WebKit Bugzilla
New
Browse
Search+
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
19185
fast/js/toString-stack-overflow.html would crash if
r34020
were not rolled out
https://bugs.webkit.org/show_bug.cgi?id=19185
Summary
fast/js/toString-stack-overflow.html would crash if r34020 were not rolled out
Alexey Proskuryakov
Reported
2008-05-22 02:09:55 PDT
run-webkit-tests fast/js/toString-stack-overflow.html Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x0039ee4c std::pair<WTF::HashTableIterator<KJS::JSObject*, KJS::JSObject*, WTF::IdentityExtractor<KJS::JSObject*>, WTF::PtrHash<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*> >, bool> WTF::HashTable<KJS::JSObject*, KJS::JSObject*, WTF::IdentityExtractor<KJS::JSObject*>, WTF::PtrHash<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*> >::add<KJS::JSObject*, KJS::JSObject*, WTF::IdentityHashTranslator<KJS::JSObject*, KJS::JSObject*, WTF::PtrHash<KJS::JSObject*> > >(KJS::JSObject* const&, KJS::JSObject* const&) + 8 (HashTable.h:607) 1 com.apple.JavaScriptCore 0x0039f106 WTF::HashTable<KJS::JSObject*, KJS::JSObject*, WTF::IdentityExtractor<KJS::JSObject*>, WTF::PtrHash<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*> >::add(KJS::JSObject* const&) + 52 (HashTable.h:306) 2 com.apple.JavaScriptCore 0x0039f13a WTF::HashSet<KJS::JSObject*, WTF::PtrHash<KJS::JSObject*>, WTF::HashTraits<KJS::JSObject*> >::add(KJS::JSObject* const&) + 38 (HashSet.h:207) 3 com.apple.JavaScriptCore 0x00347dba KJS::arrayProtoFuncToString(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 118 (array_object.cpp:95) 4 com.apple.JavaScriptCore 0x0031f57a KJS::PrototypeFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 34 (function.cpp:742) 5 com.apple.JavaScriptCore 0x0031f7b5 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 123 (object.cpp:51) 6 com.apple.JavaScriptCore 0x003253dd KJS::tryGetAndCallProperty(KJS::ExecState*, KJS::JSObject const*, KJS::Identifier const&) + 175 (object.cpp:260) 7 com.apple.JavaScriptCore 0x00344415 KJS::JSObject::defaultValue(KJS::ExecState*, KJS::JSType) const + 145 (object.cpp:287) 8 com.apple.JavaScriptCore 0x0037843c KJS::JSObject::toPrimitive(KJS::ExecState*, KJS::JSType) const + 38 (object.h:641) 9 com.apple.JavaScriptCore 0x00342da4 KJS::JSObject::toString(KJS::ExecState*) const + 46 (object.cpp:498) 10 com.apple.JavaScriptCore 0x003bb681 KJS::JSValue::toString(KJS::ExecState*) const + 89 (value.h:518) 11 com.apple.JavaScriptCore 0x00347f1b KJS::arrayProtoFuncToString(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 471 (array_object.cpp:114) 12 com.apple.JavaScriptCore 0x0031f57a KJS::PrototypeFunction::callAsFunction(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 34 (function.cpp:742) 13 com.apple.JavaScriptCore 0x0031f7b5 KJS::JSObject::call(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 123 (object.cpp:51) 14 com.apple.JavaScriptCore 0x003253dd KJS::tryGetAndCallProperty(KJS::ExecState*, KJS::JSObject const*, KJS::Identifier const&) + 175 (object.cpp:260) 15 com.apple.JavaScriptCore 0x00344415 KJS::JSObject::defaultValue(KJS::ExecState*, KJS::JSType) const + 145 (object.cpp:287) 16 com.apple.JavaScriptCore 0x0037843c KJS::JSObject::toPrimitive(KJS::ExecState*, KJS::JSType) const + 38 (object.h:641) 17 com.apple.JavaScriptCore 0x00342da4 KJS::JSObject::toString(KJS::ExecState*) const + 46 (object.cpp:498) 18 com.apple.JavaScriptCore 0x003bb681 KJS::JSValue::toString(KJS::ExecState*) const + 89 (value.h:518) 19 com.apple.JavaScriptCore 0x00347f1b KJS::arrayProtoFuncToString(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 471 (array_object.cpp:114) ... (as the title says, it's a stack overflow, so the top of your trace may be different).
Attachments
Add attachment
proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1
2008-05-22 02:34:50 PDT
Reverting
r34020
(which removed old recursion protection) fixes this.
Alexey Proskuryakov
Comment 2
2008-05-22 02:36:02 PDT
<
rdar://problem/5955430
>
Alexey Proskuryakov
Comment 3
2008-05-22 03:12:36 PDT
OK, Oliver just rolled out
r34020
.
Geoffrey Garen
Comment 4
2008-05-22 09:58:13 PDT
I don't think we can call this fixed, because it indicates that squirrelfish's own recursion protection doesn't work in this case.
Alexey Proskuryakov
Comment 5
2008-05-22 10:44:36 PDT
Renaming and changing priority accordingly. This might be the first conditional bug in our Bugzilla!
Cameron Zwarich (cpst)
Comment 6
2009-02-26 00:11:19 PST
This was made irrelevant by
r34309
:
http://trac.webkit.org/changeset/34309
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug