecState * exec=0x0012eec8)  Line 3971 + 0x10 bytes	C++
 	WebKit_debug.dll!KJS::FunctionBodyNode::execute(KJS::ExecState * exec=0x0012eec8)  Line 4891	C++
 	WebKit_debug.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x077822f8, KJS::JSObject * thisObj=0x071e3660, const KJS::List & args={...})  Line 78 + 0x21 bytes	C++
 	WebKit_debug.dll!KJS::JSObject::call(KJS::ExecState * exec=0x077822f8, KJS::JSObject * thisObj=0x071e3660, const KJS::List & args={...})  Line 99 + 0x1b bytes	C++
 	WebKit_debug.dll!JSObjectCallAsFunction(const OpaqueJSContext * ctx=0x077822f8, OpaqueJSValue * object=0x071e4160, OpaqueJSValue * thisObject=0x071e3660, unsigned int argumentCount=0, const OpaqueJSValue * const * arguments=0x00000000, const OpaqueJSValue * * exception=0x0012f018)  Line 288 + 0x14 bytes	C++
 	WebKit_debug.dll!WebCore::InspectorController::callFunction(const OpaqueJSContext * context=0x077822f8, OpaqueJSValue * thisObject=0x071e3660, const char * functionName=0x017f9570, unsigned int argumentCount=0, const OpaqueJSValue * const * arguments=0x00000000, const OpaqueJSValue * & exception=0x00000000)  Line 135 + 0x1d bytes	C++
 	WebKit_debug.dll!WebCore::InspectorController::didPause()  Line 2253	C++
 	WebKit_debug.dll!WebCore::dispatchFunctionToListeners(const WTF::HashSet<WebCore::JavaScriptDebugListener *,WTF::PtrHash<WebCore::JavaScriptDebugListener *>,WTF::HashTraits<WebCore::JavaScriptDebugListener *> > & listeners={...}, void (void)* callback=0x00f76300)  Line 305 + 0x13 bytes	C++
 	WebKit_debug.dll!WebCore::JavaScriptDebugServer::dispatchFunctionToListeners(void (void)* callback=0x00f76300, KJS::ExecState * exec=0x0012f104)  Line 324 + 0xd bytes	C++
 	WebKit_debug.dll!WebCore::JavaScriptDebugServer::pauseIfNeeded(KJS::ExecState * exec=0x0012f104, int sourceID=45, int lineNumber=53)  Line 412	C++
 	WebKit_debug.dll!WebCore::JavaScriptDebugServer::returnEvent(KJS::ExecState * exec=0x0012f104, int sourceID=45, int lineNumber=53, KJS::JSObject * __formal=0x08738c00)  Line 457	C++
 	WebKit_debug.dll!KJS::FunctionBodyNodeWithDebuggerHooks::execute(KJS::ExecState * exec=0x0012f104)  Line 4912 + 0x2e bytes	C++
 	WebKit_debug.dll!KJS::FunctionImp::callAsFunction(KJS::ExecState * exec=0x05224560, KJS::JSObject * thisObj=0x08738b00, const KJS::List & args={...})  Line 78 + 0x21 bytes	C++
 	WebKit_debug.dll!KJS::JSObject::call(KJS::ExecState * exec=0x05224560, KJS::JSObject * thisObj=0x08738b00, const KJS::List & args={...})  Line 99 + 0x1b bytes	C++
 	WebKit_debug.dll!WebCore::JSAbstractEventListener::handleEvent(WebCore::Event * ele=0x083395b0, bool isWindowEvent=false)  Line 100 + 0x14 bytes	C++
 	WebKit_debug.dll!WebCore::EventTarget::handleLocalEvents(WebCore::EventTargetNode * referenceNode=0x07e282a0, WebCore::Event * evt=0x083395b0, bool useCapture=false)  Line 314 + 0x2e bytes	C++
 	WebKit_debug.dll!WebCore::EventTargetNode::handleLocalEvents(WebCore::Event * evt=0x083395b0, bool useCapture=false)  Line 106	C++
 	WebKit_debug.dll!WebCore::EventTarget::dispatchGenericEvent(WebCore::EventTargetNode * referenceNode=0x07e282a0, WTF::PassRefPtr<WebCore::Event> e={...}, int & __formal=0, bool tempEvent=true)  Line 212 + 0x1d bytes	C++
 	WebKit_debug.dll!WebCore::EventTargetNode::dispatchEvent(WTF::PassRefPtr<WebCore::Event> e={...}, int & ec=0, bool tempEvent=true)  Line 121 + 0x1e bytes	C++
 	WebKit_debug.dll!WebCore::EventTargetNode::dispatchMouseEvent(const WebCore::AtomicString & eventType={...}, int button=0, int detail=1, int pageX=419, int pageY=287, int screenX=990, int screenY=426, bool ctrlKey=false, bool altKey=false, bool shiftKey=false, bool metaKey=false, bool isSimulated=false, WebCore::Node * relatedTargetArg=0x00000000, WTF::PassRefPtr<WebCore::Event> underlyingEvent={...})  Line 297	C++
 	WebKit_debug.dll!WebCore::EventTargetNode::dispatchMouseEvent(const WebCore::PlatformMouseEvent & event={...}, const WebCore::AtomicString & eventType={...}, int detail=1, WebCore::Node * relatedTarget=0x00000000)  Line 215	C++
 	WebKit_debug.dll!WebCore::EventHandler::dispatchMouseEvent(const WebCore::AtomicString & eventType={...}, WebCore::Node * targetNode=0x07e28538, bool cancelable=true, int clickCount=1, const WebCore::PlatformMouseEvent & mouseEvent={...}, bool setUnder=true)  Line 1276 + 0x29 bytes	C++
 	WebKit_debug.dll!WebCore::EventHandler::handleMouseReleaseEvent(const WebCore::PlatformMouseEvent & mouseEvent={...})  Line 1098 + 0x28 bytes	C++
 	WebKit_debug.dll!WebView::handleMouseEvent(unsigned int message=514, unsigned int wParam=0, long lParam=18809251)  Line 1242	C++
 	WebKit_debug.dll!WebViewWndProc(HWND__ * hWnd=0x000d063e, unsigned int message=514, unsigned int wParam=0, long lParam=18809251)  Line 1671 + 0x14 bytes	C++
Comment 1 Mark Rowe (bdash) 2008-05-13 16:36:13 PDT
<rdar://problem/5933442>
Comment 2 Timothy Hatcher 2008-05-13 18:33:35 PDT
Created attachment 21118 [details]
Proposed patch
Comment 3 mitz 2008-05-13 18:39:42 PDT
Comment on attachment 21118 [details]
Proposed patch

r=me. please add the bug URL to the change log.
Comment 4 Timothy Hatcher 2008-05-13 18:47:06 PDT
Landed in r33425.
Comment 5 Adam Roben (:aroben) 2008-05-14 09:00:42 PDT
(In reply to comment #4)
> Landed in r33425.

Can you add a manual test to WebCore/manual-tests/inspector as well?