31467 2009-11-13 05:27:15 -0800 Chromium: [REGRESSION] Crash while stopping on a breakpoint. 2009-11-13 09:11:19 -0800 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 1 pfeldman pfeldman abarth dglazkov pfeldman yurys oldest_to_newest 163286 0 pfeldman 2009-11-13 05:27:15 -0800 Regressed in: https://bugs.webkit.org/show_bug.cgi?id=31394 > chrome.dll!WebCore::V8Proxy::retrieveWindow(v8::Handle<v8::Context> context={...}) Line 585 + 0x2b bytes C++ chrome.dll!WebCore::V8Proxy::canAccessPrivate(WebCore::DOMWindow * targetWindow=0x00c990f0) Line 889 + 0xf bytes C++ chrome.dll!WebCore::V8Proxy::canAccessFrame(WebCore::Frame * target=0x00c84000, bool reportError=true) Line 921 + 0xe bytes C++ chrome.dll!WebCore::V8Custom::v8DOMWindowEventAccessorGetter(v8::Local<v8::String> name={...}, const v8::AccessorInfo & info={...}) Line 174 + 0xb bytes C++ chrome.dll!v8::internal::Object::GetPropertyWithCallback(v8::internal::Object * receiver=0x00a77949, v8::internal::Object * structure=0x01980e31, v8::internal::String * name=0x00a8e739, v8::internal::Object * holder=0x041f1441) Line 172 + 0x26 bytes C++ chrome.dll!v8::internal::DebugLookupResultValue(v8::internal::Object * receiver=0x00a77949, v8::internal::String * name=0x00a8e739, v8::internal::LookupResult * result=0x001dd48c, bool * caught_exception=0x001dd46f) Line 5785 + 0x1d bytes C++ chrome.dll!v8::internal::Runtime_DebugGetPropertyDetails(v8::internal::Arguments args={...}) Line 5881 + 0x25 bytes C++ 00aa018b() chrome.dll!v8::internal::Invoke(bool construct=false, v8::internal::Handle<v8::internal::JSFunction> func={...}, v8::internal::Handle<v8::internal::Object> receiver={...}, int argc=0, v8::internal::Object * * * args=0x00000000, bool * has_pending_exception=0x001dd7e7) Line 103 + 0x19 bytes C++ chrome.dll!v8::internal::Execution::TryCall(v8::internal::Handle<v8::internal::JSFunction> func={...}, v8::internal::Handle<v8::internal::Object> receiver={...}, int argc=0, v8::internal::Object * * * args=0x00000000, bool * caught_exception=0x001dd7e7) Line 153 + 0x1f bytes C++ chrome.dll!v8::internal::MessageImpl::GetJSON() Line 2579 + 0x33 bytes C++ chrome.dll!DebuggerAgentManager::OnV8DebugMessage(const v8::Debug::Message & message={...}) Line 181 + 0x13 bytes C++ chrome.dll!v8::internal::Debugger::InvokeMessageHandler(v8::internal::MessageImpl message={...}) Line 2407 + 0xc bytes C++ chrome.dll!v8::internal::Debugger::NotifyMessageHandler(v8::DebugEvent event=Break, v8::internal::Handle<v8::internal::JSObject> exec_state={...}, v8::internal::Handle<v8::internal::JSObject> event_data={...}, bool auto_continue=false) Line 2204 + 0x13 bytes C++ chrome.dll!v8::internal::Debugger::ProcessDebugEvent(v8::DebugEvent event=Break, v8::internal::Handle<v8::internal::JSObject> event_data={...}, bool auto_continue=false) Line 2112 + 0x24 bytes C++ chrome.dll!v8::internal::Debugger::OnDebugBreak(v8::internal::Handle<v8::internal::Object> break_points_hit={...}, bool auto_continue=false) Line 1942 + 0x1e bytes C++ chrome.dll!v8::internal::Execution::DebugBreakHelper() Line 655 + 0x1e bytes C++ chrome.dll!v8::internal::Runtime_DebugBreak(v8::internal::Arguments args={...}) Line 5706 C++ 00aa018b() chrome.dll!v8::internal::Invoke(bool construct=false, v8::internal::Handle<v8::internal::JSFunction> func={...}, v8::internal::Handle<v8::internal::Object> receiver={...}, int argc=1, v8::internal::Object * * * args=0x001de104, bool * has_pending_exception=0x001de033) Line 103 + 0x19 bytes C++ chrome.dll!v8::internal::Execution::Call(v8::internal::Handle<v8::internal::JSFunction> func={...}, v8::internal::Handle<v8::internal::Object> receiver={...}, int argc=1, v8::internal::Object * * * args=0x001de104, bool * pending_exception=0x001de033) Line 129 + 0x1f bytes C++ chrome.dll!v8::Function::Call(v8::Handle<v8::Object> recv={...}, int argc=1, v8::Handle<v8::Value> * argv=0x001de104) Line 2384 + 0x1d bytes C++ chrome.dll!WebCore::V8Proxy::callFunction(v8::Handle<v8::Function> function={...}, v8::Handle<v8::Object> receiver={...}, int argc=1, v8::Handle<v8::Value> * args=0x001de104) Line 523 + 0x1f bytes C++ chrome.dll!WebCore::V8LazyEventListener::callListenerFunction(WebCore::ScriptExecutionContext * context=0x00ccb034, v8::Handle<v8::Value> jsEvent={...}, WebCore::Event * event=0x00c8cd80) Line 64 + 0x26 bytes C++ chrome.dll!WebCore::V8AbstractEventListener::invokeEventHandler(WebCore::ScriptExecutionContext * context=0x00ccb034, WebCore::Event * event=0x00c8cd80, v8::Handle<v8::Value> jsEvent={...}) Line 144 + 0x1f bytes C++ chrome.dll!WebCore::V8AbstractEventListener::handleEvent(WebCore::ScriptExecutionContext * context=0x00ccb034, WebCore::Event * event=0x00c8cd80) Line 90 C++ chrome.dll!WebCore::EventTarget::fireEventListeners(WebCore::Event * event=0x00c8cd80) Line 297 + 0x35 bytes C++ chrome.dll!WebCore::Node::handleLocalEvents(WebCore::Event * event=0x00c8cd80) Line 2384 C++ chrome.dll!WebCore::Node::dispatchGenericEvent(WTF::PassRefPtr<WebCore::Event> prpEvent={...}) Line 2523 + 0x1b bytes C++ 163298 1 yurys 2009-11-13 06:40:43 -0800 In Chromium js functions from debugger context may access inspected context variables. In such cases V8Proxy::canAccessPrivate will fail because calling context is not connected with any DOMWindow. 163317 2 43158 pfeldman 2009-11-13 08:34:00 -0800 Created attachment 43158 [PATCH] 163334 3 43158 abarth 2009-11-13 09:07:03 -0800 Comment on attachment 43158 [PATCH] Ok. See discussion on #chromium 163336 4 pfeldman 2009-11-13 09:11:19 -0800 Committing to http://svn.webkit.org/repository/webkit/trunk ... D LayoutTests/http/tests/security/calling-versus-current-expected.txt D LayoutTests/http/tests/security/calling-versus-current.html M LayoutTests/ChangeLog M WebCore/ChangeLog M WebCore/bindings/v8/V8Proxy.cpp Committed r50946 43158 2009-11-13 08:34:00 -0800 2009-11-13 09:07:02 -0800 [PATCH] revert text/plain 3828 pfeldman ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxv ZwppbmRleCA2ZjlkNGQyLi5iNTBlYjAyIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VM b2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTUgQEAKKzIwMDktMTEt MTMgIFBhdmVsIEZlbGRtYW4gIDxwZmVsZG1hbkBjaHJvbWl1bS5vcmc+CisKKyAgICAgICAgUmV2 aWV3ZWQgYnkgRGltaXRyaSBHbGF6a292LgorCisgICAgICAgIENocm9taXVtOiBbUkVHUkVTU0lP Tl0gQ3Jhc2ggd2hpbGUgc3RvcHBpbmcgb24gYSBicmVha3BvaW50LgorICAgICAgICBSb2xsaW5n IGJhY2sgcjUwODkwLgorCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVn LmNnaT9pZD0zMTQ2NworCisgICAgICAgICogaHR0cC90ZXN0cy9zZWN1cml0eS9jYWxsaW5nLXZl cnN1cy1jdXJyZW50LWV4cGVjdGVkLnR4dDogUmVtb3ZlZC4KKyAgICAgICAgKiBodHRwL3Rlc3Rz L3NlY3VyaXR5L2NhbGxpbmctdmVyc3VzLWN1cnJlbnQuaHRtbDogUmVtb3ZlZC4KKwogMjAwOS0x MS0xMyAgRGlyayBTY2h1bHplICA8a3JpdEB3ZWJraXQub3JnPgogCiAgICAgICAgIFJldmlld2Vk IGJ5IEd1c3Rhdm8gTm9yb25oYS4KZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2h0dHAvdGVzdHMv c2VjdXJpdHkvY2FsbGluZy12ZXJzdXMtY3VycmVudC1leHBlY3RlZC50eHQgYi9MYXlvdXRUZXN0 cy9odHRwL3Rlc3RzL3NlY3VyaXR5L2NhbGxpbmctdmVyc3VzLWN1cnJlbnQtZXhwZWN0ZWQudHh0 CmRlbGV0ZWQgZmlsZSBtb2RlIDEwMDY0NAppbmRleCBhYTQ0ZTdjLi4wMDAwMDAwCi0tLSBhL0xh eW91dFRlc3RzL2h0dHAvdGVzdHMvc2VjdXJpdHkvY2FsbGluZy12ZXJzdXMtY3VycmVudC1leHBl Y3RlZC50eHQKKysrIC9kZXYvbnVsbApAQCAtMSwyICswLDAgQEAKLQotUEFTUwpkaWZmIC0tZ2l0 IGEvTGF5b3V0VGVzdHMvaHR0cC90ZXN0cy9zZWN1cml0eS9jYWxsaW5nLXZlcnN1cy1jdXJyZW50 Lmh0bWwgYi9MYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3NlY3VyaXR5L2NhbGxpbmctdmVyc3VzLWN1 cnJlbnQuaHRtbApkZWxldGVkIGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggN2M1MGU2MS4uMDAwMDAw MAotLS0gYS9MYXlvdXRUZXN0cy9odHRwL3Rlc3RzL3NlY3VyaXR5L2NhbGxpbmctdmVyc3VzLWN1 cnJlbnQuaHRtbAorKysgL2Rldi9udWxsCkBAIC0xLDEzICswLDAgQEAKLTxpZnJhbWUgc3JjPSJy ZXNvdXJjZXMvaW5ub2NlbnQtdmljdGltLmh0bWwiPjwvaWZyYW1lPgotPGRpdiBpZD0iY29uc29s ZSI+RkFJTDwvZGl2PgotPHNjcmlwdD4KLWlmICh3aW5kb3cubGF5b3V0VGVzdENvbnRyb2xsZXIp Ci0gICAgbGF5b3V0VGVzdENvbnRyb2xsZXIuZHVtcEFzVGV4dCgpOwotCi13aW5kb3cub25sb2Fk ID0gZnVuY3Rpb24oKSB7Ci0gICAgd2luZG93LmYgPSBmcmFtZXNbMF0uYXRvYjsKLSAgICBkb2N1 bWVudC5kb21haW4gPSAiMC4wLjEiOwotICAgIGlmIChidG9hKHdpbmRvdy5mKCJQQVNTIikpID09 ICJQQVNTIikKLSAgICAgICAgZG9jdW1lbnQuZ2V0RWxlbWVudEJ5SWQoImNvbnNvbGUiKS5pbm5l ckhUTUwgPSAiUEFTUyIKLX0KLTwvc2NyaXB0PgpkaWZmIC0tZ2l0IGEvV2ViQ29yZS9DaGFuZ2VM b2cgYi9XZWJDb3JlL0NoYW5nZUxvZwppbmRleCA0NTVhN2ZjLi5hZjcyOWNlIDEwMDY0NAotLS0g YS9XZWJDb3JlL0NoYW5nZUxvZworKysgYi9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE1 IEBACisyMDA5LTExLTEzICBQYXZlbCBGZWxkbWFuICA8cGZlbGRtYW5AY2hyb21pdW0ub3JnPgor CisgICAgICAgIFJldmlld2VkIGJ5IERpbWl0cmkgR2xhemtvdi4KKworICAgICAgICBDaHJvbWl1 bTogW1JFR1JFU1NJT05dIENyYXNoIHdoaWxlIHN0b3BwaW5nIG9uIGEgYnJlYWtwb2ludC4KKyAg ICAgICAgUm9sbGluZyBiYWNrIHI1MDg5MC4KKworICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0 Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MzE0NjcKKworICAgICAgICAqIGJpbmRpbmdzL3Y4L1Y4UHJv eHkuY3BwOgorICAgICAgICAoV2ViQ29yZTo6VjhQcm94eTo6Y2FuQWNjZXNzUHJpdmF0ZSk6CisK IDIwMDktMTEtMTMgIERpcmsgU2NodWx6ZSAgPGtyaXRAd2Via2l0Lm9yZz4KIAogICAgICAgICBS ZXZpZXdlZCBieSBHdXN0YXZvIE5vcm9uaGEuCmRpZmYgLS1naXQgYS9XZWJDb3JlL2JpbmRpbmdz L3Y4L1Y4UHJveHkuY3BwIGIvV2ViQ29yZS9iaW5kaW5ncy92OC9WOFByb3h5LmNwcAppbmRleCBi Nzg1ZjQxLi5kZTk3N2I4IDEwMDY0NAotLS0gYS9XZWJDb3JlL2JpbmRpbmdzL3Y4L1Y4UHJveHku Y3BwCisrKyBiL1dlYkNvcmUvYmluZGluZ3MvdjgvVjhQcm94eS5jcHAKQEAgLTg4MCwyMCArODgw LDE0IEBAIGJvb2wgVjhQcm94eTo6Y2FuQWNjZXNzUHJpdmF0ZShET01XaW5kb3cqIHRhcmdldFdp bmRvdykKIAogICAgIFN0cmluZyBtZXNzYWdlOwogCi0gICAgdjg6OkxvY2FsPHY4OjpDb250ZXh0 PiBhY3RpdmVDb250ZXh0ID0gdjg6OkNvbnRleHQ6OkdldENhbGxpbmcoKTsKLSAgICBpZiAoYWN0 aXZlQ29udGV4dC5Jc0VtcHR5KCkpIHsKLSAgICAgICAgLy8gVGhlcmUgaXMgYSBzaW5nbGUgYWN0 aXZhdGlvbiByZWNvcmQgb24gdGhlIHN0YWNrLCBzbyB0aGF0IG11c3QKLSAgICAgICAgLy8gYmUg dGhlIGFjdGl2ZUNvbnRleHQuCi0gICAgICAgIGFjdGl2ZUNvbnRleHQgPSB2ODo6Q29udGV4dDo6 R2V0Q3VycmVudCgpOwotICAgIH0KLSAgICBET01XaW5kb3cqIGFjdGl2ZVdpbmRvdyA9IHJldHJp ZXZlV2luZG93KGFjdGl2ZUNvbnRleHQpOwotICAgIGlmIChhY3RpdmVXaW5kb3cgPT0gdGFyZ2V0 V2luZG93KQorICAgIERPTVdpbmRvdyogb3JpZ2luV2luZG93ID0gcmV0cmlldmVXaW5kb3coY3Vy cmVudENvbnRleHQoKSk7CisgICAgaWYgKG9yaWdpbldpbmRvdyA9PSB0YXJnZXRXaW5kb3cpCiAg ICAgICAgIHJldHVybiB0cnVlOwogCi0gICAgaWYgKCFhY3RpdmVXaW5kb3cpCisgICAgaWYgKCFv cmlnaW5XaW5kb3cpCiAgICAgICAgIHJldHVybiBmYWxzZTsKIAotICAgIGNvbnN0IFNlY3VyaXR5 T3JpZ2luKiBhY3RpdmVTZWN1cml0eU9yaWdpbiA9IGFjdGl2ZVdpbmRvdy0+c2VjdXJpdHlPcmln aW4oKTsKKyAgICBjb25zdCBTZWN1cml0eU9yaWdpbiogYWN0aXZlU2VjdXJpdHlPcmlnaW4gPSBv cmlnaW5XaW5kb3ctPnNlY3VyaXR5T3JpZ2luKCk7CiAgICAgY29uc3QgU2VjdXJpdHlPcmlnaW4q IHRhcmdldFNlY3VyaXR5T3JpZ2luID0gdGFyZ2V0V2luZG93LT5zZWN1cml0eU9yaWdpbigpOwog CiAgICAgLy8gV2UgaGF2ZSBzZWVuIGNyYXNoZXMgd2VyZSB0aGUgc2VjdXJpdHkgb3JpZ2luIG9m IHRoZSB0YXJnZXQgaGFzIG5vdCBiZWVuCkBAIC05MDYsNyArOTAwLDcgQEAgYm9vbCBWOFByb3h5 OjpjYW5BY2Nlc3NQcml2YXRlKERPTVdpbmRvdyogdGFyZ2V0V2luZG93KQogCiAgICAgLy8gQWxs b3cgYWNjZXNzIHRvIGEgImFib3V0OmJsYW5rIiBwYWdlIGlmIHRoZSBkeW5hbWljIGNvbnRleHQg aXMgYQogICAgIC8vIGRldGFjaGVkIGNvbnRleHQgb2YgdGhlIHNhbWUgZnJhbWUgYXMgdGhlIGJs YW5rIHBhZ2UuCi0gICAgaWYgKHRhcmdldFNlY3VyaXR5T3JpZ2luLT5pc0VtcHR5KCkgJiYgYWN0 aXZlV2luZG93LT5mcmFtZSgpID09IHRhcmdldFdpbmRvdy0+ZnJhbWUoKSkKKyAgICBpZiAodGFy Z2V0U2VjdXJpdHlPcmlnaW4tPmlzRW1wdHkoKSAmJiBvcmlnaW5XaW5kb3ctPmZyYW1lKCkgPT0g dGFyZ2V0V2luZG93LT5mcmFtZSgpKQogICAgICAgICByZXR1cm4gdHJ1ZTsKIAogICAgIHJldHVy biBmYWxzZTsK