16288 2007-12-04 06:40:32 -0800 REGRESSION: Crash in KJS::Interpreter::createObjectsForGlobalObjectProperties() 2007-12-04 06:44:20 -0800 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Mac OS X 10.4 RESOLVED DUPLICATE 16266 http://www.news.com/?tag=hdrgif Regression P1 Normal --- 1 ddkilzer webkit-unassigned ggaren oldest_to_newest 63236 0 ddkilzer 2007-12-04 06:40:32 -0800 * SUMMARY Reloading <http://www.news.com/?tag=hdrgif> a few times to test the fix for Bug 16220, I saw a different crash in KJS::Interpreter::createObjectsForGlobalObjectProperties(). * STEPS TO REPRODUCE 1. Apply the patch for Bug 16220 and recompile WebKit. 2. Launch WebKit/Safari. 3. Go to URL: http://www.news.com/?tag=hdrgif 4. Hit "Reload" until it crashes. * RESULTS Safari/WebKit crash in KJS::Interpreter::createObjectsForGlobalObjectProperties(). * REGRESSION This is a regression from shipping Safari 3.0.4 (523.12) on Mac OS X 10.4.11 (8S165). * NOTES Crash log: Exception: EXC_BAD_ACCESS (0x0001) Codes: KERN_PROTECTION_FAILURE (0x0002) at 0x00000044 Thread 0 Crashed: 0 com.apple.JavaScriptCore 0x005b668c KJS::Interpreter::createObjectsForGlobalObjectProperties() + 2988 (interpreter.cpp:241) 1 com.apple.JavaScriptCore 0x005b6d08 KJS::Interpreter::init() + 276 (interpreter.cpp:115) 2 com.apple.JavaScriptCore 0x005b74c4 KJS::Interpreter::Interpreter[not-in-charge]() + 104 (interpreter.cpp:90) 3 com.apple.WebCore 0x01501510 KJS::ScriptInterpreter::ScriptInterpreter[in-charge](KJS::JSGlobalObject*, WebCore::Frame*) + 44 (kjs_binding.cpp:144) 4 com.apple.WebCore 0x0150969c WebCore::KJSProxy::initScript() + 224 (kjs_proxy.cpp:157) 5 com.apple.WebCore 0x017e5a28 WebCore::KJSProxy::initScriptIfNeeded() + 56 (kjs_proxy.h:74) 6 com.apple.WebCore 0x01509aa4 WebCore::KJSProxy::evaluate(WebCore::String const&, int, WebCore::String const&) + 52 (kjs_proxy.cpp:74) 7 com.apple.WebCore 0x011a8a08 WebCore::FrameLoader::executeScript(WebCore::String const&, int, WebCore::String const&) + 128 (FrameLoader.cpp:759) 8 com.apple.WebCore 0x01228790 WebCore::HTMLTokenizer::scriptExecution(WebCore::DeprecatedString const&, WebCore::HTMLTokenizer::State, WebCore::DeprecatedString, int) + 388 (HTMLTokenizer.cpp:520) 9 com.apple.WebCore 0x0122a334 WebCore::HTMLTokenizer::scriptHandler(WebCore::HTMLTokenizer::State) + 1664 (HTMLTokenizer.cpp:470) 10 com.apple.WebCore 0x0122a994 WebCore::HTMLTokenizer::parseSpecial(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) + 1208 (HTMLTokenizer.cpp:319) 11 com.apple.WebCore 0x0122cf90 WebCore::HTMLTokenizer::parseTag(WebCore::SegmentedString&, WebCore::HTMLTokenizer::State) + 7936 (HTMLTokenizer.cpp:1229) 12 com.apple.WebCore 0x0122d8f4 WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) + 1504 (HTMLTokenizer.cpp:1445) 13 com.apple.WebCore 0x0119b038 WebCore::FrameLoader::write(char const*, int, bool) + 1288 (FrameLoader.cpp:989) 14 com.apple.WebCore 0x0119b1a4 WebCore::FrameLoader::addData(char const*, int) + 320 (FrameLoader.cpp:1738) 15 com.apple.WebCore 0x014bf064 -[WebCoreFrameBridge addData:] + 232 (WebCoreFrameBridge.mm:297) 16 com.apple.WebCore 0x014c654c -[WebCoreFrameBridge receivedData:textEncodingName:] + 316 (WebCoreFrameBridge.mm:1300) 17 com.apple.WebKit 0x00353b80 -[WebHTMLRepresentation receivedData:withDataSource:] + 296 18 com.apple.WebKit 0x00332274 -[WebDataSource(WebInternal) _receivedData:] + 116 19 com.apple.WebKit 0x0034984c WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader*, char const*, int) + 184 (WebFrameLoaderClient.mm:747) 20 com.apple.WebCore 0x011940c4 WebCore::FrameLoader::committedLoad(WebCore::DocumentLoader*, char const*, int) + 92 (FrameLoader.cpp:3248) 21 com.apple.WebCore 0x0114ce60 WebCore::DocumentLoader::commitLoad(char const*, int) + 104 (DocumentLoader.cpp:351) 22 com.apple.WebCore 0x0114d0c8 WebCore::DocumentLoader::receivedData(char const*, int) + 104 (DocumentLoader.cpp:364) 23 com.apple.WebCore 0x01192d7c WebCore::FrameLoader::receivedData(char const*, int) + 60 (FrameLoader.cpp:2184) 24 com.apple.WebCore 0x0133e290 WebCore::MainResourceLoader::addData(char const*, int, bool) + 92 (MainResourceLoader.cpp:138) 25 com.apple.WebCore 0x01455a3c WebCore::ResourceLoader::didReceiveData(char const*, int, long long, bool) + 104 (ResourceLoader.cpp:229) 26 com.apple.WebCore 0x0133e4d8 WebCore::MainResourceLoader::didReceiveData(char const*, int, long long, bool) + 288 (MainResourceLoader.cpp:293) 27 com.apple.WebCore 0x0145538c WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle*, char const*, int, int) + 108 (ResourceLoader.cpp:357) 28 com.apple.WebCore 0x01452c0c -[WebCoreResourceHandleAsDelegate connection:didReceiveData:lengthReceived:] + 300 (ResourceHandleMac.mm:435) 29 com.apple.Foundation 0x92c18574 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564 30 com.apple.Foundation 0x92c16a14 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 488 31 com.apple.Foundation 0x92c167b0 _sendCallbacks + 156 32 com.apple.CoreFoundation 0x907de42c __CFRunLoopDoSources0 + 384 33 com.apple.CoreFoundation 0x907dd95c __CFRunLoopRun + 452 34 com.apple.CoreFoundation 0x907dd3dc CFRunLoopRunSpecific + 268 35 com.apple.HIToolbox 0x9329eb20 RunCurrentEventLoopInMode + 264 36 com.apple.HIToolbox 0x9329e1b4 ReceiveNextEventCommon + 380 37 com.apple.HIToolbox 0x9329e020 BlockUntilNextEventMatchingListInMode + 96 38 com.apple.AppKit 0x937a4bc4 _DPSNextEvent + 384 39 com.apple.AppKit 0x937a4888 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116 40 com.apple.Safari 0x000095e0 0x1000 + 34272 41 com.apple.AppKit 0x937a0dcc -[NSApplication run] + 472 42 com.apple.AppKit 0x93891974 NSApplicationMain + 452 43 com.apple.Safari 0x0009bad4 0x1000 + 633556 44 com.apple.Safari 0x000022fc 0x1000 + 4860 63238 1 mrowe 2007-12-04 06:42:34 -0800 *** This bug has been marked as a duplicate of 16266 ***