27112 2009-07-09 04:47:46 -0700 Crash in v8::internal::Context::global_context() 2009-07-09 08:50:53 -0700 1 1 1 Unclassified WebKit WebCore JavaScript 528+ (Nightly build) PC Windows Vista RESOLVED FIXED http://code.google.com/p/chromium/issues/detail?id=16275 P2 Normal --- 0 yurys yurys ager dglazkov oldest_to_newest 130645 0 yurys 2009-07-09 04:47:46 -0700 This crash was detected in 3.0.192.1 and appears to be a regression from 3.0.191.3. It is currently ranked #2 (based on the relative number of reports in the release). There have been 43 reports from 9 clients. Search query: http://crash/search?query=Chrome+3.0.192.1+v8%3A%3Ainternal%3A%3AContext%3A%3Aglobal_context%28%29 ---------------------------- * Summary Data * ---------------------------- Report Link: http://crash/reportdetail?reportid=55151b8b0c3cbe24 Mini Dump Link: http://crash/file?reportid=55151b8b0c3cbe24&name=upload_file_minidump Uptime: 0 sec User Comments: null OS: Windows Vista or Windows Server 2008 Service Pack 1 CPU Architecture: x86 CPU Info: GenuineIntel family 6 model 15 stepping 13 rept: null ptype: renderer plat: Win32 crash type:(EXCEPTION_ACCESS_VIOLATION@0x00000017) ---------------------------- * Crash Trace * ---------------------------- [contexts.cc:52] - v8::internal::Context::global_context() [api.cc:2968] - v8::Object::New() [v8proxy.cpp:3239] - WebCore::V8Proxy::setContextDebugId(int) [debugger_agent_manager.cc:225] - DebuggerAgentManager::SetHostId(WebFrameImpl *,int) [webdevtoolsagent_impl.cc:169] - WebDevToolsAgentImpl::WindowObjectCleared(WebFrameImpl *) [webframeloaderclient_impl.cc:121] - WebFrameLoaderClient::windowObjectCleared() [frameloader.cpp:5059] - WebCore::FrameLoader::dispatchWindowObjectAvailable() [frameloader.cpp:861] - WebCore::FrameLoader::receivedFirstData() [frameloader.cpp:1787] - WebCore::FrameLoader::setEncoding(WebCore::String const &,bool) [webframe_impl.cc:1525] - WebFrameImpl::DidReceiveData(WebCore::DocumentLoader *,char const *,int) [webframeloaderclient_impl.cc:1068] - WebFrameLoaderClient::committedLoad(WebCore::DocumentLoader *,char const *,int) [frameloader.cpp:3618] - WebCore::FrameLoader::committedLoad(WebCore::DocumentLoader *,char const *,int) [documentloader.cpp:361] - WebCore::DocumentLoader::commitLoad(char const *,int) [documentloader.cpp:373] - WebCore::DocumentLoader::receivedData(char const *,int) [frameloader.cpp:2435] - WebCore::FrameLoader::receivedData(char const *,int) [mainresourceloader.cpp:148] - WebCore::MainResourceLoader::addData(char const *,int,bool) [resourceloader.cpp:257] - WebCore::ResourceLoader::didReceiveData(char const *,int,__int64,bool) [mainresourceloader.cpp:360] - WebCore::MainResourceLoader::didReceiveData(char const *,int,__int64,bool) [resourceloader.cpp:411] - WebCore::ResourceLoader::didReceiveData(WebCore::ResourceHandle *,char const *,int,int) [resourcehandle.cpp:137] - WebCore::ResourceHandleInternal::didReceiveData(WebKit::WebURLLoader *,char const *,int,__int64) [weburlloader_impl.cc:446] - webkit_glue::WebURLLoaderImpl::Context::OnReceivedData(char const *,int) [resource_dispatcher.cc:376] - ResourceDispatcher::OnReceivedData(IPC::Message const &,int,void *,int) [ipc_message_utils.h:1188] - IPC::MessageWithTuple<Tuple3<int,void *,int> >::Dispatch<ResourceDispatcher,int,void *,int>(IPC::Message const *,ResourceDispatcher *,void ( ResourceDispatcher::*)(IPC::Message const &,int,void *,int)) [resource_dispatcher.cc:486] - ResourceDispatcher::DispatchMessageW(IPC::Message const &) [resource_dispatcher.cc:293] - ResourceDispatcher::OnMessageReceived(IPC::Message const &) [child_thread.cc:70] - ChildThread::OnMessageReceived(IPC::Message const &) [task.h:307] - RunnableMethod<CancelableRequest<CallbackRunner<Tuple5<int,bool,scoped_refptr<RefCountedVector<unsigned char> >,bool,GURL> > >,void ( CancelableRequest<CallbackRunner<Tuple5<int,bool,scoped_refptr<RefCountedVector<unsigned char> >,bool,GURL> > >::*)(Tuple5<int,bool,scoped_refptr<RefCountedVector<unsigned char> >,bool,GURL> const &),Tuple1<Tuple5<int,bool,scoped_refptr<RefCountedVector<unsigned char> >,bool,GURL> > >::Run() [message_loop.cc:313] - MessageLoop::RunTask(Task *) [message_loop.cc:321] - MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const &) [message_loop.cc:427] - MessageLoop::DoWork() [message_pump_default.cc:50] - base::MessagePumpDefault::Run(base::MessagePump::Delegate *) [message_loop.cc:198] - MessageLoop::RunInternal() [message_loop.cc:181] - MessageLoop::RunHandler() [message_loop.cc:155] - MessageLoop::Run() [thread.cc:156] - base::Thread::ThreadMain() [platform_thread_win.cc:26] - `anonymous namespace'::ThreadFunc(void *) [kernel32.dll+0x00044910] - BaseThreadInitThunk [ntdll.dll+0x0003e4b5] - __RtlUserThreadStart [ntdll.dll+0x0003e488] - _RtlUserThreadStart ---------------------------- * Loaded Modules * ---------------------------- mzvkbd.dll mzvkbd3.dll avcodec-52.dll avformat-52.dll avutil-50.dll chrome.dll icudt38.dll pthreadGC2.dll chrome.exe Wldap32.dll advapi32.dll gdi32.dll imm32.dll kernel32.dll lpk.dll msctf.dll msvcrt.dll netapi32.dll nsi.dll ntdll.dll ntmarta.dll ole32.dll oleacc.dll oleaut32.dll psapi.dll rpcrt4.dll samlib.dll secur32.dll shell32.dll shlwapi.dll t2embed.dll user32.dll userenv.dll usp10.dll uxtheme.dll version.dll winmm.dll ws2_32.dll wsock32.dll comctl32.dll 130647 1 32512 yurys 2009-07-09 04:58:38 -0700 Created attachment 32512 Enter the frame's context before creating new objects. 130652 2 ager 2009-07-09 05:46:45 -0700 Looks good to me. Dimitri, could you do the official review? Thanks, -- Mads 130666 3 32512 dglazkov 2009-07-09 08:44:28 -0700 Comment on attachment 32512 Enter the frame's context before creating new objects. r=me. 130668 4 dglazkov 2009-07-09 08:50:39 -0700 Landed as http://trac.webkit.org/changeset/45661. 32512 2009-07-09 04:58:38 -0700 2009-07-09 08:44:28 -0700 Enter the frame's context before creating new objects. enter-context.patch text/plain 1224 yurys SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA0NTY2MCkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTQgQEAKKzIwMDktMDctMDkgIFl1cnkgU2VtaWtoYXRza3kgIDx5dXJ5c0BjaHJv bWl1bS5vcmc+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAg ICAgRW50ZXIgdGhlIEZyYW1lJ3MgY29udGV4dCBiZWZvcmUgY3JlYXRpbmcgbmV3IG9iamVjdHMg aW4gc2V0Q29udGV4dERlYnVnSWQuCisKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcv c2hvd19idWcuY2dpP2lkPTI3MTEyCisKKyAgICAgICAgKiBiaW5kaW5ncy92OC9WOFByb3h5LmNw cDoKKyAgICAgICAgKFdlYkNvcmU6OlY4UHJveHk6OnNldENvbnRleHREZWJ1Z0lkKToKKwogMjAw OS0wNy0wOSAgU2ltb24gSGF1c21hbm4gIDxoYXVzbWFubkB3ZWJraXQub3JnPgogCiAgICAgICAg IEZpeCB0aGUgUXQgYnVpbGQuCkluZGV4OiBXZWJDb3JlL2JpbmRpbmdzL3Y4L1Y4UHJveHkuY3Bw Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT0KLS0tIFdlYkNvcmUvYmluZGluZ3MvdjgvVjhQcm94eS5jcHAJKHJldmlzaW9u IDQ1NjYwKQorKysgV2ViQ29yZS9iaW5kaW5ncy92OC9WOFByb3h5LmNwcAkod29ya2luZyBjb3B5 KQpAQCAtMjg0MCw2ICsyODQwLDcgQEAgYm9vbCBWOFByb3h5OjpzZXRDb250ZXh0RGVidWdJZChp bnQgZGVidQogICAgIGlmICghbV9jb250ZXh0LT5HZXREYXRhKCktPklzVW5kZWZpbmVkKCkpCiAg ICAgICAgIHJldHVybiBmYWxzZTsKIAorICAgIHY4OjpDb250ZXh0OjpTY29wZSBjb250ZXh0U2Nv cGUobV9jb250ZXh0KTsKICAgICB2ODo6SGFuZGxlPHY4OjpPYmplY3Q+IGNvbnRleHREYXRhID0g djg6Ok9iamVjdDo6TmV3KCk7CiAgICAgY29udGV4dERhdGEtPlNldCh2ODo6U3RyaW5nOjpOZXco a0NvbnRleHREZWJ1Z0RhdGFUeXBlKSwgdjg6OlN0cmluZzo6TmV3KCJwYWdlIikpOwogICAgIGNv bnRleHREYXRhLT5TZXQodjg6OlN0cmluZzo6TmV3KGtDb250ZXh0RGVidWdEYXRhVmFsdWUpLCB2 ODo6SW50ZWdlcjo6TmV3KGRlYnVnSWQpKTsK