12357 2007-01-21 19:04:26 -0800 Reproducible crash in WebCore::Settings::isJavaScriptEnabled in svg/custom/js-update-bounce.svg under guard-malloc 2007-01-22 09:19:30 -0800 1 1 1 Unclassified WebKit New Bugs 420+ Mac OS X 10.4 RESOLVED FIXED LayoutTestFailure P1 Major --- 1 mrowe mrowe oldest_to_newest 33723 0 mrowe 2007-01-21 19:04:26 -0800 To reproduce: run-webkit-tests --debug --guard-malloc svg/custom/js-update-bounce.svg Crashes with: Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0xb9d5cffc 0x014c5709 in WebCore::Settings::isJavaScriptEnabled (this=0xb9d5cf74) at Settings.h:82 82 bool isJavaScriptEnabled() const { return m_isJavaScriptEnabled; } (gdb) bt #0 0x014c5709 in WebCore::Settings::isJavaScriptEnabled (this=0xb9d5cf74) at Settings.h:82 #1 0x010dac5b in WebCore::Frame::scriptProxy (this=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Frame.cpp:258 #2 0x0126a164 in KJS::Window::retrieve (p=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/bindings/js/kjs_window.cpp:400 #3 0x0126a1ad in KJS::Window::retrieveWindow (f=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/bindings/js/kjs_window.cpp:384 #4 0x010e0480 in WebCore::Frame::~Frame (this=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Frame.cpp:203 warning: internal error: no C/C++ fundamental type 1 #5 0x010e4b63 in WebCore::FrameMac::~FrameMac (this=0xb9db0fd0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/mac/FrameMac.mm:152 #6 0x014c8e5e in WebCore::Shared<WebCore::Frame>::deref (this=0xb9db0fd4) at Shared.h:52 #7 0x014c8e86 in WTF::RefPtr<WebCore::Frame>::~RefPtr (this=0xb9d56ffc) at RefPtr.h:41 #8 0x015537c4 in WebCore::FocusController::~FocusController (this=0xb9d56ff8) at FocusController.h:40 #9 0x015537e7 in WTF::OwnPtr<WebCore::FocusController>::safeDelete (this=0xb9d50fd4) at OwnPtr.h:54 #10 0x01553805 in WTF::OwnPtr<WebCore::FocusController>::~OwnPtr (this=0xb9d50fd4) at OwnPtr.h:34 #11 0x011a1b6c in WebCore::Page::~Page (this=0xb9d50fc8) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/Page.cpp:92 #12 0x0025d6c2 in -[WebView(WebPrivate) _close] (self=0xb9b04fac, _cmd=0x90a6b1dc) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebView.mm:647 #13 0x002621e3 in -[WebView close] (self=0xb9b04fac, _cmd=0x90a9bb2c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKit/WebView/WebView.mm:1764 #14 0x000061a1 in dumpRenderTree (argc=2, argv=0xbffff62c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKitTools/DumpRenderTree/DumpRenderTree.m:431 #15 0x000062d6 in main (argc=2, argv=0xbffff62c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKitTools/DumpRenderTree/DumpRenderTree.m:459 33714 1 12595 mrowe 2007-01-21 19:09:07 -0800 Created attachment 12595 Patch 33703 2 12595 darin 2007-01-21 19:12:42 -0800 Comment on attachment 12595 Patch Need a nil check of m_jscript which can be 0 if JavaScript was disabled or never used. Should not have a space in Window*. 33702 3 mrowe 2007-01-21 19:16:49 -0800 The code is inside "if (d->m_jscript && d->m_jscript->haveInterpreter())", so d->m_jscript can never be nil. 33697 4 12595 ddkilzer 2007-01-21 19:25:12 -0800 Comment on attachment 12595 Patch Resetting review? flag per Comment #3. 33692 5 12595 mjs 2007-01-21 20:00:25 -0800 Comment on attachment 12595 Patch r=me 33687 6 mrowe 2007-01-21 20:03:54 -0800 Landed in r19023. 12595 2007-01-21 19:09:07 -0800 2007-01-21 20:00:25 -0800 Patch webkit-bug-12357-v1.patch text/plain 1375 mrowe SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiAxOTAyMikKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTQgQEAKKzIwMDctMDEtMjIgIE1hcmsgUm93ZSAgPG1yb3dlQGFwcGxlLmNvbT4K KworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBodHRwOi8v YnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0xMjM1NworICAgICAgICBCdWcgMTIzNTc6 IFJlcHJvZHVjaWJsZSBjcmFzaCBpbiBXZWJDb3JlOjpTZXR0aW5nczo6aXNKYXZhU2NyaXB0RW5h YmxlZCBpbiBzdmcvY3VzdG9tL2pzLXVwZGF0ZS1ib3VuY2Uuc3ZnIHVuZGVyIGd1YXJkLW1hbGxv YworCisgICAgICAgICogcGFnZS9GcmFtZS5jcHA6CisgICAgICAgIChXZWJDb3JlOjpGcmFtZTo6 fkZyYW1lKTogQWNjZXNzIHRoZSBnbG9iYWwgb2JqZWN0IGRpcmVjdGx5IHJhdGhlciB0aGFuIHZp YSBXaW5kb3c6OnJldHJpZXZlV2luZG93IHRvIHByZXZlbnQgb3VyIHJlZmVyZW5jZSB0bworICAg ICAgICBhIGRlbGV0ZWQgc2V0dGluZ3Mgb2JqZWN0IGJlaW5nIHVzZWQuCisKIDIwMDctMDEtMjEg IERhcmluIEFkbGVyICA8ZGFyaW5AYXBwbGUuY29tPgogCiAgICAgICAgIFJldmlld2VkIGJ5IE1h Y2llai4KSW5kZXg6IFdlYkNvcmUvcGFnZS9GcmFtZS5jcHAKPT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gV2ViQ29y ZS9wYWdlL0ZyYW1lLmNwcAkocmV2aXNpb24gMTkwMjEpCisrKyBXZWJDb3JlL3BhZ2UvRnJhbWUu Y3BwCSh3b3JraW5nIGNvcHkpCkBAIC0yMDAsNyArMjAwLDcgQEAgRnJhbWU6On5GcmFtZSgpCiAj ZW5kaWYKIAogICAgIGlmIChkLT5tX2pzY3JpcHQgJiYgZC0+bV9qc2NyaXB0LT5oYXZlSW50ZXJw cmV0ZXIoKSkKLSAgICAgICAgaWYgKFdpbmRvdyogdyA9IFdpbmRvdzo6cmV0cmlldmVXaW5kb3co dGhpcykpIHsKKyAgICAgICAgaWYgKFdpbmRvdyogdyA9IHN0YXRpY19jYXN0PFdpbmRvdyAqPihk LT5tX2pzY3JpcHQtPmludGVycHJldGVyKCktPmdsb2JhbE9iamVjdCgpLT5nZXRPYmplY3QoKSkp IHsKICAgICAgICAgICAgIHctPmRpc2Nvbm5lY3RGcmFtZSgpOwogICAgICAgICAgICAgLy8gTXVz dCBjbGVhciB0aGUgd2luZG93IHBvaW50ZXIsIG90aGVyd2lzZSB3ZSB3aWxsIG5vdAogICAgICAg ICAgICAgLy8gZ2FyYmFnZS1jb2xsZWN0IGNvbGxlY3QgdGhlIHdpbmRvdyAoaW5zaWRlIHRoZSBj YWxsIHRvCg==