Bug 108097

Summary:

REGRESSION (r140594): RELEASE_ASSERT_NOT_REACHED in JSC::Interpreter::execute

Product:

WebKit

Reporter:

Kevin M. Dean <kevin>

Component:

JavaScriptCore

Assignee:

Oliver Hunt <oliver>

Status:

RESOLVED FIXED

Severity:

Critical

CC:

oliver

Priority:

Keywords:

InRadar, Regression

Version:

528+ (Nightly build)

Hardware:

Mac (Intel)

OS:

OS X 10.8

URL:

http://thechive.com

Attachments:

Description	Flags
Patch	none
Patch	ggaren: review+

Kevin M. Dean

Reported 2013-01-28 11:48:04 PST

Crashes on load of URL above. Process: WebProcess [35321] Path: /Applications/WebKit.app/Contents/Frameworks/10.8/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Identifier: com.apple.WebProcess Version: 537+ (537.28+) Code Type: X86-64 (Native) Parent Process: ??? [1] User ID: 501 Date/Time: 2013-01-28 14:22:38.472 -0500 OS Version: Mac OS X 10.8.2 (12C60) Report Version: 10 Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x00000000bbadbeef VM Regions Near 0xbbadbeef: --> __TEXT 00000001051e7000-00000001051e8000 [ 4K] r-x/rwx SM=COW /Applications/WebKit.app/Contents/Frameworks/10.8/WebKit2.framework/WebProcess.app/Contents/MacOS/WebProcess Application Specific Information: Bundle controller class: BrowserBundleController Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.JavaScriptCore 0x00000001057354e6 JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) + 758 1 com.apple.JavaScriptCore 0x0000000105660910 JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, JSC::JSValue*) + 576 2 com.apple.WebCore 0x00000001065823ba WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld*) + 442 3 com.apple.WebCore 0x0000000106582549 WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) + 41 4 com.apple.WebCore 0x000000010658b69e WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) + 478 5 com.apple.WebCore 0x000000010658a3c4 WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) + 1076 6 com.apple.WebCore 0x0000000105ec10ce WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) + 350 7 com.apple.WebCore 0x0000000105ec0f20 WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) + 48 8 com.apple.WebCore 0x0000000105e6e5b4 WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() + 84 9 com.apple.WebCore 0x0000000105e6e638 WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) + 88 10 com.apple.WebCore 0x0000000105e6e348 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) + 264 11 com.apple.WebCore 0x0000000105e6ec70 WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() + 112 12 com.apple.WebCore 0x0000000105e6edb7 WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) + 87 13 com.apple.WebCore 0x0000000105aefcbd WebCore::CachedResource::checkNotify() + 93 14 com.apple.WebCore 0x000000010665d7a3 WebCore::SubresourceLoader::didFail(WebCore::ResourceError const&) + 211 15 com.apple.WebCore 0x0000000106561511 -[WebCoreResourceHandleAsDelegate connection:didFailWithError:] + 113 16 com.apple.Foundation 0x00007fff82bbaf58 __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke_0 + 28 17 com.apple.Foundation 0x00007fff82bbae9c -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] + 227 18 com.apple.Foundation 0x00007fff82d31e44 -[NSURLConnectionInternal _withErrorForConnection:] + 105 19 com.apple.CFNetwork 0x00007fff83961fc5 ___delegate_didFail_block_invoke_0 + 57 20 com.apple.CFNetwork 0x00007fff839033ca ___withDelegateAsync_block_invoke_0 + 90 21 com.apple.CFNetwork 0x00007fff8399356a __block_global_1 + 28 22 com.apple.CoreFoundation 0x00007fff86ba5724 CFArrayApplyFunction + 68 23 com.apple.CFNetwork 0x00007fff838f4554 RunloopBlockContext::perform() + 124 24 com.apple.CFNetwork 0x00007fff838f442b MultiplexerSource::perform() + 221 25 com.apple.CoreFoundation 0x00007fff86b87101 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 26 com.apple.CoreFoundation 0x00007fff86b86a25 __CFRunLoopDoSources0 + 245 27 com.apple.CoreFoundation 0x00007fff86ba9dc5 __CFRunLoopRun + 789 28 com.apple.CoreFoundation 0x00007fff86ba96b2 CFRunLoopRunSpecific + 290 29 com.apple.HIToolbox 0x00007fff8ca250a4 RunCurrentEventLoopInMode + 209 30 com.apple.HIToolbox 0x00007fff8ca24e42 ReceiveNextEventCommon + 356 31 com.apple.HIToolbox 0x00007fff8ca24cd3 BlockUntilNextEventMatchingListInMode + 62 32 com.apple.AppKit 0x00007fff8a664613 _DPSNextEvent + 685 33 com.apple.AppKit 0x00007fff8a663ed2 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 34 com.apple.AppKit 0x00007fff8a65b283 -[NSApplication run] + 517 35 com.apple.WebCore 0x000000010657925d WebCore::RunLoop::run() + 77 36 com.apple.WebKit2 0x000000010537ad55 int WebKit::ChildProcessMain<WebKit::WebProcess, WebKit::WebContentProcessMainDelegate>(int, char**) + 543 37 com.apple.WebProcess 0x00000001051e7e59 main + 269 38 libdyld.dylib 0x00007fff881447e1 start + 1

Attachments
Patch (3.61 KB, patch) 2013-01-29 14:46 PST, Oliver Hunt	no flags	Details Formatted Diff Diff
Patch (3.63 KB, patch) 2013-01-29 14:52 PST, Oliver Hunt	ggaren: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.