Bug 102762

Summary: A crash at JSC::DFG::AssemblyHelpers::decodedCodeMapFor
Product: WebKit Reporter: ChangSeok Oh <kevin.cs.oh>
Component: JavaScriptCoreAssignee: Nobody <webkit-unassigned>
Status: UNCONFIRMED    
Severity: Normal CC: barraclough, dsd, fpizlo, oliver
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Linux   
URL: http://tirania.org/blog/archive/2012/Oct-22.html

ChangSeok Oh
Reported 2012-11-19 20:45:55 PST
I faced a crash related with JSC when I visited http://tirania.org/blog/archive/2012/Oct-22.html My system is 32 bit Ubuntu 12.04 and I think this issue is valid on all 32 bit systems. What I used build-command is ../../autogen.sh --prefix=/usr/local --disable-egl And then run like this ./Programs/GtkLauncher http://tirania.org/blog/archive/2012/Oct-22.html The full callstack is like following.. Program received signal SIGSEGV, Segmentation fault. 0xb595f1d2 in JSC::DFG::AssemblyHelpers::decodedCodeMapFor(JSC::CodeBlock*) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0 (gdb) bt #0 0xb595f1d2 in JSC::DFG::AssemblyHelpers::decodedCodeMapFor(JSC::CodeBlock*) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0 #1 0xb59a0897 in JSC::DFG::OSRExitCompiler::compileExit(JSC::DFG::OSRExit const&, JSC::Operands<JSC::ValueRecovery, JSC::OperandValueTraits<JSC::ValueRecovery> > const&, JSC::DFG::SpeculationRecovery*) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0 #2 0xb59a35af in compileOSRExit () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0 #3 0xa8e7eb46 in ?? () #4 0xb5a229f6 in JSC::Interpreter::execute(JSC::CallFrameClosure&) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0 #5 0xb5b0a66d in JSC::arrayProtoFuncForEach(JSC::ExecState*) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0 #6 0xa9018f2f in ?? () #7 0xb5a216de in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0 #8 0xb5b0f69e in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0 #9 0xb5b4b0a0 in JSC::boundFunctionCall(JSC::ExecState*) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0 #10 0xa711770f in ?? () #11 0xb5a216de in JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0 #12 0xb5b0f69e in JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libjavascriptcoregtk-3.0.so.0 #13 0xb69c872c in WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #14 0xb6bcf857 in WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1u>&) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #15 0xb6bcfa20 in WebCore::EventTarget::fireEventListeners(WebCore::Event*) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #16 0xb6bdc4e3 in WebCore::Node::handleLocalEvents(WebCore::Event*) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #17 0xb6bc6ab5 in WebCore::EventContext::handleLocalEvents(WebCore::Event*) const () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #18 0xb6bc8a3d in WebCore::EventDispatcher::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #19 0xb6bc6b06 in WebCore::EventDispatchMediator::dispatchEvent(WebCore::EventDispatcher*) const () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #20 0xb6bc7ee7 in WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WTF::PassRefPtr<WebCore::EventDispatchMediator>) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #21 0xb6bdc797 in WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #22 0xb6d87882 in WebCore::HTMLScriptElement::dispatchLoadEvent() () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #23 0xb6bfd502 in WebCore::ScriptElement::execute(WebCore::CachedScript*) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #24 0xb6c06977 in WebCore::ScriptRunner::timerFired(WebCore::Timer<WebCore::ScriptRunner>*) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #25 0xb6c072d5 in WebCore::Timer<WebCore::ScriptRunner>::fired() () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 ---Type <return> to continue, or q <return> to quit--- #26 0xb7a74022 in WebCore::ThreadTimers::sharedTimerFiredInternal() () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #27 0xb7a74095 in WebCore::ThreadTimers::sharedTimerFired() () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #28 0xb7b0725b in WebCore::timeout_cb(void*) () from /home/shivamidow/Projects/WebKit/WebKitBuild/Release/.libs/libwebkitgtk-3.0.so.0 #29 0xb5f0696f in g_timeout_dispatch (source=0x823d310, callback=0xb7b07240 <WebCore::timeout_cb(void*)>, user_data=0x0) at gmain.c:3882 #30 0xb5f05c76 in g_main_dispatch (context=0x8087530) at gmain.c:2539 #31 g_main_context_dispatch (context=0x8087530) at gmain.c:3075 #32 0xb5f06015 in g_main_context_iterate (dispatch=1, block=-1242482240, context=0x8087530, self=<optimized out>) at gmain.c:3146 #33 g_main_context_iterate (context=0x8087530, block=-1242482240, dispatch=1, self=<optimized out>) at gmain.c:3083 #34 0xb5f0645b in g_main_loop_run (loop=0x815cf60) at gmain.c:3340 #35 0xb638abe5 in gtk_main () at gtkmain.c:1161 #36 0x0804c333 in main ()
Attachments
Add attachment proposed patch, testcase, etc.
Daniel Drake
Comment 1 2012-12-01 07:24:37 PST
Reproduced on Fedora 18 (x86), webkitgtk-1.10.1. This is a dup of bug #90728.
Note You need to log in before you can comment on or make changes to this bug.