18389 2008-04-09 10:27:51 -0700 REGRESSION (r31746?): Crash in JSDOMWindowWrapper::mark loading digg.com 2008-04-09 17:25:06 -0700 1 1 1 Unclassified WebKit DOM 528+ (Nightly build) Mac OS X 10.5 RESOLVED FIXED http://digg.com P2 Normal --- 1 aroben webkit-unassigned opendarwin sam oldest_to_newest 76742 0 aroben 2008-04-09 10:27:51 -0700 I'm seeing a crash in JSDOMWindowWrapper::mark when loading digg.com. Presumably this is a regression caused by r31746 <http://trac.webkit.org/projects/webkit/changeset/31746> Backtrace: #0 0x023aba32 in WebCore::JSDOMWindowWrapper::mark at JSDOMWindowWrapper.cpp:63 #1 0x005ce4c4 in KJS::Collector::markStackObjectsConservatively at collector.cpp:520 #2 0x005ce517 in KJS::Collector::markCurrentThreadConservatively at collector.cpp:548 #3 0x005ce66a in KJS::Collector::markStackObjectsConservatively at collector.cpp:693 #4 0x005dc3e7 in KJS::Collector::collect at collector.cpp:936 #5 0x0062c5d5 in KJS::Collector::heapAllocate<(KJS::Collector::HeapType)0> at collector.cpp:245 #6 0x005dc491 in KJS::Collector::allocate at collector.cpp:292 #7 0x005dc4a5 in KJS::JSCell::operator new at value.cpp:85 #8 0x0065342f in KJS::JSGlobalObject::reset at JSGlobalObject.cpp:253 #9 0x0065543c in KJS::JSGlobalObject::init at JSGlobalObject.cpp:146 #10 0x02384edd in KJS::JSGlobalObject::JSGlobalObject at JSGlobalObject.h:153 #11 0x0237efdb in WebCore::JSDOMWindowBase::JSDOMWindowBase at JSDOMWindowBase.cpp:197 #12 0x01fec810 in WebCore::JSDOMWindow::JSDOMWindow at JSDOMWindow.cpp:428 #13 0x01fec83c in WebCore::JSDOMWindow::JSDOMWindow at JSDOMWindow.cpp:430 #14 0x023342cc in WebCore::KJSProxy::initScript at kjs_proxy.cpp:148 #15 0x01fbacc8 in WebCore::KJSProxy::initScriptIfNeeded at kjs_proxy.h:86 #16 0x01ee2a81 in WebCore::KJSProxy::windowWrapper at kjs_proxy.h:51 #17 0x0237d872 in WebCore::toJSDOMWindow at JSDOMWindowBase.cpp:1432 #18 0x0232e222 in WebCore::allowsAccessFromFrame at kjs_binding.cpp:347 #19 0x0232e288 in WebCore::checkNodeSecurity at kjs_binding.cpp:340 #20 0x02019059 in WebCore::JSHTMLIFrameElement::getValueProperty at JSHTMLIFrameElement.cpp:180 #21 0x02019852 in KJS::staticValueGetter<WebCore::JSHTMLIFrameElement> at lookup.h:109 #22 0x00619d62 in KJS::PropertySlot::getValue at property_slot.h:49 #23 0x005cd952 in KJS::JSObject::get at object.cpp:164 #24 0x00647f07 in KJS::DotAccessorNode::inlineEvaluate at nodes.cpp:961 #25 0x005f9bdc in KJS::DotAccessorNode::evaluate at nodes.cpp:966 #26 0x005f71e2 in KJS::AssignLocalVarNode::evaluate at nodes.cpp:3554 #27 0x005f668d in KJS::ExprStatementNode::execute at nodes.cpp:3993 #28 0x005d9af9 in statementListExecute at nodes.cpp:3946 #29 0x005d9b86 in KJS::BlockNode::execute at nodes.cpp:3971 #30 0x005f65db in KJS::IfNode::execute at nodes.cpp:4030 #31 0x005d9af9 in statementListExecute at nodes.cpp:3946 #32 0x005d9b86 in KJS::BlockNode::execute at nodes.cpp:3971 #33 0x005f6556 in KJS::IfElseNode::execute at nodes.cpp:4048 #34 0x005d9af9 in statementListExecute at nodes.cpp:3946 #35 0x005d9b86 in KJS::BlockNode::execute at nodes.cpp:3971 #36 0x005f65db in KJS::IfNode::execute at nodes.cpp:4030 #37 0x005d9af9 in statementListExecute at nodes.cpp:3946 #38 0x005d9b86 in KJS::BlockNode::execute at nodes.cpp:3971 #39 0x005f6556 in KJS::IfElseNode::execute at nodes.cpp:4048 #40 0x005d9af9 in statementListExecute at nodes.cpp:3946 #41 0x005d9b86 in KJS::BlockNode::execute at nodes.cpp:3971 #42 0x005e7940 in KJS::FunctionBodyNode::execute at nodes.cpp:4890 #43 0x005e8092 in KJS::FunctionImp::callAsFunction at function.cpp:77 #44 0x005efc86 in KJS::JSObject::call at object.cpp:96 #45 0x00649442 in KJS::FunctionCallDotNode::inlineEvaluate at nodes.cpp:1495 #46 0x00606e66 in KJS::FunctionCallDotNode::evaluate at nodes.cpp:1500 #47 0x005f668d in KJS::ExprStatementNode::execute at nodes.cpp:3993 #48 0x005d9af9 in statementListExecute at nodes.cpp:3946 #49 0x005d9b86 in KJS::BlockNode::execute at nodes.cpp:3971 #50 0x005e7940 in KJS::FunctionBodyNode::execute at nodes.cpp:4890 #51 0x005e8092 in KJS::FunctionImp::callAsFunction at function.cpp:77 #52 0x005efc86 in KJS::JSObject::call at object.cpp:96 #53 0x00649442 in KJS::FunctionCallDotNode::inlineEvaluate at nodes.cpp:1495 #54 0x00606e66 in KJS::FunctionCallDotNode::evaluate at nodes.cpp:1500 #55 0x005f668d in KJS::ExprStatementNode::execute at nodes.cpp:3993 #56 0x005d9af9 in statementListExecute at nodes.cpp:3946 #57 0x005d9b86 in KJS::BlockNode::execute at nodes.cpp:3971 #58 0x005e7aee in KJS::ProgramNode::execute at nodes.cpp:4878 #59 0x00615e6e in KJS::Interpreter::evaluate at interpreter.cpp:103 #60 0x02334652 in WebCore::KJSProxy::evaluate at kjs_proxy.cpp:86 #61 0x01ef223d in WebCore::FrameLoader::executeScript at FrameLoader.cpp:783 #62 0x01f7720a in WebCore::HTMLTokenizer::scriptExecution at HTMLTokenizer.cpp:540 #63 0x01f78919 in WebCore::HTMLTokenizer::scriptHandler at HTMLTokenizer.cpp:480 #64 0x01f78f61 in WebCore::HTMLTokenizer::parseSpecial at HTMLTokenizer.cpp:330 #65 0x01f7af3d in WebCore::HTMLTokenizer::parseTag at HTMLTokenizer.cpp:1492 #66 0x01f7b8e9 in WebCore::HTMLTokenizer::write at HTMLTokenizer.cpp:1727 #67 0x01f77776 in WebCore::HTMLTokenizer::notifyFinished at HTMLTokenizer.cpp:2008 #68 0x01dcb0f4 in WebCore::CachedScript::checkNotify at CachedScript.cpp:95 #69 0x01dcb255 in WebCore::CachedScript::data at CachedScript.cpp:85 #70 0x02336312 in WebCore::Loader::Host::didFinishLoading at loader.cpp:268 #71 0x022ce077 in WebCore::SubresourceLoader::didFinishLoading at SubresourceLoader.cpp:193 #72 0x021c867e in WebCore::ResourceLoader::didFinishLoading at ResourceLoader.cpp:370 #73 0x021c5dd3 in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] at ResourceHandleMac.mm:521 76751 1 opendarwin 2008-04-09 11:26:39 -0700 *** Bug 18390 has been marked as a duplicate of this bug. *** 77111 2 sam 2008-04-09 17:25:06 -0700 Fixed in r31766.