20391 2008-08-14 22:52:38 -0700 REGRESSION (r35417-r35531): Crash in Machine.cpp:1838 when leaving GAFYD GMail 2008-08-22 21:05:20 -0700 1 1 1 Unclassified WebKit JavaScriptCore 528+ (Nightly build) Mac (Intel) OS X 10.5 RESOLVED FIXED InRadar, Regression P1 Normal --- 1 ian zwarich ap aroben mrowe oliver zwarich oldest_to_newest 88533 0 ian 2008-08-14 22:52:38 -0700 STEPS TO REPRODUCE 1. Log in to Google Apps For Your Domain GMail 2. Reload, navigate away, or otherwise cause the page to unload. ACTUAL RESULTS Crash. Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000004 Stack trace: http://pastebin.com/f51ea9e1d <bdash> Machine.cpp:1838 is where the crash is happening 88534 1 ggaren 2008-08-14 22:55:55 -0700 Very similar to https://bugs.webkit.org/show_bug.cgi?id=20386. 88535 2 ian 2008-08-14 22:56:08 -0700 Doesn't crash in r35417 Does crash in r35531 88536 3 mrowe 2008-08-14 23:15:46 -0700 Line 1838 is: r[dst] = scope->registerAt(index); The disassembly indicates that the crash is due to "scope" being 0. 88545 4 mrowe 2008-08-15 04:37:13 -0700 <rdar://problem/6152195> 88639 5 zwarich 2008-08-16 14:30:57 -0700 This is a reproducible crash, so it should be P1. I am also assigning it to myself. 88666 6 zwarich 2008-08-17 04:00:50 -0700 Since this seems so similar to bug 20386, it seems like the regression is caused by r35445, but I have no way of testing myself. I'll try to fix bug 20386, and see if the fix also works for this bug. 88694 7 oliver 2008-08-17 16:43:35 -0700 bug 20386 is now fixed (r35812) so this may be fixed. Hixie can you check? 89159 8 zwarich 2008-08-22 21:05:20 -0700 Ian said that this was indeed fixed.